When I found out I could download my entire Facebook data file, the first thing I felt was fear.
How far does it go back? What does it contain? Who has access to it? Will it make me feel old?
The idea popped into my head among mounting headlines around the alleged misuse of personal Facebook user data by analytics firm Cambridge Analytica. I wanted to know what, exactly, those potentially in possession of my data might know about me — so despite the trepidation, I downloaded it anyway.
The results were not exactly encouraging.
This file had everything — I mean, everything — from personal contact records that I don’t even have stored on my iPhone anymore, to every single image I had sent someone over Messenger. As the title suggests: Things got weird, fast.
And if you’re understandably hesitant about downloading your own data, or just considering it, here’s what you can expect — and what the results mean.
I Downloaded My Facebook Data and Things Got Weird
When you first download a copy of your data archive and unzip it the compressed file (here‘s a quick how-to), it’ll look something like this:
Open the general “index.htm,” and you’ll see a quick snapshot of all the data available on you, ranging from your general profile to advertisers who have your contact information. Here’s what the “profile” section of mine looks like, with a few sections removed for the sake of — this old thing — privacy.
Granted, what was available on this page was largely information I voluntarily supplied to Facebook by way of putting it on my profile, like where I went to school or my birthday.
But it was in the other sections and file folders where things started to get weird — and where I started wondering what potential advertisers or others might be doing with it.
The ‘Ads’ Section
The “Ads” section of my data index file largely consists of an exhaustive list of ad topics that would be of interest to me. Some of them made sense, as they were brands whose Pages I already Liked.
But some of the topics were downright irrelevant and, therefore, befuddling — like “fishing bait” and “organic compound.”
But there was also a section for advertisers with my contact information, many of whom were brands and musical artists whose Pages I hadn’t Liked.
I had to wonder, why do the Smashing Pumpkins and Beck have my contact information? I hadn’t listened to either, really, since my first year of college when — at risk of dating myself — Facebook didn’t exist yet.
It raises questions about just how accessible this information is, and how widespread the availability of our data might be. While likely a bad actor, I’m inclined to believe that Cambridge Analytica isn’t alone in the way it allegedly synthesized Facebook user data to get to the root of what sort of promoted content and messaging would resonate most with people.
It’s also unclear how to selectively remove that data, if at all — which could be a valuable next step for Facebook, says HubSpot Product Lead Daria Marmer.
“Facebook now needs to take the next step and make data deletion from its platform as easy as data access,” she explains. “After all, shouldn’t it be at least as easy to remove your history/personal information as it is for advertisers to access it?”
That became particularly salient when I discovered that my Facebook data includes a transcript of every Messenger interaction I’ve had, replete with any photo or video files I may have shared in those conversations.
Again, this might not be new. In an April 2014 earnings call, Facebook CEO Mark Zuckerberg noted that as part of the social network’s ongoing efforts to personalize any content seen by a given user, it would take “a couple of different approaches towards more private content as well.”
In the context of the full remarks, it would appear that Zuckerberg was referring to content promotion in these private conversations — namely, those taking place on Messenger and WhatsApp (also owned by Facebook).
Those plans are increasingly coming to fruition as of late, by way of in-app ads on Messenger (see below image) and the proposed Messenger Broadcast feature.
At the time, Facebook COO Sheryl Sandberg positioned these efforts as going strictly toward displaying Facebook content that users would be “genuinely happy to see.”
But to this day, and among recent events, it remains unclear as to which data is, was, or would be used to help target the “private content” Zuckerberg alluded to. However, some believe that any user data authorization, including the kind that eventually led to the alleged misuse by Cambridge Analytica, would include Messenger data and files, too.
This personal revelation comes among recent allegations that, on Android devices, Facebook may have been scraping data on calls made and text messages sent from users’ mobile devices — through the device itself, not the Messenger platform.
Here’s what that logged activity looked like for one Android user who discovered this record in his own data file:
Source: Ars Technica
Facebook’s response to this allegation is that users must explicitly opt into allowing Messenger to access contacts and, it seems, log call and text activity. According to a statement published Sunday:
“When you sign up for Messenger or Facebook Lite on Android, or log into Messenger on an Android device, you are given the option to continuously upload your contacts as well as your call and text history. For Messenger, you can either turn it on, choose ‘learn more’ or ‘not now’.”
But according to Ars Technica writer and editor Sean Gallagher, that’s not the experience shared by all Android Users.
Even though he never installed Messenger on the Android devices he’s used, Gallagher says that after installing Facebook on his Nexus tablet and Blackphone 2 in 2015, his own archive includes call data from between 2015 and 2016. That’s after, he says, never receiving “an explicit message requesting access to phone call and SMS data.”
Where We Go From Here
If nothing else, it seems that no one is quite sure how, exactly, personal Facebook user data is being leveraged, in whose possession it might be, and how much information those who have it might be privy to.
“Tech companies have access to an insane amount of our data — you can even see for yourself on Facebook and Google exactly what they collect,” says Henry Franco, HubSpot’s social campaign strategy associate. “My guess is there are a ton of Cambridge Analyticas out there, and people would be horrified to realize how many companies are using their data to gently nudge their decision-making processes.”
This is why Facebook’s own investigations might not be enough.
After several days of silence on the initial Cambridge Analytica data misuse allegations, Zuckerberg finally issued a statement on the matter last Thursday, and has been on an active interview and apology circuit since then.
Case in point: Full-page mea culpa ads in the Sunday editions of the New York Times, Washington Post, and Observer (which is published by Guardian, an outlet Facebook threatened to sue before it first reported on the Cambridge Analytica scandal).
— Brian Stelter (@brianstelter)
March 25, 2018
But there have been a few key, repetitive themes underlying Zuckerberg’s remarks. The first is an emphasis on the words “I’m sorry,” which were notably absent from his official written statement released last week.
The second is Zuckerberg’s suggested willingness to appear before lawmakers and other authorities to testify on user data and privacy — if, as he told Recode, he’s “the person who has the most knowledge on it.”
And because the Federal Trade Commission confirmed today that it is non-publicly investigating Facebook among its “substantial concerns about the privacy practices,” Zuckerberg should be prepared to testify — especially since he’s been called upon to do so by members of the Senate Judiciary Committee (along with the CEOs of Google and Twitter).
— FTC (@FTC)
March 26, 2018
It all leads to an increasingly likely outcome: that Facebook and its big tech counterparts will have to bow to the external regulation that it’s been visibly dodging for some time.
For example, after allegations first came to light that Facebook was weaponized by foreign agents to influence the 2016 U.S. presidential election, many wondered if the network instituted its own onslaught of new rules to avoid facing those from lawmakers.
Zuckerberg says he’s not entirely opposed to that outcome, saying in an interview with CNN last week that “I’m not sure we shouldn’t be regulated.” But if that is the end result, Facebook likely won’t be alone in facing that new level of oversight, as implied by the aforementioned invitation to appear before lawmakers alongside executives from Google and Twitter.
And where such regulation is going to have the greatest ripple effect, according to HubSpot Director of Strategic Partnerships Kevin Raheja, is advertising.
“Facebook, Twitter, and Google will be subjected to, and also adjust to the regulations, likely at the expense of some revenue,” he says. “They will likely have to be selective with advertisers, particularly politically-charged messaging … not just to protect users, but also their own integrity and their own perceptions.”
The timing also closely aligns with the GDPR coming into force in May. “With Zuckerberg being asked to testify in front of Congress,” says Franco, “one could wonder if we’ll see similar data regulation in the U.S.”
This is a developing story that I’ll monitoring as it unfolds. Questions? Feel free to weigh in on Twitter.