Security and Privacy Awareness in the Age of Facebook

Introduction

The recent events that highlighted the privacy violations of Facebook and Cambridge Analytica will go down in history, and not in a good way. The basic problem boils down to Facebook allowing their data-mining partner, Cambridge Analytica, to use the data of around 87 million individuals without the users’ express consent. After the scandal, there was a lot of hand-wringing from the privacy community and advertisers alike. The privacy and security community (myself included) shouted out a big “I told you so” and advertisers like Mozilla and Commerzbank put their Facebook marketing accounts on hold. Others threatened to do the same, although we will have to wait and watch to see if that actually happens.

This is not the first time that Facebook has faced the privacy music. Back in 2013, law student Max Schrems filed a complaint about the privacy of data transfers between the EU and U.S. as a response to the Snowden surveillance revelations. Max also created the privacy advocacy organization “Europe vs. Facebook.” Schrems used the group as a way to force Facebook to comply with existing EU laws on data privacy. In doing so, he revealed a number of privacy violations, including: the creation of “shadow profiles” by which Facebook collected data of non-Facebook users via “friend-find” features; retention of previously deleted messages, etc. Max Schrems has been successful to an extent at reining in Facebook, such as overturning the Safe-Harbor deal, but the case is ongoing.

Though it seems that Facebook is no newbie to privacy violations, this latest privacy hash-up has taken the whole issue of data privacy and respect of personal data to new heights (or lows). Out of the social media giant’s privacy violation expose, two schools of thought have popped up from the ashes (Read more...)