The app used to harvest facebook data for Cambridge Analytica also harvested it from the *friends* of users that authorised it.

I was talking about how dangerous this was back in 2010. It's super common, almost nobody turns off the controls which allow it.

If you're a Facebook user, then going to "Settings -> Apps -> Apps Others Use" will let you disable what information your friends' applications can harvest about you.

Because of course one of the most important privacy settings is hidden under "apps" rather than "privacy".

Unless you have reason not to, I'd recommend going to Facebook "Settings -> Apps -> Apps, Websites and Plugins", and turn the entire platform off.

This will stop 3rd party apps and websites from seeing almost anything about you, also breaking 3rd party logins and games.

I say "almost everything", because back when I was actively researching this it was possible to infer information about uses who had switched off the platform interface. Human + Bot pairs worked relatively well if you were deep-diving for people's data.

Unfortunately it's absolutely standard practice to give users a way to "opt out" of their information being shared, but then to hide that away where nobody might stumble upon it by accident.

"Apps Others Use" is particularly nefarious. Facebook is seen a human-to-human platform, so we think about limiting what other *humans* can use.

Typical humans have no way of seeing what bots can harvest. If people can't see privacy concerns, they tend not to worry about them.

The result is what we've just seen with Cambridge Analytica. 270,000 seed users being used to collect the data of 50 MILLION users overall, and then used to influence an election.

But "with permission", of course, because the Facebook ToS lets users opt-out, and nobody does.

And let's be clear here, Facebook doesn't exist as a viable business platform *unless* they can use your personal information for profit.

Facebook's integrations aren't viable unless they're so low-friction that people will use them, which means sharing lots of data by default.

Facebook does a lot to make sure it has as much information about you as possible.

Ever tried to use Facebook messages via the website, but on a mobile device? It'll *insist* you install Messenger.

There's no technical reason for this, but huge advertising/collection reasons.

Wrapping up my little rant, if you want to communicate with friends, please *don't* do that by sharing your entire conversation with an advertising platform.

Use signal.org , which gives you free, advert-free, and end-to-end encryption.

If you're wondering what Signal's business model is, they're not a business. They're a software organisation that exists through grants and donations.

If you're on Android, and you absolutely must use Facebook, then consider using Tinfoil.

It's just a wrapper for the mobile site, but it lets you mess with your browser string (so you can send/recv messages), and contains your data leakage.

play.google.com/store/apps/det…