Slashdot Mirror
My Cow Game Extracted Your Facebook Data (theatlantic.com)
Ian Bogost, writing for The Atlantic: Already in 2010, it felt like a malicious attention market where people treated friends as latent resources to be optimized. Compulsion rather than choice devoured people's time. Apps like FarmVille sold relief for the artificial inconveniences they themselves had imposed. In response, I made a satirical social game called Cow Clicker. Players clicked a cute cow, which mooed and scored a "click." Six hours later, they could do so again. They could also invite friends' cows to their pasture, buy virtual cows with real money, compete for status, click to send a real cow to the developing world from Oxfam, outsource clicks to their toddlers with a mobile app, and much more. It became strangely popular, until eventually, I shut the whole thing down in a bovine rapture -- the "cowpocalypse." It's kind of a complicated story.
But one worth revisiting today, in the context of the scandal over Facebook's sanctioning of user-data exfiltration via its application platform. It's not just that abusing the Facebook platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. I wrote the principal code in three days, much of it hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it, although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.
But one worth revisiting today, in the context of the scandal over Facebook's sanctioning of user-data exfiltration via its application platform. It's not just that abusing the Facebook platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. I wrote the principal code in three days, much of it hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it, although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.
A 2012 report from
Facebook is also being seen as a source of invaluable data on voters. The re-election team, Obama for America, will be inviting its supporters to log on to the campaign website via Facebook, thus allowing the campaign to access their personal data and add it to the central data store – the largest, most detailed and potentially most powerful in the history of political campaigns. If 2008 was all about social media, 2012 is destined to become the "data election".
The thing is it's not "your" data if you live in the United States. Europe has strict data protection laws, the data belongs to the person who provides it and you may only use it for purposes they have already agreed to. This actually causes problem with things like medical research where it's actually illegal to use new techniques against old samples because people did not agree to the new use. You have to go back to them and get consent which can be inconvenient, costly or even impossible if they are deceased.
In the United States data belongs to the person who collects it. If you give an app permission to trawl your contacts, that data now belongs to them to do whatever they want. In this case the app developer did have an agreement with Facebook, but Facebook has absolutely no ability to prevent the developer from doing whatever he wants with the data he collected. They can sue him for breaching the agreement, but there's no way they can get the data back. It's already out there. There's no way to prove someone else doesn't have copy; that's the whole nature of electronic data. Of course none of this is ever mentioned when the story is covered by the media.
I really don't understand why this story is getting so much attention. From the coverage I've seen it seems to be because this can be linked to a firm that the Trump campaign used. Facebook is already well known to not be trustworthy with your private data. You really shouldn't put anything you don't want made publicly available on a social media website, even if you think you've restricted who can view it. Haven't most Facebook users had the site auto-post something without their consent? I know I once used an app that wanted to use photos from my Facebook albums. I uploaded a picture to my mobile album so I could import it in the app and Facebook posted the damn thing to all of my friends. But it's kind of silly to single out Facebook when there are thousands of smartphone applications, retailers and other companies that are doing the same thing. Some of the applications available for download are nothing more than trojan horses used to gain access to your information.