Facebook, Cambridge Analytica, and Metadata: How Much Are You Sharing And With Who?

Author: Craig Pollack Date: Apr 18, 2018 Topics: Social Media, Cybersecurity


hen you decide to share something on social media, how much of it are you actually sharing? And just who are you sharing it with? Is it just what you choose to “Share” or is there more going on here than meets the eye?  This was the eye-opening realization for many Facebook users these past few weeks as news broke about how much of their information was being shared from users to companies without their knowledge, in what is now being referred to as “Facegate”, or rather, the Cambridge Analytica Scandal.

We now know that in 2013, 300,000 Facebook users had their data unknowingly collected by a researcher at Cambridge University through an application which was downloaded when those users took a survey on an app called "thisisyourdigitallife". This data was shared with Cambridge Analytica, a political consultancy firm, who then shared it with others - including major groups like the Donald Trump campaign. But the sharing of information did not stop there. Due to lax policies, implemented by Facebook, a total of 87 million users were affected when the data of the friends of the original 300,000 users were shared as well.

Mark Zuckerberg, founder & CEO of Facebook, spoke to Congress for nearly 10 hours, explaining how all this happened, apologizing for the sharing of information, and informing Congress about the next steps Facebook would be taking to ensure these events never happen again. Furthermore, on April 10th, Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a privacy bill of rights called the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act, that would require the Federal Trade Commission (FTC) to establish privacy protections for online users.

What is metadata and how is it used on social platforms

So what kind of data are we talking about? If you’ve never heard of metadata, now is the time to pay attention. Metadata is essentially data about data. For social media platforms, it's the information gathered based on the user’s interactions with a site - keeping in mind that the privacy settings the user has in place for the site they’re using dictates what information is shared and with who. Everything from what you’re searching for, how much time you're looking at it, what you're clicking on, how quickly you click on something, who you're sharing information with, where you are are and even what you like and what you don't like are all collected and saved in this metadata. Tools like Facebook Pixel are used by sites to collect user data, which show when you visited, how long you were there, and what you looked at. So, if there is a “Like” button on a page, you must keep in mind that your browser is sending information back to these sites about your activity and interest in the content you’re viewing. Profiles are being made based on this information so that companies can then target ads that users will be interested in with the hopes of making a profit.

Metadata includes:

  • The time, date, size, sender and recipients of emails
  • Time and duration of the user’s web connections
  • Users' IP address
  • Destination of IP addresses
  • The volume of the users' uploads and downloads
  • Location and geographical data

There is also phone metadata that users should be aware of as well. This includes:

  • Phone numbers of people that users have called or sent SMS messages to
  • Time and date of calls and SMS
  • Duration of calls
  • The location of the nearest cell tower when that user sent or received a call or SMS

In the simplest of terms, if you go to a bakery every day at the same location, yet never tag yourself there, depending on the privacy settings you have in place, social media platforms can know where you are and even what you like about that place. This can result in you seeing ads targeted more towards the bakery you frequent, other bakeries in the area, or even baked goods you like, all based on what your locations services setting is set to when you’re posting.

best practices for protecting your metadata on social platforms

The Cambridge Analytica scandal is a lesson for users on how they need to properly secure their online data. Proactively protecting your data begins with how many restrictions you are willing to put in place on your various social platforms. It also begins with an awareness of the data policy platforms have in place. Facebook, for example, now has an updated data policy, which transparently lays out what users are sharing when using their platform. And if you’re curious about what information of yours Facebook is storing and sharing with companies, you can download a copy of your Facebook data and review it.  I did this and found some pretty interesting stuff to say the least.  Nothing embarrassing or illegal, but I'm definitely NOT happy this information is now out there in the world for companies to use to manipulate me.

Other ways you can protect your metadata include:

  1. Limit your audience to “Private”, “Friends”, or “Friends of friends” (depending on how much you trust your friends’ friends…) and manage timelines across all platforms. Public profile are easy and willing participants when it comes to data sharing.
  2. Review privacy settings and manage apps connected to each platform. You need to pay close attention to what third party apps you’ve given access to. Carefully select which apps you do and don’t want your data shared with and disable certain settings, such as location settings and activity status.  (This means don't use Facebook as the login to other apps!)
  3. Disconnect your address book from social media accounts.
  4. Use incognito web browsers so your history cannot be tracked.
  5. Turn off geotagging of your pictures on your cell phone or tablet.
  6. Use end to end encryption when messaging so that messages are only on your phone and the phone of the person you’ve texted. Also, Uncheck the “Read receipts” option in apps like WhatsApp and Twitter.

Bottom line

Privacy in the digital age is a different concept than ever before. It seems that you can have a different viewpoint about this concept depending on whether you grew up before or after the digital divide.

Regardless, you need to be aware of what you’re sharing online. If you’re not reviewing the privacy policies and settings of the sites you’re visiting, you’re doing yourself a disservice in keeping your data protected. Implementing as many best practices as possible will help control what is being shared, but will not prevent all your online information from being shared, such as data that can be found on profiles that are public.

Remember, nothing on the internet is truly private, but your shareable information can only be shared once you share it first...so cut back on sharing. As hard as it may seem, try posting less frequently. The less active you are online, the less metadata there is to pull from and this will help limit what information companies are receiving about you.

How were you affected in this scandal? What steps have you put in place to ensure your metadata is protected? Let us know in the comments box below. Or, you can always send me an email to discuss this topic with me directly more in-depth.

Cyber Security Report Card


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.