Cambridge Analytica.  They’re not the only third-party app that’s siphoning yours and your friend’s personal, private data.  I’ve seen this coming and this won’t be the last time.  I love using Facebook.  But my Spidey sense says that at Facebook, profits may be prioritized over security and privacy.  Some are calling to #DeleteFacebook.  Even if 100k did this, they won’t feel it.  And there’s other social media that’ll take their place.

How the data harvesting starts…

First there’s third-party games on Facebook like Farmville or Candy Crush.

There’s also another way.  You know when you go to a new site and it asks you if you want to login using your Facebook or Google account.  Or register with your email.

Out of simplicity we authorize our social media account to login.  We think, great one less website to remember my username and password.  This is easy!

You’re not alone.

I bet you think all your doing is authorizing access to the login.  But did you know in most cases you’re also authorizing access to your data.  Data like your posts, your photos, photos you were tagged in, your friends list, your likes, your work, your location and anything else your social network uses to serve up your data.

And you’re offering up your personal, private data from your friends list.

It’s like inviting someone into your home and taking them through your medicine cabinet, your filing cabinet and what the heck, here’s the contents of my safe.  Oh, and you want to see my friends cabinets?  Sure, here you go.  I’m sure they have nothing to hide like me.  I totally trust you.

Facebook has policies that say third-party apps can’t sell or use the data improperly.

But let’s get real.

Once the data leaves the Facebook network and goes to org X network, Facebook has no clue what happens with that data.  And if they found it was sold or improperly used, do you think they’ll spend the dough to act on it?!  How many news articles have you heard of Facebook banning developers to sell apps due to an audit of their network and improper usage of your data?

Just keep in mind if an app wants to connect, if an app wants you to take a quiz, if it wants you to play a game, whatever it might be, they’re doing it because they want to sell you AND your friends something.

If you know that going forward, all good.  I just want you to be informed.

Don’t expect Facebook to protect your privacy

It’s up to you to protect *your* data.  It may seem confusing if you don’t know where to start.

So as a cybersecurity professional, I felt compelled to share a few simple steps to help you bolster your privacy.

It’s relatively easy to review your Facebook App permissions

Check and see how many apps are using your social media accounts.  Reduce their privileges or remove the access altogether by following these 3 steps.

1. From the Facebook page, click the down arrow by your name in the upper right hand of the screen and select Settings. See Step 1 image below.
2. Click the Apps tab on the left side.  Scan the list you gave permission to.  See Step 2 image below.
3. Select Edit to change the data permission of the app or click the X to remove access to your Facebook account.  See Step 3 images below.

Step 1

Step 2.  OMG, 31 apps connected at the time of this writing.  I have no excuse about being lazy with allowing my social media to login for me since I have a password vault.  After reviewing I removed 14 and edited the remaining 17 to only require minimum data.

Step 3a

Step 3b

Step 3 before editing permissions (I’m  sorry to my other 161 friends).

Step 3 after editing app permissions

But what about my info on my friend’s third-party apps?

So, you protected the privacy of yourself, but what about your friend’s third-party apps?  Follow these next 3 steps to control what info your friend’s third-party apps can see about you in the apps they use.

1. From the Facebook page, click the down arrow by your name in the upper right hand of the screen and select Settings.
2. Click the Apps tab on the left side. Scroll to the bottom of that screen.
3. Click Edit below Apps Others Use.  Click to check the boxes next to the info you DO NOT want third-party apps to see about you and click Save.  See Step 3 images below.

Step 3 before

Step 3 after

What about Google?

Google also has its own set of app permissions, but it’s not as complicated as your Facebook account:

1. Go to the Authorized Access to your Google Account page.
2. Click Revoke Access to any apps and services you no longer need.

That’s it.  While it’s not complicated, unfortunately, Google doesn’t let you control what data those third-party apps have access to like Facebook, so it’s an all or nothing approach.

Congrat’s!

You’re much more informed.  You locked down your data and you’re an awesome Facebook friend too!  And you didn’t have to #DeleteFacebook.

p.s.  Please share or do this for your parents, spouse and your kids too.  The former and the latter need it the most.  xo