You shouldn’t have to do this. You shouldn’t have to wade through complicated privacy settings in order to ensure that the companies with which you’ve entrusted your personal information are making reasonable, legal efforts to protect it. But Facebook has allowed third parties to violate user privacy on an unprecedented scale, and, while legislators and regulators scramble to understand the implications and put limits in place, users are left with the responsibility to make sure their profiles are properly configured.
Over the weekend, it became clear that Cambridge Analytica, a data analytics company, got access to more than 50 million Facebook users’ data in 2014. The data was overwhelmingly collected, shared, and stored without user consent. The scale of this violation of user privacy reflects how Facebook’s terms of service and API were structured at the time. Make no mistake: this was not a data breach. This was exactly how Facebook’s infrastructure was designed to work.
In addition to raising questions about Facebook’s role in the 2016 presidential election, this news is a reminder of the inevitable privacy risks that users face when their personal information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies.
Tech companies can and should do more to protect users, including giving users far more control over what data is collected and how that data is used. That starts with meaningful transparency and allowing truly independent researchers—with no bottom line or corporate interest—access to work with, black-box test, and audit their systems. Finally, users need to be able to leave when a platform isn’t serving them — and take their data with them when they do.
Of course, you could choose to leave Facebook entirely, but for many that is not a viable solution, unfortunately. For now, if you’d like keep your data from going through Facebook’s API, you can take control of your privacy settings. Keep in mind that this disables ALL platform apps (like Farmville, Twitter, or Instagram) and you will not be able to log into sites using your Facebook login.
Log into Facebook and visit the App Settings page (or go there manually via the Settings Menu > Apps ).
From there, click the “Edit” button under “Apps, Websites and Plugins.” Click “Disable Platform.”
If disabling platform entirely is too much, there is another setting that can help: limiting the personal information accessible by apps that others use. By default, other people who can see your info can bring it with them when they use apps, and your info becomes available to those apps. You can limit this as follows.
From the same page, click “Edit” under “Apps Others Use.” Then uncheck the types of information that you don’t want others’ apps to be able to access. For most people reading this post, that will mean unchecking every category.
This story originally appeared on the EFF’s blog.