In March 2018, it was revealed that Facebook was a target in an enormous data breach of private information for up to 87 million users. Cambridge Analytica, an elections consulting firm based in London, allegedly mined data from unsuspecting Facebook users. This data may have been used to allegedly sway the 2016 presidential election in the United States, and the Brexit vote in the United Kingdom.
The data harvest goes all the way back to 2010, when Facebook began allowing third-party apps to contact Facebook users and ask for their personal data. Unfortunately, this data was also taken from the user’s Facebook friends as well. This opened the door for other developers/research companies to encourage Facebook users to complete their psychological profiles, which occurred in 2013 by Global Science Research; ultimately, Global Science Research was able to mine data from millions of Facebook users based on diving into the friends lists of the people who gave them permission to use their personal data.
Due to the uproar surrounding these events, Facebook made changes in 2014 related to the ability of developers to access the private information from users. It forced apps to request permission from Facebook users, allowing them to access their friend lists and mine data from there.
As the presidential campaign season began in 2015, Cambridge Analytica came onto the scene, assisting Ted Cruz’s campaign in gathering data from Facebook users to create psychological profiles to aid in their messaging and overall campaign marketing. Later in 2016, Cambridge Analytica assisted Donald Trump’s campaign in its targeted Facebook advertising, including spreading negative viral videos of his opponent.
It wasn’t until March of this year that the scheme was discovered. Basically, the data sought to create psychographic profiles and present specific people with pro-Trump messaging. Cambridge Analytica denies it was working with the Trump campaign, however. The Federal Trade Commission began an investigation into the issue, seeking to determine if Facebook violated its 2011 settlement with the FTC over issues related to user privacy.
Facebook isn’t the only social media site that has had issues with user privacy violations. In 2016, Twitter locked some accounts due to reports that tens of millions of Twitter passwords were hacked and posted on the dark web. Twitter refused to comment on the number of accounts hacked, but did admit that they locked millions of accounts to force users to reset their passwords. Twitter attempted to spin the reports, claiming that they may or may not be true and people shouldn’t always believe the hype they hear in the news. Twitter initiated a re-education for consumers, encouraging them to strengthen their passwords to protect their privacy. Instagram users also fell victim to a data breach due to malware that logged the keystrokes of users.
To further protect the data of its users, various social media sites have implemented new regulations in an attempt to avoid the issue from happening again. After the latest Facebook breach, the site revoked the privileges of app developers that were dormant for three months or more, and it says it will diminish the amount of information third parties used to demand of users. Facebook also may perform an audit of any apps with Facebook access before 2014 to determine if there is additional personal data being used. Facebook is also limiting the amount of information developers can see to the user’s name, photo and email address — this eliminates the ability of developers to actually view a Facebook user’s post, as they were allowed to in the past.
After the Facebook privacy issues, Twitter strengthened its privacy policy, mostly in line with the European Union’s General Data Protection Regulation (GDPR) that went into effect May 25, 2018.
However, social media users should never rely on the social media company to take care of their information. Experts advise users to change their passwords often, and never use the same password for more than one site. Cybersecurity experts also advise that users learn how to check their profiles or accounts to determine which third-party sites have access to their accounts.
Once an email is sent, users lose control over that message. Confidential messages, attachments and files can be easily copied and forwarded without the knowledge of the original sender. How can a user prevent tampering and ensure the integrity of the original message? There is a pressing need to send confidential information online in a simple, yet familiar way, that provides the sender complete control and new technologies are emerging to meet the global demand for privacy.
Envilope is a virtual envelope using blockchain technology in which users can lock emails, digital files, or secure messages containing text, images, audio, video – anything that can be sent online. It gives users unprecedented privacy and control over electronic communications, including who views it, when and where. Only the intended recipient can open an Envilope, and only after accepting the sender’s terms and conditions. If a user ever has a reason to suspect a breach or wishes to subsequently prevent access previously granted access, her or she can instantly “vaporize” the content, regardless of how many times it has been shared or forwarded and fully restore vaporized content at a later date. The sender of an Envilope is in total control of their information from end-to-end. Envilope’s system offers HIPAA-compliant forced TLS email delivery, object level 2 Factor Authentication (2FA), sharded and encrypted GDPR-compliant storage, decentralized peer-to-peer communications, a file distribution mechanism that encrypts files offline with asymmetric encryption, IP address lockdown, unusual activity monitoring, hardware authentication, and more.
Other companies like XMedius have solutions to allow users to send files back and forth with reduced information security risk, by adding features like multi-factor authentication, 256-bit encryption, and file expiration. Encrypted email and secure messages are possible with an app extension or plugin like Enigmail, or a service like Infoencrypt.
In a world where information security is a cause of much insecurity, new technologies are emerging that can help protect anyone that sends anything online, which is just about everyone, sleep a little better at night.
