Some two months have passed since the Cambridge Analytica shady Facebook user data practices were first exposed, and we’re not done learning new things about this huge privacy mess.

A brand new report now tells us that data harvested from Facebook by University of Cambridge researchers was available online to anyone looking to obtain it. Among the researchers of that app was one of the masterminds who moved to Cambridge Analytica.

While anonymized, more than 3 million users could have been re-identified given the treasure trove of information taken from Facebook. Ultimately, this all falls under the responsibility of the researchers who devised the myPersonality Facebook app. But let’s not forget that it’s Facebook the entity that made all that data available to researchers in the first place.

More than 6 million people completed the tests, with some 3.1 million agreeing to share their Facebook profiles data with the project. The names were removed when the data was collected, New Scientist has found, and the data was posted on a website where University of Cambridge academics and other researchers could access it.

However, credentials for the site were exposed online for years, and anyone with the knowledge of this huge data collection would have been able to discover the login and use it.

More than 280 people from nearly 150 institutions had official access to the data, including researchers, at universities, but also at companies including Facebook, Google, Microsoft, and Yahoo.

The data was controlled by David Stillwell and Michal Kosinski at the University of Cambridge’s The Psychometrics Centre, but Alexandr Kogan, of Cambridge Analytica scandal fame, was also part of the project.

So what data was available online for anyone to access? New Scientist explains:

Each user in the data set was given a unique ID, which tied together data such as their age, gender, location, status updates, results on the personality quiz and more.

Which that much data available, de-anonymizing the data is possible.

Facebook has meanwhile suspended the myPersonality app, and it’s investigating it. Stillwell says that the social network was fully aware of what the project did, as Facebook was holding meetings with him and Kosinski all the way back to 2011:

It is therefore a little odd that Facebook should suddenly now profess itself to have been unaware of the myPersonality research and to believe that the use of the data was a breach of its terms.

The university, meanwhile, said the app was created before Stillwell joined it, so “it did not go through our ethical approval processes.” The university also said it does not own or control the data.

Is there a way for you to find out whether your Facebook data was exposed for so many years? Not really.

Comments