In spite of everything, Facebook users did not flinch. Of course, these applications collected data about their lives. But they seemed convenient and harmless, and, really, what could go wrong?
Today, more than a decade later, the consequences of Facebook's laissez-faire approach are becoming clear. Over the weekend, The New York Times reported that Cambridge Analytica, a British consulting firm, acquired private information from approximately 50 million Facebook users, and used it to target voters on behalf of the Trump campaign during the presidential election. of 2016.
What happened with Cambridge Analytica was not technically a data breach, since this treasure of personal information was not stolen from the Facebook servers. Rather, he freely gave himself to the creator of a personality question application on Facebook called "thisisyourdigitallife".
That application, which was developed by a professor at the University of Cambridge, collected data on the 270,000 people who installed it, along with data about their Facebook friends, with a total of 50 million people in total. The professor, Aleksandr Kogan, then gave the data he had collected at Cambridge Analytica.
Technically, only this last step violated Facebook's rules, which prohibit selling or giving away data collected by a third-party application. The rest was business as usual. Third-party applications collect vast amounts of detailed personal information about Facebook users every day, including their ages, location, pages they liked and groups they belong to. Users can choose not to share specific information, but it is not clear how many.
This type of extensive data collection is not only allowed but encouraged by Facebook, which wants to keep developers building happily on their platform. Permissiveness is a characteristic, as they say, not an error.
But in the wake of incidents such as data leakage to Cambridge Analytica, some question the costs of such flexible policies on an influential platform with 2.2 billion registered users.  Continue reading the main story
"It seems crazy that I can make random decisions about the data of so many people," said Can Duruk, a technology consultant and software engineer. Facebook, he said, was "extremely lax with what kind of data they allowed people to obtain".
In a Facebook post on Monday, Andrew Bosworth, vice president of Facebook, admitted that this thought could have been a mistake.  "We think that every application could be social," Mr. Bosworth wrote. "Your calendar should have your friends' events and birthdays, your maps should know where your friends live, your address book should show their photos, it was a reasonable vision but it did not materialize the way we expected."
A first clue about the potential for misuse of Facebook's third-party developer tools came up in 2010 when my colleague Emily Steel, then in The Wall Street Journal, reported that an online tracking company, RapLeaf, was collecting and reselling data he had gathered from third-party Facebook applications to marketing firms and political consultants. In response, Facebook cut off access to RapLeaf's data and said it would "drastically limit" the improper use of the personal information of its users by third parties.
But keeping data-hungry developers from exploiting Facebook's personal information treasure remains a challenge. In 2015, Facebook eliminated the ability of third-party developers to gather detailed information about the friends of users who had installed an application, citing privacy concerns. (The Cambridge Analytica data bank, which included this type of information, was compiled in 2014, before the change). Facebook has also taken the tools used by developers to create games and tests that bombarded users with annoying notifications.
But the core functions of Facebook's open platform tool are still intact. There are still many third-party applications like "thisisyourdigitallife" out there, which aspire to intimate data about Facebook users. That information does not disappear, and Facebook has no real resource to prevent it from falling into the wrong hands.
Not all open data is used irresponsibly. Researchers and non-governmental organizations have used Facebook's third-party development tools to respond to natural disasters. And many of the functions that Internet users depend on – for example, the ability to import their digital address books into a new messaging application – are made possible by the tools that allow the development of third parties known as programming interfaces. of applications or API.
"Everything we depend on uses API," said Kin Lane, a software engineer who maintains a website called the Evangelist API. "They are at home, in their business, in their car, it's the way these platforms innovate and do great and interesting things."
In the case of Facebook, the permissive data policies were also good for business. Third-party developers built millions of applications on the Facebook platform, giving Facebook users more reasons to spend time on the site and generate more advertising revenue for the company. Restricting access to data would limit the utility of Facebook for developers and could push them to build on a rival platform, improving those products.
Continue reading the main story
In this context, it is even less surprising that Dr. Kogan and Cambridge Analytica have been able to use a silly personality questionnaire to gather information on millions of Americans. After all, why would the test be there?
Continue reading the main story