Some thought about Cambridge Analytica and Facebook privacy settings.

Recently Facebook revealed in a blog post that it suspended Cambridge Analytica and Strategic Communication Laboratories accounts for illegally accessing and sharing user data more than two years ago.

Cambridge Analytica is a political data analytics firm and a subsidiary of a larger behavioral research firm called Strategic Communication Laboratories (SCL).

SCL aims to

"create behavior change through research, data, analytics, and strategy for both domestic and international government clients"

and Cambridge Analytica is the data-mining company hired by President Trump’s election campaign.

How SCL create a behavior change?

In 2015, Aleksandr Kogan, a psychology professor at the University of Cambridge, had developed a Facebook app which featured a personality quiz, named "thisisyourdigitallife", and Cambridge Analytica paid for people to take it

Approximately 270,000 people downloaded the app and gaved their consent for Kogan to access information such as the city they set on their profile, content they had liked, their friends’ profiles, ultimately gathering information about more than 50 million users.

That data was then passed to Cambridge Analytica to help develop voter profiles.

After the disclosure, a new campaign started on Twitter, identified with the #DeleteFacebook hashtag: plenty of people blamed Facebook for this security flaw.

The case has been reported by Christopher Wylie, a Cambridge Analytica employee:

But, is it really a security flaw?

First of all, this wasn’t actually a hack.
User data has not been stolen: developers can use the user data resources that Facebook put at their disposal, and then went creative about using said data for election-related purposes.

Does that mean any apps could have, at the time, harness the same information about you?

That’s probably likely, if you gived grants to the app!

How i can protect my personal data from data harvesting?

A first suggestion comes from this article by Wired:

On a desktop, go to the little dropdown arrow in the upper-right corner, and click Settings. From there, click on Privacy on the left-hand side.

Under Who can see my stuff, click on Who can see your future posts: you can make public to anyone at all, limited to your friends, or exclude specific friends.

So double check every time you post.

This section has other important privacy tools , including who can look you up with your email address or phone number:

We'd recommend not listing either in the first place, but if you do, keep the circle as small as possible. (If you do have to share one or the other with Facebook for account purposes, you can hide them by going to your profile page, clicking Contact and Basic Info, then Edit when you mouse over the email field. From there, click on the downward arrow with two silhouettes to customize who can see it, including no one but you.)

Also pay special attention to the option to Limit the audience for posts you’ve shared with friends of friends or public?

If you ever had a public account, taking it private wasn't retroactive. If you want to hide those previously viewable posts, lock this setting down.

Over on Timeline and Tagging you can control over what shows up on your own Facebook timeline: you can’t stop your friends from tagging you, but you can stop those embarrassing photos from popping up on your page.

To test out your changes, go to Review what other people see on your timeline. You can even see how specific people view your page, like your boss or your ex or complete strangers.

A more extreme solution

A second suggestion is a little more radical solution: follow the #DeleteFacebook campaign and delete your Facebook account.

First, you might want to consider downloading a copy of your Facebook data, so tap on the down arrow in the top right corner.

Click on Settings, which automatically loads the General Account Settings page.
Right below Manage Account in the Settings menu there’s a Download a copy of your Facebook data option.

After you’ve saved your data, go to the Facebook’s Delete My Account page and start the process:

Your account would effectively be deleted the moment you request it, but you’ll still have to wait some 90 days until your data is permanently removed from Facebook servers.