As a direct result of the Facebook / Cambridge Analytica fiasco, I downloaded my Facebook data to see what they have on me. I learned a few things worth sharing, but some general points are worth discussing before I get to those.
First, if you think Facebook is the only bad actor, or that their actions are particularly bad, you’re wrong. Facebook has the advantage of being huge and visible, so anything they do poorly (and that gets exposed) gets outsized coverage and concern. Yes, Facebook has problems, and yes they did any number of stupid things, but the data brokers in the background have much more data than Facebook does, since they aggregate it from many websites.
And the spotlight hasn’t been shining on many of those companies or what they do. Cambridge Analytica did some things I consider very bad, but they might be far from the worst of the bunch. Right now, we have no way of knowing. By all means be critical of Facebook — they do a large number of stupid things and deserve heaps of scorn as a result — but don’t be naive about the situation on the internet overall.
Next, if you have a cell phone — any phone, but particularly a smart phone — you’re being spied on. All. The. Time. Not in the sense that a government spy agency is watching you — though for particular, high value targets, that could be true — but in the general sense. As a comparison, imagine that 15 people with cameras and telephoto lenses are constantly surrounding your house, taking pictures and writing down what they see you doing. Occasionally they call someone and tell them what they’ve got on you, and send them pictures too. And remember, this goes on all the time, 24x7x365. That’s kind of like carrying a cell phone.
Some company — probably several, actually: Apple, Google, Samsung, any number of application makers, and the companies they all share data with, not to mention the phone carriers themselves — know where you are, how fast you are moving, what businesses you visit, what schools you go to, your daily routine, etc. If they try, they can probably which room of the house you are in right now. They know it all. What they do with it is mostly unknown to mere mortals like us, but they know it all.
Is that data being used for nefarious purposes? That’s a tough question. Based on my reading so far, my opinion is that Cambridge Analytica did actual evil with the data they got from Facebook. Others will disagree, but that’s my take. But there are many other places where this gets less clear. Did Facebook do evil by creating a platform that could let Cambridge Analytica get that data in the first place, for example?
And what about Facebook’s now famous collection of phone call and text meta data done via their app for a period of time on some Android phones? They collected that data with — as far as we know — no clear purpose other than to know more about you, and to make it possible to sell that information to others. Was that evil, or just stupid? Tough call, at least in my mind.
There is a principle in the computing world that the safest data is the data you don’t have. If I ran a company that sold products on the internet, for example, an option I would consider is never storing credit card information for my customers. Yes, in theory they’d have an easier shopping experience later because they don’t have to enter their CC data every time they buy something, but if I get hacked there is no CC data for the hackers to get, and my customers are more secure. The general idea — only store and keep what you actually need — is a fundamental data security principle, but one that is violated all the time by companies on the internet that make money by collecting and selling that very data.
We are the product, as the saying goes. Sadly, we are mostly without power to control how our data is used or sold. Government regulation only goes so far, and since the internet is an international entity, it’s probably never going to get consistent rules for all of us.
We can take some precautions. These days, if you don’t have ad block software installed, for example, you’re living dangerously. Ad distribution networks — even the big ones — now regularly (if unintentionally) distribute ads that contain malware of various kinds. The only safe way to use the internet these days is with software to avoid ads.
That’s true on your phone too, though ad blocking software is more of a challenge there. Do some searching. There are options. (I use the Opera browser on my phone because it comes with a built in ad blocker, but there are other choices.)
Unless we resort to living life without the internet, we agree to provide some of this data to our service providers. We might not know we’ve agreed, but by using the services, we’ve done so.
And there are trade offs. For various reasons I am an Android user and I use a number of other Google services. Google gets a lot of data about me as a result. Without doubt they know a lot about me, but I actually use the services and find value in them. Gmail is a lot nicer than maintaining my own email software. (I know. I’ve done the latter and hated every minute of it.) My phone knows where I am, but I can search for things I need near me and it works. And I regularly find myself searching for the same things multiple times, and the query history helps with that. I have made a choice to let Google collect what data they do. I do go in and review the data occasionally, and delete it at times, but they get the data.
Is it worth it? Are the services I get from (say) Google worth the value of the data they get? I honestly have no idea. What is my data actually worth? That’s a difficult question. I would have a tough time selling my personal data, one on one, to anyone. As a rule they want huge numbers of records and look at them in many ways to find trends and interests. One person’s data on its own is useless. (Unless they’re trying to perform identity theft on that person, or spying on that individual for a particular reason. Then data about a specific individual is much more valuable.)
In any case, for now, I deem the data I share worth it, but I might change that decision, and I run ad blockers everywhere, so my value is somewhat reduced. We all have to make that choice in regard not just to our phones and carriers, but also the various apps we run, and the other internet services we use. It’s not a simple thing, and we lack a lot of information needed to make good choices. (Who would have approved the selling of their data to Cambridge Analytica if we’d been told what they were doing with it?)
With that as background, let’s turn to my specific situation with Facebook.
Some years back I got really annoyed with Facebook — really annoyed — and I decided to do something about it. I spent weeks going through everything I had ever posted to FB and deleting it, one item at a time. I deleted everything I could find out of my timeline, all my likes, etc. And I locked my permissions down as tightly as I could.
Also, I never installed the Facebook app on my phone. I was well aware of their poor software engineering choices well before their app was available, and I had no desire to open myself up to those issues. In hindsight, that was a good choice. Their app had a number of critical stupidities in it including:
- At one point it overwrote email addresses in your contacts with a person’s facebook email address. Without permission.
- It was updating itself without going through the app store (at least the Android version; not sure about the Apple side of things) which meant that (a) they were violating Google’s terms of service and (b) they weren’t having their app scanned by Google’s anti-malware systems.
- For a while it was collecting metadata about phone calls and texts for no good reason.
These kinds of issues aren’t unique. Every app we install is a potential set of security risks and a wormhole through which some of our data can be siphoned off for unknown purposes. Facebook, again, is just a very large, very visible example of the issue.
Anyway, once I had my data on Facebook deleted and my permissions locked down, I pretty much ignored it. I almost never posted, and read it infrequently. I threatened to quit it entirely, but I didn’t. (That’s something of a joke with certain friends — hi Tom! — at this point.)
Then we moved — far — and Facebook’s ability to let me connect with some people became a bit more important. I’ve started using it again, albeit in a limited way.
Then Cambridge Analytica happened.
So I downloaded my Facebook data and found… well… not much. I’ve read horror stories about what people found in their Facebook data downloads, and I believe them, but for me it’s not that huge. There are a few really odd things (why on earth does eBay.de have my contact info, for example?) but overall they don’t have much.
That’s because of all the data I deleted years ago, and the fact that I have deliberately given them almost nothing since then.
But — and here we enter the realm of speculation — I don’t think this data dump is complete. I suspect that Facebook has data about me that is not present in this file. For example, I know I have seen things shown to me on Facebook as possible interests that were clearly based on things I “liked” years ago and then removed. The underlying likes are still there, I think, associated with my account. Or if not, Facebook is spookily accurate at suggesting things I might be interested in, like music, given there is nothing about music in the data they claim to have about me.
It is possible their data deletion is really not that. Perhaps — as some have wondered — deletion isn’t really deletion. Maybe all those posts I thought I deleted are instead marked as ‘don’t show these anymore’ but can still be mined for interesting data to sell.
That’s conspiracy theory territory, though, and I don’t actually think that is the case as a rule. But I do wonder if there are places in Facebook where it doesn’t delete things completely, and still operates on that data. Their software engineering is clearly so bad that is entirely possible, and they would never know.
So what am I going to do about Facebook? As I see it, I have two options:
- I can continue to use it as I do now, limiting what I post and like, and trying only to make it a communication vehicle with people I actually know.
- I can delete my account completely.
There are arguments in favour and against both of those approaches, and I honestly haven’t decided.
From what I have seen, studies are showing that social media use in general — and Facebook in particular — do not make us happier. Everyone curates what they post, so even the bad stuff looks good, and we’re always comparing ourselves with the best everyone else has to offer. It’s not healthy. That bugs me, and argues for deletion, along with their various poor software practices, their poor data handling, and their unbelievably bad user interface.
And yet there are certain people with whom I only interact on Facebook. If I delete the account, if feels like I am deleting them from my life. And in truth I probably would be, as both sides of those relationships are busy with other things, and even writing an occasional email to all the people in that group would be very time consuming.
From a different perspective, it turns out that Facebook’s lousy (non chronological, algorithm based) user interface means I don’t see things from people I don’t regulary interact with, and they don’t see things from me. So perhaps that cord is already cut for me.
So here I sit, waffling. I could continue as I am — mostly using Facebook to announce posts like this one and occasionally seeing posts from a few of my friends there — or I could delete it entirely. Still thinking about that.
But I strongly encourage everyone to download their Facebook data and review it. For some of you, it will be eye opening. For others, not so much. I’m in the latter camp, but only because of my data deletion efforts years ago.
But knowing what they know is the start. Make yourself a more informed Facebook customer. It’s time well spent.
Addendum some time later: I have decided. My FB account will be deleted shortly.