Categories
Device

How to stop facebook giving your data to third parties

Facebook has proven once again that it’s incapable of protecting your privacy, and this time the culprits are those third-party apps you don’t remember downloading. Before we tell you how to protect yourself from these services and delete Facebook apps, we’ll explain why it’s become increasingly important to do so.

If you’re not caught up, last week we learned the personal information of 50 million Facebook users was exploited by Cambridge Analytica, a political data firm working for Donald Trump. It acquired the information from a Cambridge University researcher who created a personality test app called thisisyourdigitallife that legally harvested the personal information of millions of Facebook users.

However, Facebook learned in 2015 that the data had been illegally handed over to Cambridge Analytica, and asked that all parties immediately destroy the data. Cambridge Analytica didn’t. After the social network learned it had been lied to, it banned Cambridge Analytica and its parent company SCL Group and threatened legal action. The fallout has been swift. Facebook’s stocks instantly tanked and lawmakers are now urging Zuckerberg to testify in front of Congress.

The entire fiasco begs the question: What could the affected individuals have done to prevent this from happening? The best way to protect yourself is by deleting sketchy apps and reading permissions closely. Here’s how you can manually remove apps and revoke their privileges so you can stop relying on Facebook.

How to protect your Facebook account from third-party apps

Remove third-party apps

A surefire way to protect yourself from third-party Facebook apps is by removing them from your account.

How to stop facebook giving your data to third parties

Phillip Tracy

First, you’ll need to access your account settings. If you’re using the desktop version, select the small downward facing arrow in the top right corner of your page. Look down until you see Settings and select it. From here, press the Apps tab on the left sidebar (look for the Tetris icon). At the top of this page, you’ll see all the apps you’re signed into. Note, you may need to select See More to view all apps.


READ MORE:

Removing third-party Facebook apps on mobile

If you’re on the mobile app, select the icon with three horizontal lines in the top right corner of your display. Then select Account Settings under Help & Settings. From here, tap Apps toward the bottom of the page. Lastly, select Logged in with Facebook to see a list of apps organized chronologically.

How to stop facebook giving your data to third parties

Phillip Tracy/Facebook

READ MORE:

Check to see what information you’re providing apps

You can see what information you hand over to each app by pressing its name on mobile or desktop. For example, I selected the popular movie app Flixster and discovered that I had sent it my relationship status, relationship interests, work history, education history, religious views, and a dozen other categories that have little to do with showtimes or Rotten Tomatoes scores.

There are two actions you can take for apps you’ve determined are too intrusive: Either delete them (by selecting the “X” icon on desktop or Remove App on mobile) or uncheck individual permission boxes. This will revoke their privileges, preventing them from collecting certain data about you.

If you noticed a bunch of services you’re not familiar with, don’t worry, you’re not the only one. I spent at least five minutes frantically wiping my profile of sketchy apps. Why you’re seeing so many third-party apps (my account was flooded with 85 different services) is because you don’t need to enable them directly from Facebook to give them permission to collect your data.

How to stop facebook giving your data to third parties

Phillip Tracy

You probably gave these services access to your Facebook profile from a separate webpage or mobile app years ago. And unless you manually delete them, they will stay on your profile, leaching off your personal information for as long as they can.

Phillip Tracy

Phillip Tracy is a former technology staff writer at the Daily Dot. He’s an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.

FTC report reveals ‘staggering’ amount of data big telecom is collecting on you

Here’s how a hacker was able to blow up Trump’s new free speech site

Scammers impersonating Amazon stole $27 million from victims in a year

In order to use Trump’s new social site, you can’t post like Trump

How to stop facebook giving your data to third parties

Stop me if you’ve heard this one before: Facebook gave user data to third-party developers, even after specifically telling users it wouldn’t.

In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users’ non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.

We reached out to Facebook in an attempt to determine just how many users had their data improperly sent to third-party apps, but received no immediate response.

Facebook’s blog post does provide some — albeit limited — insight into the privacy mishap, however. The company writes that the user info in question possibly involved email addresses, birthdays, language, and gender, and was sent to around 5,000 apps past the 90-day threshold.

“[Recently], we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” writes Konstantinos Papamiltiadis, Facebook’s vice president of platform partnerships, in the blog post. “For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.”

We also asked Facebook how “recently” it discovered the error, but received no immediate response.

Notably, this is not the first time third-party developers have been given improper access to Facebook users’ data. In late 2019, Papamiltiadis wrote yet another blog post laying out the shockingly familiar situation.

“[We] recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” wrote Papamiltiadis at the time. “We know at least 11 partners accessed group members’ information in the last 60 days.”

Oh yeah, and in 2018 Papamiltiadis was forced to awkwardly explain why certain third-party companies were given troubling amounts of access to Facebook users’ data. He assured everyone then, as he assured everyone today, that the company was working on it.

“We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them,” he wrote.

How to stop facebook giving your data to third parties

If a user has been inactive on an app for 90 days, the app in question should stop receiving user data. However, Facebook has failed to maintain this timeline for certain apps.

Facebook has been giving user data to third-party developers improperly, despite promising its users that it was not going to happen. The social media platform admitted in a blog post that thousands of developers were receiving users’ non-public information as updates even after it should have ideally stopped.

Facebook said that for a certain number of users, they did not specify a number, it had failed to cut off this data flow 90 days after the person last used the app. The platform had promised in 2018 that no third-party developer would receive any data post a 90-day period after a user last used the app.

The blog post states that the user data that went out includes email addresses, birthdays, language preference and gender and this information was sent to about 5,000 apps post the 90-day cut-off time.

Facebook’s vice president of platform partnership Konstantinos Papamiltiadis wrote in the blog that they had discovered instances of apps still receiving user data though it had not been used in 90 days. Papamiltiadis gave the example of users using a fitness app to invite friends to a workout and said that the platform failed to recognise that some of these friends had not been ‘active’ on the app for months.

Facebook did not indicate how recently they discovered this error though.

More importantly, this is not the first time Facebook has given third-party developers improper access to users’ data. Late last year, Papamiltiadis had written another blog post talking about a similar situation.

The post published on November 6, 2019 noted that some apps were retaining access to group member information, like names and profile pictures in connection with group activity from the Groups API. At least 11 apps had accessed group members’ information in the last two months, Papamiltiadis had written then.

But this is not it. In 2018, Papamiltiadis had to explain why certain third-party companies were given troubling amounts of access to Facebook users’ data and had then assured all users that the platform was working to fix this.

Clearly, Facebook really needs to get its act together as far as protecting user data is concerned.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

It’s essential that we protect the data people share with us. We also want to give people more control over the data they share with other apps and services. So today, we’re introducing new in-app features to help you better control the data you share with third-parties through Instagram.

Third-party apps and websites often provide an option to “Import photos from Instagram” or to “Connect/Link to Instagram.” Some examples include apps that allow you to easily print your Instagram photos or help you build a website. After connecting your account to a third-party service, you may grant them access to some of your profile information, such as your username and photos. Starting today, we’re making it easier for people to manage all of the third-party services they connect to their Instagram account.

You can now manage your connections to third party services by going to “Settings” in the Instagram app. Next tap “Security,” then tap “Apps and Websites.” From there, you’ll have the option to remove any third-party services you no longer want connected to your Instagram account. When you remove a third-party service, they will no longer have access to new data on your account.

To ensure you know what specific data third parties are requesting from you, we’re also introducing an updated authorization screen that lists all the information the third party is requesting to access. You’ll have the option to “cancel” or “authorize” this access directly from the authorization screen.

These updates will be rolling out gradually over the next six months and will ultimately allow people to have more control over the data they share with third-party services.

Facebook announced today that it’s disabling a form of advertising targeting called Partner Categories, which allowed prominent third-party data aggregators like Experian and Acxiom to provide clients with offline data like purchasing activity to inform ad targeting. The move comes amid the fallout from the ongoing Cambridge Analytica data privacy scandal, and it follows similar moves from the social network to curtail abusive ad practices. Those include a momentary pause on third-party app approval announced today and new limitations imposed on the volume and type of data third-party apps are given through APIs like Facebook Login announced last week.

As pointed out by Recode, Partner Categories is not what allowed Cambridge Analytica to access as many as 50 million Facebook profiles. The data mining firm was given that data from a third-party app developer in violation of Facebook’s terms of service and without user permission. Rather, data aggregators are able to supplement companies with data they may not otherwise have, allowing marketers and Facebook itself to work together to better target users.

For instance, a company like Pepsi is able to advertise on Facebook using information gleaned from Facebook profiles, information it owns like email addresses, and information it purchases from data aggregators like Experian, which gathers together purchasing history and other valuable information. As part of Partner Categories, Facebook shares revenue with companies like Experian that help inform its data set every time a marketer purchases ad space on Facebook using that data. While this is not necessarily an inherently abusive practice, Facebook clearly views its existence as a potential threat in the waiting, and the company is taking seemingly ever preemptive measure it can right now to fend off future privacy violations and PR disasters like the Cambridge Analytica one.

“We want to let advertisers know that we will be shutting down Partner Categories. This product enables third party data providers to offer their targeting directly on Facebook,” reads the terse three-sentence post published unattributed to the company’s Newsroom blog. “While this is common industry practice, we believe this step, winding down over the next six months, will help improve people’s privacy on Facebook.”

Writer at Neural by TNW — Thomas covers AI in all its iterations. Likes Werner Herzog films and Arsenal FC. Writer at Neural by TNW — Thomas covers AI in all its iterations. Likes Werner Herzog films and Arsenal FC.

Uh oh — Facebook‘s been caught in yet another data scandal. The company has admitted that it mistakenly gave around 5,000 developers unauthorized access to user profiles due to a bug in the platform.

The leak breaks Facebook‘s own rules over access to personal information. Since 2018, the platform has automatically blocked developers from getting people’s data if they haven’t interacted with the app in the last 90 days. Once that time limit expires, developers have to again ask users for permission to access their data. But in this case, the lock-out system failed.

“We discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” said Konstantinos Papamiltiadis, Facebook‘s VP of Platform Partnerships.

IT is healing

Can self-healing security software fight cybercrime?

“For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.”

Papamiltiadis said Facebook fixed the bug the same day it was found, but didn’t reveal how many users had been affected.

The nature of the breach is particularly bad news for Facebook, as third-party access to data was also at the centre of the Cambridge Analytica scandal.

The incident was what led Facebook to introduce its 90-day lock-out rule. But the new leak shows the system clearly still needs a lot of work.

How to stop facebook giving your data to third parties

The government is under fire from privacy campaigners who have criticised plans to include patients' data in a huge database that could be made available to third parties.

Patients have until 23 June to opt out of their data being included in the 'digital scrape', which will incorporate information including data on domestic violence and sexually transmitted infections (STIs).

The data will be shared with third parties, though NHS Digital – which is running the programme – says it will only be used for research and planning purposes and will not allowed to be used solely for commercial purposes.

The move has come under fire from privacy campaigners who are urging health secretary Matt Hancock to drop the plans and hold a full consultation.

Foxglove, which campaigns to stop the abuse of digital technology, and NHS patient-led campaign Just Treatment are urging people to sign a petition to stop the database from being formed.

Senior GPs in east London are already believed to have called on colleagues to refuse to hand over patient data.

But what does the digital scrape actually entail and how do you opt out of it?

What exactly is a 'digital scrape' and what is this one specifically?

Digital scraping, or data scraping, is the process of extracting information and importing it into a spreadsheet or database.

In this case, campaigners say NHS Digital will port the medical histories of more than 55 million patients currently held by our GPs into a central database.

What data is the NHS collecting?

Campaigners say the plan means sensitive data, including sexual health, mental health and criminal records, will be collected – and potentially shared with third parties.

The NHS says it will only collect "structured and coded elements of the GP record". This means any data that could identify a patient, such as their date of birth, NHS number or full postcode, would be replaced with unique codes that means patients cannot be directly identified.

However, NHS Digital can use software that will convert those codes back to data, allowing patients to be identified "in certain circumstances and where there is a valid legal reason".

NHS Digital says it will not collect people's entire GP records, and will not collect the following:-

patient names and full addresses

written notes (free text) of any consultations or interactions between patients and clinicians

images, letters, videos, or documents

medicines, appointment, or referral data over 10 years old

legally restricted data such as in vitro fertilisation treatment or gender reassignment

Why is the NHS gathering our data?

The NHS says it uses patient data to improve healthcare services, helping to find better treatments and improve patient care.

The data helps decide what new health and care services are required in a local area, it says, as well as supporting research and helping find cures for serious illnesses like heart disease, diabetes and cancer.

Watch: Arthritis drug could help save lives of COVID patients

On its website, it uses coronavirus as an example, saying GP data collected as part of the COVID response is being used by the University of Oxford RECOVERY trial, which is looking to find ways to improve the treatment for people with COVID-19.

If it can help people, what's the problem?

Privacy campaigns are concerned about what will happen with that data once it's incorporated into a central database.

The data will be made available to "third parties", which could include private companies, hence their concern.

They also say the scheme is being rushed through without proper consultation.

Foxglove's petition says: "Health data could be used for the good of the NHS. But any changes to how our health data is handled must be done in a transparent, trustworthy, legal way.

"The scheme is being rushed through by stealth. Patients have been denied a meaningful say in what happens with their data. No safeguards have been included to prevent private companies using our data for their own profit."

There is also a concern that it any anonymisation could be reversed further down the line.

Is the NHS actually selling the data?

NHS Digital says it doesn't sell data, but does charge those who want to access it for the cost of making that data available to them.

It says these charges cover the cost of running the service and means the organisations who need access to the data bear the costs of providing it, rather than the NHS.

It says the data will only be used for health and care planning and research purposes by organisations who have "a legal basis and legitimate need" to use it, and says it does not allow data to be used solely for commercial purposes.

However, critics have pointed out that the use of the word "solely" could allow some wriggle room when it comes to how the data is shared.

What can I do if I don't want my data included?

There are several ways to opt-out but you need to do it before 1 July when the new data system comes in, GPs are recommending you submit the form no later than 23 June in order to give them time to process it and inform NHS Digital.

If you do it after that date, you will only stop future data from being included in the system.

Opting out is free. Many websites have popped up offering a fee to fill out the form for you and issuing scary but often inaccurate warnings about what this change can do to your privacy.

The first way of opting out is called a Type 1 opt-out, all you need to do is fill in a form and submit it to your GP.

A Type 1 opt-out has been around since 2013 and if you've already filled one out then you don't need to do it again.

The Type 1 opt-out stops your GP from sending your data to NHS Digital.

You can only get a Type 1 form from your GP.

The second type of opt-out is called a National Data Opt-Out, which allows your GP to share your data internally, but not share it with private organisations.

Verizon’s move comes as consumers are increasingly concerned about privacy and security.

Reuters Jun 20, 2018 08:20:38 IST

Verizon Communications Inc will stop selling its customers’ phone location data to third parties after an investigation by a US Senator found law enforcement agencies were able to use the data to track people without their consent.

How to stop facebook giving your data to third parties

The ticker and trading information for Verizon. Reuters

The move by Verizon comes as consumers and lawmakers are increasingly concerned about privacy and security amid data breaches by tech firms, including Facebook Inc.

In a letter to Senator Ron Wyden of Oregon dated June 15 and released by Wyden’s office on Tuesday, Verizon said it was beginning the process to stop selling customer location data to vendors that aggregate the data.

Wyden contacted the major carriers after his probe found that a prison phone company called Securus Technologies with access to such data had allowed law enforcement to use it to track people.

A Securus spokesman said the company was authorized to give law enforcement the location of a phone in certain circumstances, under Securus’ contract with the third party data aggregator.

“We believe that ending the ability of law enforcement to use these critical tools will hurt public safety and put Americans at risk,” the spokesman said.

AT&T Inc and T-Mobile US Inc said in letters to Wyden that they have blocked the prison phone company from accessing customer data, but stopped short of saying they would stop selling the location data to others. Sprint Corp in its letter to Wyden said it would end access to its customers’ location data if a breach was found.

Shares of Verizon were up 2.2 percent at $48.49 in afternoon trading.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

How to stop facebook giving your data to third parties

Stop me if you’ve heard this one before: Facebook gave user data to third-party developers, even after specifically telling users it wouldn’t.

In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users’ non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.

We reached out to Facebook in an attempt to determine just how many users had their data improperly sent to third-party apps, but received no immediate response.

Facebook’s blog post does provide some — albeit limited — insight into the privacy mishap, however. The company writes that the user info in question possibly involved email addresses, birthdays, language, and gender, and was sent to around 5,000 apps past the 90-day threshold.

“[Recently], we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” writes Konstantinos Papamiltiadis, Facebook’s vice president of platform partnerships, in the blog post. “For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.”

We also asked Facebook how “recently” it discovered the error, but received no immediate response.

Notably, this is not the first time third-party developers have been given improper access to Facebook users’ data. In late 2019, Papamiltiadis wrote yet another blog post laying out the shockingly familiar situation.

“[We] recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” wrote Papamiltiadis at the time. “We know at least 11 partners accessed group members’ information in the last 60 days.”

Oh yeah, and in 2018 Papamiltiadis was forced to awkwardly explain why certain third-party companies were given troubling amounts of access to Facebook users’ data. He assured everyone then, as he assured everyone today, that the company was working on it.

“We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them,” he wrote.