Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Reportedly Exposed Facebook Quiz Data On 3 Million Users (newscientist.com)

Posted by BeauHD on from the deja-vu dept.

According to a report from New Scientist, researchers exposed quiz data on over three million Facebook users via an insecure website. The data includes answers to intimate questionnaires, and was held by academics from the University of Cambridge's Psychometrics Centre. While the breach isn't as severe as the Cambridge Analytica leak, it is distantly connected as the project previously involved Alexandr Kogan, the researcher at the center of the scandal. From the report: Facebook suspended myPersonality from its platform on April 7 saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared. More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project. All of this data was then scooped up and the names removed before it was put on a website to share with other researchers. The terms allow the myPersonality team to use and distribute the data "in an anonymous manner such that the information cannot be traced back to the individual user."

However, for those who were not entitled to access the data set because they didn't have a permanent academic contract, for example, there was an easy workaround. For the last four years, a working username and password has been available online that could be found from a single web search. Anyone who wanted access to the data set could have found the key to download it in less than a minute.

19 comments

  1. HILLARY by Anonymous Coward · · Score: 0

    IN ALCATRAZ

    1. Re:HILLARY by Opportunist · · Score: 1

      That would actually be a pretty cool name for a Death Metal band.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Tragedy of the commons by marcle · · Score: 2

    Facebook is a very good example of the tragedy of the commons. For any individual user, the convenience of using Facebook outweighs any possible drawbacks. For society in general, the very fact that so many people use Facebook, and their data is up for grabs, is a big problem.

    1. Re:Tragedy of the commons by Anonymous Coward · · Score: 0

      Not a fan of or a user of facebook, but I have to ask: How is it a big problem? Really want to know what you mean.

    2. Re:Tragedy of the commons by marcle · · Score: 3, Insightful

      Not a Facebook user either. But I do believe it's generally recognized that fake news and fake posts on Facebook influenced our last election. That was made possible by those promiscuous APIs that will link with any old thing. And aside from politics, I have a problem with the whole sales pitch of "we want to connect the world." I can still get in touch around the world instantly without Facebook, and without my whole life registered in their database. That sales pitch was a genius marketing move, concocted by Zuck in order to make people fall all over themselves to give him their personal data.
      There's a distinction between "advertising" and "direct marketing." The latter includes such lovely concepts as junk mail and robocalls. That's what Facebook is designed, from the ground up, to enable.

    3. Re:Tragedy of the commons by Anonymous Coward · · Score: 0

      For any individual user, the convenience of using Facebook outweighs any possible drawbacks.

      WHAT convenience? It looks totally inconvenient to me. I have to either give my real identity to teh world's largest data scraper, or take difficult measures which are likely to fail.

      You can't even click on a bunch of Facebook links without signing up - it makes itself a gated community to keep "outsiders" out unless they drink the coolaid too.

      We were talking online for years before Facebook came along and wormed itself in the middle. It was easier then! XMPP was decentralized, didn't scrape every keystroke and picture for advertising companies to harvest, and didn't require making yourself someone's fucking digital serf.

    4. Re:Tragedy of the commons by Anonymous Coward · · Score: 0

      I've yet to see any evidence that the russian ads influenced anyone. Is there any evidence of this persuasive effect? It's a rather vague premise. What exactly did these ads contain that made people switch their votes?

    5. Re:Tragedy of the commons by marcle · · Score: 0

      I didn't mention Russia, comrade, why did you?
      I know, just spreading a little doubt can go a long ways.

    6. Re:Tragedy of the commons by johnsie · · Score: 2

      Don't try telling us that ads don't influence people. There is a multi billion dollar ad industry for a reason. It exists because ads DO influence people. Otherwise there would be no point in investing all that money.

    7. Re:Tragedy of the commons by Anonymous Coward · · Score: 0

      It's worrying to see that even among Slashdot readers there is a blindspot as to the gravity of this. Here's the rundown:

      1. It's not so much about advertising. Profiling is used to create 'risk management' products by databrokers, with which Facebook has intimate relations. Both Facebook and Google facilitate profiling by databrokers in multiple ways, some explicit (Experian and Facebook are on each other's board), some less obvious (in the online advertising bidding process details about users are shared). According to a study on the databroker market by the FTC from 2014 these risk management products are their biggest source of income. In other words: banks, insurers, employers, they pay a large part of the money that makes online services 'free'.

      2. It's not about your raw data, but about 'derived data': details that are inferred about you (psychological profile, religion, political leaning, health) based on patterns in your data. Basically, your data is compared to the data of people they know more about. Having detailed data on 3 million people, like in this leak, allows databrokers to then analyse the rest of the population. Some of these American databrokers have 8000 scores about you for sale. They are basically educated guesses that are wrong a lot of the time, but right often enough for databrokers to make money.

      3. This part of the data economy is very invisible. Most people don't realize they are, for example, rejected at a job, insurance or loan because of these faulty judgements, so there is still little uproar. We tend to talk about advertising as the main engine of the data economy because it's the part of the data economy that we literally get visual feedback on, in the form of adds.

      4. It's untransparent. Even if you had access to all the judgements about you, you would have a hard time influencing how the algorithms judge you. This is because the patterns that machine learning can see in large populations are difficult to reach with common sense reasoning.

      5. In the long run this systemic focus on risk management could lead to social cooling. https://www.socialcooling.com

  3. Melania Trump hospitalized, kidney condition by Anonymous Coward · · Score: 1

    Melania Trump has been hospitalized for a benign kidney condition. Speculation at this point is that her kidney was frightened so badly by proximity to Donald Trump's penis that it temporarily shut down.

  4. Follow the money? Or change the economic model? by shanen · · Score: 2

    In the era of corporate cancerism, of course the cancers grow toward their 'blood' supplies. Soulless inhuman machines programmed to seek profit will always try to increase profits by doing more of whatever is generating profit.

    In religious terms: "There is no gawd but Profit and Apple is Profit's #1 prophet."

    However Facebook has a dream. It wants to become a much larger cancer so that it can swallow Apple, too. Same sick dream as each and every other corporate cancer. They are not programmed to worry about death of the host society.

    Facebook's economic model is to capture your time by exploiting your social instincts to like other people. Family members? Friends? Partisan political sympathizers? Whatever. As long as you trust them enough to spend more time on Facebook, the profit seems to increase. Damn the torpedoes, and full speed ahead on the creative accounting.

    Solution? Change the economic model, but I've already written my thoughts on how. Let's hear your better idea! Just kidding. On today's Slashdot I have to expect a flood of snark with perhaps a delayed flow of actual thought.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    1. Re:Follow the money? Or change the economic model? by rsborg · · Score: 1

      I'm not sure if you wanted a real solution, but increased corporate taxation (of course they'll find loopholes, but let them struggle for it like us schmucks), stock exchange transaction microtax, and removal of the stupid "personhood for eternity" construct would be a good start.

      Of course, no one is bound here on "tea-party slashdot".

      --
      Make sure everyone's vote counts: Verified Voting
    2. Re:Follow the money? Or change the economic model? by shanen · · Score: 2

      I agree with you about the transaction tax, but I think you can't say why. My elevator explanation is that the lack of any transaction charge is like allowing a friction-free engine to accelerate without limit. Whatever the engine is made of, at some point it is going to explode.

      As regards the tax increase, I think you were just guessing completely wildly. My suggested principle would be a pro-freedom pro-choice progressive profit tax based on market share. The goal would be to insure there are enough players in each market to allow for freedom and meaningful choice. At the same time, competition should be balanced so that we aren't all living at the edge of starvation, which is the natural state of free competition. In corporate terms, starvation also corresponds to bankruptcy. In other words, too much competition becomes counterproductive, but too little competition is bad in other ways.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  5. Facebook = AOL 2.0 by Anonymous Coward · · Score: 1

    Facebook is where all the AOL idiots went after AOL faded. It's a centralization of idiocy.

    Maybe we should not be trying to convince people that Facebook is bad, because they'll just move on to infect something else.

    I say, let the idiots have their AOL, whatever they wish to call it. It helps keep them all nicely contained in one place, so they do less damage. No - we should be encouraging Facebook use. Anyone dumb enough to actually do it, deserves it.

  6. Tragedy of the uncommon people? by shanen · · Score: 2

    Hard for me to see what is going on. Apparently this topic has provoked a lot of ACs, but I don't see them... However you [marcle] have brushed on another interesting threat Facebook poses to the people who, like you, don't use Facebook.

    If someone wants to steal your personal information, they can actually use Facebook to sneak up on you from behind. I actually think I've seen evidence of fake identities created on SMS systems to seek links to people who are NOT using those SMS systems. I think it's more on LinkedIn than Facebook (but my evidence is limited), but the scam is pretty obvious and clever--and near as I can tell none of the SMS systems have a strong economic reason to fight it as hard as it should be fought.

    In case it isn't clear already, imagine that someone knows you are not on Facebook. Then they collect as much personal information as they can from other places where you are visible in public (so it works better with actual celebrities) and use that data to create a fake Facebook account in your name. The data will already give them some people who know you, but if they are smart they won't directly approach your close friends on Facebook, but rather look for less close friends who will "friend" you on Facebook without much risk of telling you. Or they can wait for other people to notice and "friend" you. In all the cases the goal is to fish for more information to build a more complete dossier of the target.

    I can't tell if I'm paranoid or have a criminal mindset.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    1. Re:Tragedy of the uncommon people? by Anonymous Coward · · Score: 0

      Hard for me to see what is going on. Apparently this topic has provoked a lot of ACs, but I don't see them...

      It's not just you... I think something is wrong with this story thread. It's acting rather wonky for me too compared to other ones.

      I don't know how often what you describe happens, but I'm 100% sure that FB is collecting data about non-FB users, which is annoying as fuck. Problem is FB users harvest the stuff non-maliciously and give it to FB without a moment's thought.

  7. Skilled academics anonymize from the start by Anonymous Coward · · Score: 0

    I am not a huge fan of Facebook's stewardship of data, but let's all keep in mind that any psychological study data could suffer a breach. This particular breach shows some poor tradecraft from the Cambridge researchers regardless of Facebook's involvement.

    When demographers desire the answer to some sensitive question, such as "Have you ever cheated on your spouse?", they are supposed to keep the data anonymized, with a separate vault of some kind identifying participants enjoying extra secure protocols (or even never saved at all).

    Many studies do not even need the correct answer from any one individual. A clever though under-used trick goes something like this (not a real example):

    Count the change in your pocket. If the number is even then answer the question "Do you enjoy 80s music?". If the number is odd, answer the question "Have you ever cheated on your spouse?" Please give me your answer as Yes or No.

    From the supplied data, researchers can work out the statistics of answers to sensitive questions such as how many people enjoy 80s music, but without knowing the answer for any individual responder.

    (Source: my spouse trained as a demographer)

  8. Dammit! by Locke2005 · · Score: 1

    Now EVERYBODY knows I'm a Miranda! (Exactly how useful is this quiz data?)

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.