The Cambridge Analytica revelations may be the final nudge we need to turn away from the social network. And it’s only the tip of the iceberg when it comes to big tech harvesting private information

Sorry to break it to you, but you are probably a “dumb fuck”. This is according to statements by a young Mark Zuckerberg anyway. Back in 2004, when a 19-year-old Zuckerberg had just started building Facebook, he sent his Harvard friends a series of instant messages in which he marvelled at the fact that 4,000 people had volunteered their personal information to his nascent social network. “People just submitted it ... I don’t know why ... They ‘trust me’ ... dumb fucks.”

Are you leaving Facebook? Share your concerns on privacy with us Read more

Fourteen years later, the number of people who have trusted Zuckerberg with their data has grown from 4,000 to 2 billion. Zuckerberg has also grown, or so he would have you believe. In a 2010 interview with the New Yorker, the Facebook founder said he regretted those early messages. “If you’re going to go on to build a service that is influential and that a lot of people rely on, then you need to be mature, right? I think I’ve grown and learned a lot.”

When it comes to respecting and safeguarding the information people have given him, however, has Zuckerberg really learned that much? Recent events suggest not.

On Saturday, the Observer revealed how Cambridge Analytica, a company funded by conservative billionaire Robert Mercer, acquired and exploited the data associated with 50m Facebook profiles. It appears that while Facebook had been aware of what the Observer described as “unprecedented data harvesting” for two years, it did not notify the affected users.

Play Video 3:41 What is the Cambridge Analytica scandal? - video explainer

What’s more, Facebook has displayed a remarkable lack of contrition in the immediate aftermath of the Observer’s revelations. Instead of accepting responsibility, its top executives argued on Twitter that the social network had done nothing wrong. “This was unequivocally not a data breach,” Facebook vice-president Andrew Bosworth tweeted on Saturday. “People chose to share their data with third party apps and if those third party apps did not follow the data agreements with us/users it is a violation. No systems were infiltrated, no passwords or information were stolen or hacked.”

In a sense, Facebook’s defence to the Cambridge Analytica story was more damning than the story itself. Tracy Chou, a software engineer who has interned at Facebook and worked at a number of prominent Silicon Valley companies, agrees that there wasn’t a hack or breach of Facebook’s security. Rather, she explains, “this is the way that Facebook works”. The company’s business model is to collect, share and exploit as much user data as possible; all without informed consent. Cambridge Analytica may have violated Facebook’s terms of service, but Facebook had no safeguards in place to stop them.

'Utterly horrifying': ex-Facebook insider says covert data harvesting was routine Read more

While some Facebook executives were busy defending their honour on Twitter over the weekend, it should be noted that Zuckerberg remained deafeningly silent. On Monday, Facebook’s shares dropped almost 7%, taking $36bn (£25.7bn) off the company’s valuation. Still, Zuckerberg remained silent. If you’re going to build a service that is influential and that a lot of people rely on, then you need to be mature, right? Apparently, silence is Zuck’s way of being mature.

But forget how the folks at Facebook are reacting to this – still unfolding – PR crisis. If you’re one of the social network’s 2 billion users, how are you reacting? Have you deleted your account in protest? Are you angrily sharing articles about the fiasco on Facebook but continuing to use the service? Have you shrugged and moved on?

For my part, the Cambridge Analytica story was the nudge I needed to finally cut ties with the social network. I’ve been trying to extricate myself from Facebook for a long time. My uneasiness with the network largely stems from the fact that I used to work in advertising and, for years, was on the receiving end of many a sales pitch from Facebook, Google and other companies that have built businesses trading in users’ data.

Funnily enough, the likes of Facebook deliver a very different narrative to marketers than they do the wider public. They downplay their significance when challenged by the media about, for example, their influence on the 2016 US election. They downplay their power to deal with online harassment or the spread of fake news. However, if you’ve got an advertising budget and want to know how Facebook can persuade your target consumer to buy your product, it’s a different story. Suddenly, Facebook is an all-knowing entity with unrivalled information; it can get almost anyone to do almost anything. While Facebook presents itself to the public as a social network, when addressing the advertising industry, it is very clear about the fact that it’s a surveillance system.

Learning just how much Facebook knew about its users put me off using the network. But while I stopped actively using Facebook and its suite of apps, including Messenger and Instagram, years ago, it’s only recently that I decided to delete my account. Before taking the plunge, however, I downloaded an archive of all the data I had put on Facebook. There’s an option to do this when you go to Facebook’s settings. It’s easy and I highly recommend it. Seeing years’ worth of data neatly arranged serves as an important wakeup call as to the extent of the information you have handed over to the company. Even then I was loath to get rid of my account altogether; just in case I needed to contact someone or check something. But on Monday, having witnessed Facebook’s refusal to take any meaningful responsibility in regards to the Cambridge Analytica story, I deleted my account in disgust.

To be clear: I’m not recommending that you do the same. In many ways, being able to distance yourself from Facebook these days is a privilege. As Safiya Noble, an assistant professor of information studies at the University of Southern California and the author of Algorithms of Oppression, notes: “For many people, Facebook is an important gateway to the internet. In fact, it is the only version of the internet that some know, and it plays a central role in communicating, creating community and participating in society online.”

Even if you’ve got multiple ways to communicate and participate in society online, there is not really a good replacement for Facebook. There’s no one portal that reminds you of your friends’ birthdays, connects you to relatives across the world and stores photos from 10 years ago. Deleting Facebook inevitably means missing out on certain things and having to make more of an effort to connect with people in other ways.

What’s more, unless you delete Facebook’s entire ecosystem of apps, including Instagram and WhatsApp, you aren’t safeguarding yourself from the company’s data-collection practices. I haven’t brought myself to delete WhatsApp, for example, because I still think that the benefits of using that outweigh the privacy tradeoffs. Nor have I fully deleted Instagram, which is just as nefarious as Facebook. Deleting my Facebook account may have some way to protecting my sanity, but it has done little to minimise my digital footprint.

As Noble stresses, “deleting individual Facebook accounts will not solve the total datafication of our lives”. While deleting your account may give you some temporary satisfaction, it has “little impact on finding real solutions to the way data is being collected, sold, and used against the public. This issue isn’t just about one platform like Facebook, and the issues of surveillance and experimentation on the public, it’s about the many companies that are tracking and profiling us, and the abuses of power that come from having vast troves of information about us, available for exploitation.”

Other data experts echo Noble’s view. As Frederike Kaltheuner, who leads the data exploitation programme at the charity Privacy International, explains: “You can delete your Facebook, but you will still be tracked in your online and increasingly also your offline life. Mobile phones are by definition a tracking device.”

The recent revelations about Cambridge Analytica are just the tip of the iceberg when it comes to how our data is being used and abused. This can not be stressed enough. The internet is increasingly a worldwide web of corporate surveillance and it’s impossible to piece together a complete picture of how your personal information – both your online and offline data – is being utilised. While behemoths such as Facebook are guaranteed to make headlines, there’s a lot less media scrutiny of the thousands of other companies that make a living out of extracting and exploiting your personal life in extremely dubious ways.

The software company Pixoneye, for example, is far from a household name. But if you have granted an app permission to access your photos in the past, there’s a good chance you have allowed it to utilise Pixoneye’s tech. This scans the photos on your phone and uses the data it extracts to create a story of who you are. It might characterise you as someone who watches sports, for example, or as wine-drinker who enjoys lots of family holidays. Your photo gallery offers a staggering amount of insight: as the CEO of Pixoneye wrote in an op-ed last year: “Our smartphone image galleries have in many ways become a reflection of our lives … each image you have stored contains a range of data attributes and meta tags that not only reveal your past purchasing profile, but can also be the key to predicting what purchases you’re likely to make in the future.”

So, you might be thinking, an app knows I like wine, and uses that information to sell me stuff. What’s the big deal? In isolation, not much. But, as Kaltheuner stresses, “when combined, data can reveal a lot”. Bringing together multiple data sources is “how data-brokers have information such as personality profiles and relationship statuses”. The more data points you have, the more you can predict. As the Cambridge Analytica investigation revealed, even a few dozen Facebook “likes” can strongly predict someone’s sexual orientation, or the political party they are most likely to vote for.

If you’re starting to feel jittery about the exploitation of your personal data but aren’t ready to delete social media and go and live off the grid, there are some simple steps you can take to mitigate your digital footprint. “We should all do a little digital spring cleaning,” advises Leila Hassan, head of analytics at the London branch of Ogilvy, a global advertising agency. “Check what [third-party apps] you’ve enabled through your social channels. I’ll bet most of us still have things enabled from years ago.”

In order to examine the apps you have enabled through Facebook, go to settings and click “Apps” on the left sidebar. When I did that I was somewhat alarmed to find that I had given 68 apps indefinite access to my Facebook data. Even more alarmingly, accounts I had deleted ages ago – such as the dating app Bumble – still seemed to have access to my Facebook information.

Once on this page, it’s easy to revoke permission for particular apps to access your data. It’s much harder, however, to view or remove the data they have already collected. Facebook informs you that you should “contact the developer of the app” if you want to get rid of the data they have collected. I didn’t really feel like contacting the developer of 68 different apps before deleting my Facebook account so I am unclear about the fate of the data they have amassed. Presumably it’s all floating around in the cloud somewhere.

Delete your account – a guide to life after Facebook Read more

What else can you do to try and minimise your digital data trail? Jim Killock, from Open Rights Group, an organisation that works to protect the right to privacy online, suggests “posting less, sharing less and, most importantly, removing page ‘likes’ as these are a major way [Facebook tries] to profile you”. Killock further suggests using “privacy plug-ins to block Facebook cookies, and cookies from other websites, which they all use to keep a record of the sites you visit, and making extra, ‘fake’ accounts”. But Killock stresses that while it’s important that people are more cognisant of their online behaviour, “regulators must also act”. So must companies. “At Privacy International, we want companies to do better and protect privacy by default, rather than users having to become full-time data protection experts in order to have their basic rights protected,” says Kaltheuner.

The good news is that regulators are slowing starting to act. On 25 May, the EU General Data Protection Regulation (GDPR) is going to come into effect. This is an important step in shifting the balance of power, when it comes to data, away from companies and back towards individuals.

Kaltheuner notes that a key point of the new legislation is that it is extraterritorial. “This means that if you are a company based outside the EU (for example in the US), and are offering goods or services to, or monitoring the behaviour of individuals in the EU, you must comply with it. This is especially important in countries, such as the US, with no comprehensive data protection regime.”

While the GDPR is an important step towards giving people control over their data, it’s far from a cure-all. It is no exaggeration to say we are teetering on the edge of a data dystopia. Just look at China, where the government recently announced that it will ban people with poor “social credit” from travelling on planes and trains. And it’s not just China where oblique algorithms are determining the direction of our lives. The recent revelations about Cambridge Analytica are an important wakeup call that we are all living with the sociopolitical consequences of surveillance capitalism. We can’t just sit back and hope that regulation will save us. We can’t just click and like and share as usual and hope something will eventually change. We are, I think, at a critical moment where the degree of corporate surveillance to which we are all subjected can either get much better, or much worse. So, I would urge you to extricate yourself from social media as much as you can. Deleting your Facebook account may not put an end to the surveillance state, but it sends an important message to big tech that we don’t trust them any longer.