Hacker News new | comments | show | ask | jobs | submit login
Anyone could download Cambridge researchers’ 4M user Facebook data set for years (techcrunch.com)
92 points by dsr12 5 months ago | hide | past | web | favorite | 18 comments



So is it available on the Internet like stolen password archive? Very curious what my data looks like in their hands.


Wasn't this already known though? There was an undiscovered bug that allowed organizations access greater than they were supposed to have, I feel like it's beating a dead horse by this point.


1. It wasn't a bug, it was a feature. The API explicitly allowed apps access to friends' information. They weren't exploiting the API.

2. The article describes the Cambridge Analytica database in particular being available "to verified researchers" but someone threw credentials onto GitHub where anyone could have borrowed them


Regarding 2: note that this is not the Cambridge Analytica data, rather similar data collected by researchers at Cambridge.


You're right. It's confusing, because the data that was supplied to CA was supplied by another Cambridge researcher.


According to the article they didn’t access friends’ data.

>Like other quiz apps, it requested consent to access the user’s profile (friends’ data was not collected)


I feel like this issue, and others like it, cannot be thrown in people's faces enough. People need to get angry to affect change.

If we want our industry to take privacy seriously, we need people to take a principled stand. Making them aware of, and outraged over, flagrant violations of your privacy, and trust, is the easiest way to do that.


The battle is lost. People by and large have decided that it is worth sacrificing most of their privacy to use "free" services like Facebook and google. The only relief at this point is regulatory.


Awareness is not just useful to convince people to act individually, it's also useful if you want to pass that legislation.


> The only relief at this point is regulatory.

But why would the government intervene in a private decision that citizens have made?


Why bother protecting something that most people, as you yourself claim, don't actually value that highly?


Because it's actually valuable.


What does that mean? People don't value it, ergo, not valuable.


Your privacy is my privacy

We talk at the phone, we chat, we take pictures together

If you don't mind about your privacy you're probably hurting someone else's


Yeah, and just because many people are happy to trade it away doesn't mean everyone is. (And of course many don't realize just how much they're trading away...)


Privacy? What privacy? It most jurisdictions in this country I can search property records, obtain the names of those owning if not in residence, property values, when purchased and so on. Then I can cross reference other government databases and eventually onto private setups like the one in the article.

people and washington are bemoaning what happens at Google, Facebook, and the like, yet totally ignoring all the information readily available to the public for anyone to take from government itself.

Example, if you know a street address or owner's name in Cobb County Georgia will allow you to search. The amount of information available there is and the type is far more dangerous than what was discovered via a facebook quiz.


Original link:

https://www.newscientist.com/article/2168713-huge-new-facebo...

The actual problem here is not that Cambridge Analytica got the data. But that they created a site where this data was made readily available:

> Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.


This is not related to Cambridge Analytica. It's the University of Cambridge, in the UK.

>Though “Cambridge” is in the name, there’s no real connection to Cambridge Analytica, just a very tenuous one through Aleksandr Kogan, which is explained below.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: