In 2007, a young Mark Zuckerberg stood on a stage in San Francisco and announced that Facebook was throwing open its doors.
No longer, he said, would Facebook be a closed-off software product like every other social network. Instead, it would become an open platform and invite outside developers to build apps and programs on top of it.
“We want to make Facebook into something of an operating system,” Mr. Zuckerberg told a reporter.
At the time, the announcement drew little notice outside the programming world. Developers quickly went to work making fun and quirky apps that plugged into Facebook — early hits included “Rendezbook,” a kind of proto-Tinder that allowed users to match with each other for “random flings,” and CampusRank, which allowed college students to nominate their peers for yearbook-type awards.
Later, popular games like FarmVille arrived, and apps like Tinder and Spotify began allowing their users to log in using their Facebook credentials. In some ways, it was a fair trade. Facebook got to weave itself more deeply into users’ internet habits, and the outside app developers got access to a big audience and valuable data about their users. In all, millions of apps have been created with Facebook’s open platform tools.
Through it all, Facebook’s users were mostly unfazed. Sure, these apps collected data about their lives. But they seemed convenient and harmless, and, really, what could go wrong?
Today, more than a decade later, the consequences of Facebook’s laissez-faire approach are becoming clear. Over the weekend, The New York Times reported that Cambridge Analytica, a British consulting firm, improperly acquired the private data of about roughly 50 million Facebook users, and used it to target voters on behalf of the Trump campaign during the 2016 presidential election.
What happened with Cambridge Analytica wasn’t technically a data breach, since this trove of personal information wasn’t stolen from Facebook’s servers. Rather, it was given away freely to the maker of a Facebook personality quiz app called “thisisyourdigitallife.”
That app, which was developed by a University of Cambridge professor, collected data about the 270,000 people who installed it, along with data about their Facebook friends, totaling 50 million people in all. The professor, Aleksandr Kogan, then gave the data he had harvested to Cambridge Analytica.
Technically, only this last step violated Facebook’s rules, which prohibit selling or giving away data collected by a third-party app. The rest was business as usual. Third-party apps collect vast amounts of detailed personal information about Facebook users every day, including their ages, location, pages they’ve liked and groups they belong to. Users can opt out of sharing specific pieces of information, but it’s unclear how many do.