What happened with Facebook and Cambridge Analytica?
The facts are still coming out, but it appears that Cambridge Analytica and related partners created a personality test app that roughly 300,000 people downloaded. These people were paid nominal sums to complete the personality quiz, which also involved authenticating with a Facebook permission.
The Facebook permission then allowed Cambridge Analytica to scrape these user’s Facebook profile and the profiles of all of their friends. Suddenly Cambridge Analytica has a data set given psychographic data for 50 million people.
What could Cambridge Analytica determine from these Facebook profiles?
A lot. Researchers at Cambridge University, where the roots of this Facebook data sampling began, found that with a sample set of 75 Facebook “likes” they could know you better than your friends.
With 150 “likes” they could know you better than your parents.
And with 300 “likes” they would know you better than your spouse or partner.
These profiles were then purportedly used for political purposes to delivery adds and content to voters to stoke fears and influence thinking on hot-button issues.
Much of the Facebook data for Cambridge Analytica was harvested in the summer of 2014. Facebook in 2014 also tightened their policies around what could be scraped, but they grandfathered Cambridge Analytica and other existing apps for another year.
While Facebook allowed the scraping of user data, they did not allow the sharing or selling of this data to third parties, nor did they allow apps to masquerade as academic research when they were profiling for political purposes.
Facebook appears to have identified the violations from Cambridge Analytica by 2016, and they privately demanded that Cambridge Analytica delete the 50m harvested user profiles. It’s not clear if these demands from Facebook were successful.
What is clear is that Facebook decided this issue wasn’t worthy of disclosure to its users until the New York Times found out about it and brought it to light.
What is a permission request?
Permission requests are increasingly common. They’re often convenient. And they’re not all bad.
When I use LinkedIn, for example, it asks if I want to share my contacts with the app to facilitate new connections. This is a simple and common permission request.
Are permission requests safe?
Think of a permission request as a key exchange. To whom would you give a key to your house or car?
I trust the Toyota dealer with a key to my car when I get my car serviced because I know them by reputation, I know what they’ll be doing with the car, and I trust that there will be no shenanigans. In my estimation, the risk is de minimis.
I also only give them my car key, not my whole keychain, to limit my exposure. And alarm bells would go off if they asked not just for my Toyota key but my whole keychain.
What about the LinkedIn example above?
I historically never allowed LinkedIn as a private company to harvest my contacts. I trusted them mostly, but I always felt giving them my contacts benefited them more than it benefited me.
Maybe I would trust them if I looked into it further, but the value I’d get in sharing my contacts wasn’t significant so I didn’t look further. I was a happy LinkedIn user and I kept my address book contacts to myself.
My trust in LinkedIn has increased with Microsoft owning them. If there was compelling additional value as a LinkedIn user to sharing my contacts, I’d probably do it. But I haven’t yet.
What about “that new free app” that everyone is using?
That question could apply to thousands of free apps out there. And the answer, of course, depends.
Take Honey for example. It lives as a Chrome extension. They claim to help me save lots of money on the things I buy from Amazon and other retailers. I have seen numerous ads for it online. And apparently, seven million people have downloaded it into their Chrome browser.
To receive the full benefits, you need to create a Honey account, which is easy with a second permission from your Facebook account. Simple enough, right?
Let’s look closer.
First, what is it asking for? The permission request asks to see all of my data on the websites I visit. That’s a big request. I’m happy for a family member or colleague to join me on my web browsing, not a stranger. Do I want to invite this appt to look over my shoulder when I browse every day?
Second, what is their business model? The app is free, which right away tells me they make money from others who want access to me. In this case, they get paid by affiliates who want to sell things to me, and they may also make money from the aggregated purchase data they accumulate and sell for consumer research.
My decision? I’m not going to use it. The benefits are too small, the permission request is too broad, and I don’t know enough about how they use my data to feel comfortable.
(If I really did want to use Honey, one option would be to install it in Chrome and use that browser for shopping. I could then use another browser like Firefox for the rest of my surfing.)
What’s another permission example?
Another popular service is Slice. It’s a simple service that gathers receipt data so it can help me track that Amazon package or Apple shipment and keep my receipts in one place. And it’s free. Who doesn’t want a little help with receipt organization, right?
But first, what is it asking for? In this case, it wants complete access to my email inbox. Everything. This allows it to do its magic. But my inbox also contains a lot of valuable data. Private data. And privileged data.
If they were mischievous, they could profile me for ads with this data, a practice even Gmail has stopped doing as of 2017. If they were sloppy, they could be hacked and an intruder could use this email access to reset passwords or cause other problems.
Second, what is their business model? Slice aggregates purchase data and sells it to people who want to spot trends.
Again, if I’m not a paying customer, I’m what's being sold.
If Slice does their job carefully, the data is anonymized and my privacy remains intact. Amazon is sufficiently concerned by Slice that they’ve stopped included purchase detail in their email receipts.
My decision? I’m not going to use it. The benefit of a little help with receipt tracking is overwhelmed by the fear, uncertainty, and doubt I would have by sharing my entire email account with a third party.
(If I really did want to use it but still wasn’t sure I trusted it, I could sandbox it by creating a separate email account just for my purchase receipts.)
How to do a permission audit
What about all of the apps we’ve already approved in the past? How can we see what we’re sharing?
If you use Chrome, visit the Window menu, choose the Extensions option, and view what extensions you have installed. You’ll probably see ones you use and trust.
But if there are some you don’t use or aren’t sure what they’re doing, then it’s easy to delete them.
If you use Safari, visit Preferences under the Safari menu and choose Extensions. With a single click you can delete any extensions you’re don’t want or don’t trust.
If you use Facebook, click the small triangle in the upper right corner when using a desktop browser, then Settings. On the left of the settings panel, you’ll see an option for Apps.
The lock icon next to some apps doesn’t mean they don’t have access to your friends. In one example, I’ve given Flipboard access to all my friends, my timeline, my photos, and my email address. That’s fine if I’m using Flipboard, but I’m not. So I removed it.
If you use Microsoft Edge, select More to open the menu. Select Extensions from the menu. Then select any extension you want to remove and click the Remove button.
Check your computer
What apps are running in the background that you don’t use or might not trust? MalwareBytes is a great tool for Mac and Windows that’s free. You can also look to see which apps load on their own each time you turn on your computer.
For the Mac
visit the Apple menu, System Preferences, Users and Groups, then look for Login Items. Do you see anything here that’s not used, not trusted, or not familiar?
If you use an iPhone, you can check to see which apps access which permissions. Visit your Settings app, then Privacy.
For example, if I click the Contact link I’ll find that I’ve given Google Calendar access to all my contacts because it makes it prefills email addresses for calendar invites and because I trust Google with this data.
If I had accepted the LinkedIn request I mentioned above, I would see LinkedIn here too.
Under Location Settings within Privacy, here we can see the different scope of Uber versus Lyft. Uber used to require location access “Always” which meant they had 24/7 visibility as to where I was. Recently they’ve added a second option where I can provide my location data “While Using the App.”
This larger scope of the first request is a bit akin to my Toyota dealer asking for my whole keychain. I can conceive of reasons why that I might do it (for example, if they were going to delivery my car after the service and park it in my garage), but I’d really want to know why.
In contrast, Lyft doesn’t even offer the option to always share location data. They only ask for it while using the app. The limited scope of their permission builds trust.
Similar audit options exist with Android phones.
Open the main Settings app. Tap Apps or Application Manager (depending on your device, this may look different). Tap Settings Settings and then App permissions. Tap a permission to review or remove it.
Don’t Facebook, Google, and Apple audit the tools that require permissions?
No, they don’t. An app isn’t safe just because it’s connecting to a well-known service or company. None of these big companies vet the tools that use permission and identity systems.
How does Tiller Money handle privacy and security?
Given our focus on Google Sheets, Tiller is built on Google’s infrastructure. (We're currently working on support for Microsoft Excel.)
We know both companies well enough to trust building our business alongside their platforms, and we think that’s a good decision for our customers.
We also recommend our Google customers use two-factor authentication which protects their Tiller account as well as their Google Drive sheets and documents, Gmail, and other data.
We minimize the permissions we request whenever possible.
When you create an account with Tiller, we’ll create your Tiller identity using Google. Google will display a permission request to confirm it’s OK with you to share your Google identity with us. With that in place, we will then share access to a spreadsheet that is fed bank data from our service.
We do not have access to your other Google Drive spreadsheets or documents, and we certainly don’t have access to your other Google data such as emails, photos, or calendar, or anything extraneous.
Our business model is to serve our customers and make money from these same customers with subscription fees.
Our loyalty is to our customers. We don’t sell or share our customers’ data. We don’t make money from selling our customers anything beyond the Tiller service. Our revenue model is really simple: 100% of our revenue is from customer subscriptions.
We've created a few free and optional add-ons for Google Sheets, and these generally request permissions only for those spreadsheets where you’re using this app. As a matter of both principal and practice, we will only ever ask for the narrowest permission set we can use while still doing our job.
In some cases, our engineers have even made feature requests to Google to allow us to ask for even LESS access. No one squirms more than us when we think our scripts might have Google ask for more access than we absolutely need.
Beyond minimizing access to our customers’ Google Drives, we carefully manage our customers' financial data. Our system has read-only access to bank data for accounts our customers link. Our system has no ability to move or transfer funds. We encrypt that data in transit and in storage.
We’ve also built our systems and policies to make sure that our team doesn’t see the transaction and balance data of our customers. This last part is unusual for companies in our industry. Most customer service teams for our competitors see transactions and balances.
We don’t think that’s necessary, so we’d rather run blind to this financial data. Our servers safely manager that data, our team of humans doesn’t ever need to see it.
Can you trust Tiller?
That’s a great question, and it’s the same question you should ask of every service with whom you share personal information.
All of us here at Tiller are betting our reputations and careers on carefully stewarding our customers’ data. Privacy and security are mission-critical priorities for us. Your decision to trust us in carrying out those priorities is just that, your decision.
For every thousand people that do trust us, we’ll receive an email from someone who says they’re really nervous. The right answer for them is always the same: don’t use a service that causes you to lose sleep.
The bottom line with the issue from Facebook and Cambridge Analytica isn’t to stop accepting permissions. They’re incredibly valuable as a structured way for different apps to talk with each other. But please don’t just click through your next permission request in a blind rush to try a new app.
Ask yourself a few questions. Why does this app need my data? Is the app asking for an appropriate level of data? And do I trust the app that’s requesting access?
It’s your data. You get to (and need) to choose who has access. And you should make the final decision about who you trust.