A blog post by Facebook Chief Technology Officer Mike Schroepfer on Wednesday detailed restrictions on data access for a number of its APIs, including events, groups and pages. Read it.
(The blog also revealed in that post that Cambridge Analytica had harvested 87 million profiles, rather than 50 million, as was originally widely reported.)
Developer access with Facebook approval
Developers can now only access the following with Facebook’s approval: the events API, the groups API (which also requires approval from an admin), the pages API and information related to check-ins, likes, photos, posts, videos, events and groups.
No developer access
Facebook has cut off access to event guest lists and the ability to post on event walls. It has also removed access to personal information like names and photos attached to posts and comments within a group. And developers can no longer access information about users’ political or religious views, relationship status, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watching and game activity.
Upcoming developer restrictions
Within the next week, Facebook will stop sharing data with developers of apps that users haven’t opened for more than three months, as well as implement the API changes on Instagram announced on Tuesday.
Facebook has also limited the data that Facebook users can get. Users no longer will be able to search for friends using a phone number, after the platform revealed malicious actors used the feature to scrape public information.
And starting next week, Facebook will provide a link at the top of the news feed to show people what apps they use and the information they share with those apps, as well as make it easier for people to remove apps they no longer want.
Facebook CEO Mark Zuckerberg hosted a press call Wednesday to further detail changes related to privacy. The following are highlights from that presser.
“For some reason, we haven’t been able to kick this notion for years that people think we sell data to advertisers. We don't. ... The way we run the service is people share information, we use that to help people connect and make the services better, and we run ads to make it a free service everyone in the world can enjoy.
“People tell us that if they're going to see ads they want the ads to be good. The way the ads are good is making it so that if someone tells us they have an interest, the ads are actually relevant to what they care about. Like most of the hard decisions we make, this is one where there’s a trade-off.
"On the one hand, people want relevant experiences, and on the other there’s some discomfort in how systems use ads. but the feedback is overwhelmingly on the side of people want a better experience. That informs the decisions we make here.”
On developers and data sharing:
“We have to take a broader view of our responsibility of how people use those tools as well.
"It’s not unreasonable to have an API where someone can be able to interact with a group in an external app. We still wanted to shut that down because we felt like there were too many apps and folks who would’ve had access to other people’s content and that would be problematic.
“We’re not going to be able to find every single bad use of data, but what we can do is make it a lot harder for folks to do that going forward.”
“I think regulations like the GDPR are very positive. I was somewhat surprised by yesterday’s Reuters story [which stated that Facebook would only implement GDPR controls in Europe]. The reporter asked me if we were planning on running the controls for GDPR across the world, and my answer was yes, we intend to make all the same controls and settings available everywhere. We need to figure out what makes sense in different markets … but we’re going to make all of the settings and controls available everywhere, not just Europe.”
On public data scraping:
“People have been able to scrape public information.
“We had basic protections in place to … make sure accounts couldn't do a whole lot of searches, but we did see folks who cycled through hundreds of thousands of IP addresses to evade the rate limiting system. That wasn’t a problem we had a solution to. Given what we know today, it just makes sense to shut that down.”
On Cambridge Analytica affecting 87 million users:
“We only finalized our understanding of the situation in the last couple of days. We wanted to wait until we had the full understanding.
“We don't have logs going back to when Kogan's app queried for everyone’s data. We constructed the maximum possible friend list people could’ve had. That’s the 87 million [figure]. I’m confident it’s not more than 87 million. It very well could be less, but we wanted to put out the maximum number.
“We don’t know how many people’s information Kogan actually got. We don't know what he sold through Cambridge Analytica, and we don't know today what they have on their system. They’ve agreed to do a full forensic audit of their systems so we can get those answers. At the same, time the UK government is doing an investigation, and that takes precedence.”
On Russia and election security:
“Since we became aware of this activity after the 2016 US election, we’ve been working to root out the Internet Research Agency and protect the integrity of elections around the world.
“Leading up to [the French presidential election], we deployed AI tools that led to taking down 30,000 fake accounts.
“We’re going to find [more content] over time. You never fully solve security. It’s an arms race. In retrospect, we were behind and we didn’t invest enough upfront.”
On fake news:
“There are three different types of activity that require different strategies.
“For economic actors … it’s not ideological. They come up with most sensational thing to get you to click on it so they can make more money on ads. If we can make the economics stop working for them, they’ll move on to something else. We make it so they can’t run on the Facebook ad network. We make sure they get less distribution in the news feed.
“On national security issues, we need to identify the bad actors.
“On legitimate media, we need to do more fact checking. … People are cherry-picking facts to sell one side of a story and the aggregate picture ends up not being true, even if the specific facts might be. There, the work we need to do is promote broadly trusted journalism. That’s the news feed change we made, which we’ve gotten relatively good feedback from users.”