bobwest 

While none of this is technically wrong in a legal sense, it is an enormous misuse of information that the original people involved did not know would happen, and did not expect, and almost certainly would not have agreed to.

Hey Bob,

I just want to clarify whether my understanding of the quote above is you referring to the laws in the US only.

I want to emphasize this because in the EU, for example, just by reading the title of the article you can conclude that laws have been broken.

xplorer 

Hey Bob, I just want to clarify whether my understanding of the quote above is you referring to the laws in the US only. I want to emphasize this because in the EU, for example, just by reading the title of the article you can conclude that laws have been broken.

Well, of course I don't really have any idea about the laws on the matter in either the US or the EU. I was just assuming that there is no law against it. The article is not written as if there is, but I don't really know.

I would be happy to be wrong. I do think there should be a law or laws that prohibit anything like this.

I did scan the article and didn't see any mention of actual illegality, just of a serious invasion of digital privacy. I hope this is illegal, at least somewhere.

Bob.

More on the Facebook data thing. I am sure there will be much more. I think the general free pass implicitly given to tech is going to be revoked, and a lot more scrutiny will be given to it.

Quoting 

For the past decade, social media and other giant technological platforms have prospered by offering us a deal: we could use their products for free (or minimal cost), and in return they would use our data as they see fit. It didn’t ring the alarm bells it should have, because all too many people — including our leading politicians — bought into the idea promulgated by Silicon Valley that the technological transformation on offer was a unique good. The people behind it were well-intentioned, so why question what they did, never mind regulate it?

The full article is worth reading: https://www.washingtonpost.com/blogs/plum-line/wp/2018/03/20/facebooks-terrible-horrible-no-good-24-hours-and-what-comes-next/?utm_term=.75aa7dd375dc

Bob.

Not supporting Facebook here (I don't have an account and am amazed people do what they do!) and obviously there are things they could and should have done once they discovered this. But... always a But... in this case are they responsible for what happened? Sure they did grant the access, but they granted the access under the proviso that it was for research purposes not commercial purposes. Is it their responsibility now to verify intent? Making an exaggerated point should Home Depot start coming to your house to make sure you use fertilizer on your plants and not for nefarious activities?

Another tipster told TechCrunch she had one email address compromised but noted she cannot figure out how the email was even obtained by Facebook as it appears to be for a former work place, is no longer valid and was never directly associated by her with her account — suggesting Facebook is automatically harvesting contact data from other Facebook users and associating it with other accounts.
....

If Facebook is harvesting data on its users from other site users then not personally posting a piece of your contact information does not guarantee it won’t end up in Facebook’s databanks — and therefore be at risk of being exposed via this type of security breach — because Facebook might simply be harvesting your contact data from someone else you have corresponded with.

Thats a good and interesting point @aquarian1

bobwest 

More on the Facebook data thing. I am sure there will be much more. I think the general free pass implicitly given to tech is going to be revoked, and a lot more scrutiny will be given to it. The full article is worth reading: https://www.washingtonpost.com/blogs/plum-line/wp/2018/03/20/facebooks-terrible-horrible-no-good-24-hours-and-what-comes-next/?utm_term=.75aa7dd375dc Bob.

SMCJB 

Not supporting Facebook here (I don't have an account and am amazed people do what they do!) and obviously there are things they could and should have done once they discovered this. But... always a But... in this case are they responsible for what happened? Sure they did grant the access, but they granted the access under the proviso that it was for research purposes not commercial purposes. Is it their responsibility now to verify intent? Making an exaggerated point should Home Depot start coming to your house to make sure you use fertilizer on your plants and not for nefarious activities?

This is a good point. I don't think they were responsible for the eventual use the data was put to, obviously. Also, the "researcher" who got the data was lying to them about what he was doing, also not their fault.

But the thing is that FB does have a huge amount of data, and they do make it available more widely and much more routinely than their users have any idea about.

I have read that a common app that is available to developers puts a button to "Sign in via Facebook" on a web page. If the web owner wishes (and I'm not saying anything about whether some particular web site does this, only that they can), when a user clicks on that link, it enables the site designer to download all the information on that person's FB page, and all the information on all of that person's friends, greatly magnifying the amount of data gleaned. And, although there is some legally dense language on the FB terms of use agreement that says they can do this, I am positive that not one person who is on Facebook knows about it or expects it to happen, or thinks they have agreed to it. (Don't make me look up the link. I'm not making this up, and there is a fatigue factor with all this Facebook stuff anyway . Google will help anyone find out if I'm wrong about this or am exaggerating.)

One of the ways that the Cambridge guy got so much data was that he put up a survey that was answered by a few hundred thousand FB users, but he then was also able to access all their data -- meaning, everything on their FB page -- and all their friends' data on their pages (unbeknownst to the friends), netting information on 50 million individuals. Yes, he was misleading FB as well as the respondents to his survey. But this is frightening. Under certain conditions, which this guy did violate, FB makes all of this available, regardless of the users' privacy settings, usually for a fee and not for a bogus "research project." But they do it.

It is possible to discuss all this one way or another, but there is something deeply wrong with this. The basic philosophy of FB and Mark Zuckerberg has always been the standard tech industry mantra that information wants to be free -- that wide exchange of information is a good thing that needs to be encouraged. I agree, as an abstract principle, but then we see instances of essentially involuntary sharing that the persons involved didn't know about and didn't consent to (aside from the legalese in the terms of use agreement that they didn't read, and that the authors of the agreement knew they wouldn't read.)

We can go too far in either direction about this, but we need to do something, and the present status quo is not right in a very deep sense.

Today's Washington Post has an editorial that I didn't think I would like when I saw the title ("Let’s take a deep breath about Facebook’s ‘breach of trust’ "), since I think they did breach some trust here. But I did read the editorial and I think there's something to it. In other words, there's a balanced way to look at this whole thing -- and still, something needs to change.

Here it is, if you're interested. https://www.washingtonpost.com/opinions/lets-take-a-deep-breath-about-facebooks-breach-of-trust/2018/03/21/0d35f750-2d31-11e8-8688-e053ba58f1e4_story.html?utm_term=.ca2747f31d01

Bob.

xplorer 

thanks @GFIs1 I heard of Proton Mail - Switzerland based and they do not allow any type of snooping in their servers. For the privacy conscious it's a very worthwhile service. I think the correct website it this though https://protonmail.com/

Reading that Cambridge Analytica used for their Facebook scam Proton Mail.
Proton Mail allows to automatically "kill" a crypto mail just after opening and reading.
So Cambridge Analytica could operate out of the dark.

Well - things will not change easily to the better.
A coin has 2 sides.
GFIs1

GFIs1 

Reading that Cambridge Analytica used for their Facebook scam Proton Mail. Proton Mail allows to automatically "kill" a crypto mail just after opening and reading. So Cambridge Analytica could operate out of the dark. Well - things will not change easily to the better. A coin has 2 sides. GFIs1

Hey GFIs1, thanks for this - I'd be interested in finding out more - do you have a link to an article or something?

xplorer 

Hey GFIs1, thanks for this - I'd be interested in finding out more - do you have a link to an article or something?

Hi @xplorer

Here we go: https://www.infosecurity-magazine.com/news/cambridge-analytica-used-protonmail/

There several other articles - but mainly the same content.

GFIs1

PS: I am using Proton Mail since a long time - it is free to start. A very strong web based mail provider with encryption and decryption - very fast - even for attached documents.