We were curious because Facebook was supposed to have made it impossible for third-party developers to access data from a user’s friends in 2014-15.
-
-
Show this thread
-
So we plugged my Facebook account info into a 5-year-old BlackBerry device. My colleague
@gabrieldance used a computer program to monitor the network traffic — what the phone was asking for and getting.Show this thread -
Right away, and even though we had deleted the Facebook app from the phone, it started sucking down lots of my Facebook information. It pulled in my name and global user id — which can be synced up with all kinds of other, non-FB databases to get details about me.
Show this thread -
It got my email address and cellphone number, my location, my profile picture, both sides of my private messages, and the names and user ids of the people I exchanged messages with. (Sorry, Mom.)
Show this thread -
Then we went a little further. We found out the phone could get the user ids, birthdays and work and education histories of nearly all my friends, even though access to such info was supposed to have been walled off years ago. It could also tell which of my friends was online.
Show this thread -
(Remember, this isn’t Facebook making the calls for this data; it’s a device manufactured by an outside company, using an app built by that company, that Facebook has given special access to.)
Show this thread -
My friends could not have stopped the device from snagging their information even by going to their settings and disabling all sharing with third-parties, an option known as turning off the platform.
Show this thread -
So we could be sure about that, we had one of them turn off the platform, THEN add in new profile information for the first time, and then set it to be shared only with friends.
Show this thread -
Right away, the third-party BlackBerry device pulled down all the information we had disallowed any third party apps from obtaining.
Show this thread -
Then we watched the device go even further. Turns out it can jump from my modest 550-something friend list to access the names and all-important global user ids for most of my friends’ friends — a total of about 295,000 people.
Show this thread -
For more, including Facebook’s explanation for this, check out our story:https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html …
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.