Yesterday, Facebook disclosed that its 14 million users’ default privacy settings to was set to public by a software bug. Let’s look into details how Facebook compromised the privacy of its users…
Yesterday, Facebook revealed that a bug led some 14 million users to post publicly by default regardless of their previous settings. As a result, social media Facebook users, whose posts typically defaults to a selected privacy setting, did not know that their message to other friends is actually being shared with the general public due to this bug. Actually, the bug changed the Facebook users’ privacy settings to public, without them knowing their knowledge or consent.
This is Facebook’s latest setback as it tries to rebuild user trust after the Cambridge Analytica scandal.
What Went Wrong
The bug occurred as Facebook developers were creating a new way to share photos and other featured items in user profiles. In the process, the developers accidentally suggested all new posts be set to public, rather than just the featured items. Normally, Facebook makes it possible for users to share photos, text, or video only with family members, work colleagues, or other specially designated contacts and preventing anyone else from seeing the content. The bug caused such posts to be viewable to anyone.
The Facebook privacy issue arose from a bug affecting Facebook’s ‘audience selector’ tool, which allows users to decide whether to publish a post only to their friends or to a broader audience. The tool usually remains on the setting that was used most recently so that a user who only wants to share posts with friends does not have to keep selecting that option. But while the bug was active, from 18 May to 27 May, the setting was automatically changed to public.
Facebook said that this bug was active from May 18 to May 27. Facebook added that the problem has been fixed, and said that it will notify the 14 million users who could have been affected, starting from yesterday.
Facebook said it had reverted the audience settings to users’ prior preference. It will also show affected users a notification with an explanation and apology, and urge them to review any posts they made during the time period when the bug was active. CNBC quoted the Chief Privacy Officer of Facebook, Erin Egan as saying “We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time,”. He added “To be clear, this bug did not impact anything people had posted before–and they could still choose their audience just as they always have. We’d like to apologize for this mistake,”
The statement said that Facebook technicians stopped automatically making private posts public on May 22, but that it took them another five days to fully restore privacy settings for all the affected posts.
Facebook’s immediate admission of the error appears to be part of its efforts to increase transparency and regain trust after the Cambridge Analytica revelations. In April this year, Facebook was harshly criticized for failing to inform users whose data had been improperly shared with the political consultancy until more than two years after the Guardian had first reported on the issue. The data involved in the Cambridge Analytica scandal was the massive amounts of information that Facebook gathers from users’ online behavior – such as liking posts or browsing the web – in order to target them with advertising.
Recently, Facebook has been under scanner for the growing online data-privacy concerns like providing privileged access to its API with Chinese companies including Huawei, Lenovo, Oppo, and TCL, data breaching by data analytics company Cambridge Analytica.
Even though these privacy lapses involve various types of data, Facebook has much to explain.