Facebook has been caught allowing the personal data of fifty million users — 50,000,000 — get siphoned off by political data company Cambrige Analytica and hiding it until it knew the story would come out in the press.

From The New York Times:

As the upstart voter-profiling company Cambridge Analytica prepared to wade into the 2014 American midterm elections, it had a problem. The firm had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work. So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network's history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump's campaign in 2016.

From The Observer:

Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on." Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals.

Back to the New York Times:

[Dr. Kogan] ultimately provided over 50 million raw profiles to the firm, Mr. Wylie said, a number confirmed by a company email and a former colleague. Of those, roughly 30 million — a number previously reported by The Intercept — contained enough information, including places of residence, that the company could match users to other records and build psychographic profiles. Only about 270,000 users — those who participated in the survey — had consented to having their data harvested.

Basically, if you took one of the surveys, your data was taken. Worse, the discrepancy between the 270,000 users who participated in the surveys and the 50,000,000 who had their data taken is because Facebook didn't just allow access to the survey-takers, but to the friends of the survey-takers as well.

It is, in a word, horrific. The only thing more horrifying is that this isn't unusual when it comes to big internet companies. It's becoming desensitizingly normal.

Businesses that make money by collecting and selling detailed records of private lives were once plainly described as "surveillance companies." Their rebranding as "social media" is the most successful deception since the Department of War became the Department of Defense. — Edward Snowden (@Snowden) March 17, 2018

It's the reason why I try, as much as is possible, to never post or share anything personal on any social network or search company. Any company that's business model is predicated on harvesting and hoarding my data.

Because you can't trust them.

Facebook makes their money by exploiting and selling intimate details about the private lives of millions, far beyond the scant details you voluntarily post. They are not victims. They are accomplices. https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html — Edward Snowden (@Snowden) March 17, 2018

You can't trust the company — who knows who will own or run them, at the executive or government level, at any given time? — and you absolutely can't trust every single employee that can gain access to your personal data that they've harvested and hoarded. We've seen those types of abuses with everything from the NSA to Uber.

How to delete your Facebook account

The only thing you can trust is a company not having your data, encrypting it end-to-end so even the company itself can't get access to your data, or deleting your data as fast as possible because its business model doesn't depend on exploiting your data over time.

It's been said many times before but it takes a while to sync in: The cloud is just someone else's computer. If you're giving up your data or attention in exchange for free social, mail, messaging, photograph, document, or other transit or storage, then you're really just taking the drive from your computer, unencrypted, and mailing it to those companies to do with it whatever they will.

The problem isn't that Facebook was unable to stop Cambridge Analytics from using FBs data the way it did. The problem is that FB has that kind of data in the first place.#dataminimisation https://t.co/aDfpzXJYsO — Malte Engeler (@MalteEngeler) March 17, 2018

Our data is so valuable to the big internet companies that they spend billions and billions of dollars creating and maintaining these free services just to get it. So valuable they spend billions mapping it into social graphs and deep knowledge systems. They do it because they make untold billions more selling ads and "insight" against it.

And while doing so, leaving open to just these kinds of abuses.

To every commentator now asking how Facebook could have given access to such intimate profiles of people to third parties, I ask you: what makes it right that Facebook, Inc. has that information to begin with and uses it to manipulate people for its profit and political motives? — Aral Balkan (@aral) March 17, 2018

In a perfect world, regulation like what the EU is imposing might chill the worst of the abuses. Fines, so terrible that even the biggest internet giants would be hurt by them, could chill it further. But it feels like we live across the known universe from such a world.

These companies are so big, so international, so intertwined in the internet, that it might be too late for regional authorities to curtail them anyway. (In fact, many seem to prefer to work with them — Facebook and other internet companies have been accused of far worse abuses in far more totalitarian states anyway.)

The only thing we can do to protect ourselves — the only thing we can do to hurt them — is to stop giving them our data.

It's not a perfect solution. Your friends, family, and colleagues who use the services will still channel your data right to them. The big aggregation firms will still collect and sell it. But you'll make it harder for them. You'll affect their numbers and you'll hurt their stats.

The only thing we can do is delete Facebook. And Messenger, and Whatsapp, and Instagram, and every app like them.

We can send a message — that we won't go quietly into the dying of our rights.