Intimate data on 3 million Facebook users who used a personality app has been easily accessible online for the past four years, a new report by New Scientist revealed Monday.The data was collected from a popular test called myPersonality, an app developed partly by Alexandr Kogan, the same developer at the center of the Cambridge Analytica scandal. The 100-question test, no longer available, sought to assess a person's openness, conscientiousness, extroversion, agreeableness, and neuroticism.About 6 million people completed the test, with 3.1 million agreeing to share details from their Facebook profiles (status updates, location, gender, etc.) with the developers. After people’s names were stripped out, the database was then shared anonymously with hundreds of researchers via a website.In total, 280 people from 150 institutions were given access to the database, including academics and researchers at companies like Google, Facebook, and Microsoft. The recipients had to agree to terms, which included not deanonymizing the data. In one example of how the data was used, researchers on a 2015 project concluded that a person who liked the movie "Fight Club" was far more likely to be open to new experiences than a person who liked "American Idol."However, one college professor shared the login details with his students, who subsequently posted the credentials to code-sharing site GitHub.Those credentials remained online and easily accessible to anyone looking for them for more than four years.While the app claims the data was shared “in an anonymous manner such that the information cannot be traced back to the individual user,” privacy experts say that deanonymizing the information is a relatively trivial matter given the amount of personal information shared.“Any data set that has enough attributes is extremely hard to anonymize,” Yves-Alexandre de Montjoye, an assistant professor at Imperial College London, told New Scientist.By automating such a process, it would be easy to quickly identify millions of Facebook users and link them to the intimate results of the personality test.On April 7 the app was suspended by Facebook as it may have violated its policies due to the language used to describe how data is shared.“We suspended the myPersonality app a month ago because we believe that it may have violated Facebook’s policies. We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it,” Ime Archibong, Facebook’s vp of Product Partnerships, said in an emailed statement to VICE News.The U.K.’s privacy watchdog, the Information Commissioner’s Office, is also investigating.Kogan was involved in the early development of the app, with David Stillwell and Michal Kosinski from the University of Cambridge’s The Psychometrics Centre the main developers involved.Stillwell, who has deleted his website and Twitter account in recent days, told New Scientist that there was at least one security breach and that Facebook was well aware of what the project was doing, holding meetings with the developer going back to 2011.“It is therefore a little odd that Facebook should suddenly now profess itself to have been unaware of the myPersonality research and to believe that the use of the data was a breach of its terms,” he said.Kogan developed an app called This is Your Digital and shared the data collected with Cambridge Analytica, which used it to create targeted advertising for Donald Trump's 2016 election campaign.Facebook announced Monday that it was suspending 200 apps on its platform after an internal investigation in the wake of the Cambridge Analytica scandal.Kogan has said he believes thousands of other developers and apps used similar methods to collect data on Facebook users.
Advertisement
Advertisement