paint-brush
How Facebook’s 50m file leak could have been avoidedby@davidpetersson006
1,367 reads
1,367 reads

How Facebook’s 50m file leak could have been avoided

by David PeterssonMarch 20th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

On Sunday, <a href="https://twitter.com/chrisinsilico/status/975335430043389952" target="_blank">Facebook disabled Christopher Wylie’s account</a> on <a href="https://twitter.com/carolecadwalla/status/975429619317923840" target="_blank">Facebook, Whatsapp and Instagram</a> after blowing the whistle for a <a href="https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election" target="_blank">50m file data breach</a>. According to Facebook, “The claim that this is a data breach is completely false. Dr. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

People Mentioned

Mention Thumbnail

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - How Facebook’s 50m file leak could have been avoided
David Petersson HackerNoon profile picture

On Sunday, Facebook disabled Christopher Wylie’s account on Facebook, Whatsapp and Instagram after blowing the whistle for a 50m file data breach. According to Facebook, “The claim that this is a data breach is completely false. Dr. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

Technically, they are right; there was no hacking involved in the process. But, still there has been a massive violation of user privacy. Even if we assume that the nearly 320,000 people who had taken the personality test completely agreed with Aleksandr Kogan’s “research”, they gave access to at least 160 other people’s profiles — none of whom would have had a single clue about this. Besides, he handed all the data over to a third party: Cambridge Analytica.

From an objective perspective, what Wylie created is fascinating: detecting a correlation between culture and politics and using big data and machine learning to detect patterns unrecognizable to the human mind. AI is opening new areas for predicting human behavior unprecedented to this day. At the same time, AI in the wrong hands is horrifying.

We cannot unwind the technological advancements — the only thing we can do is to arm up. It is clear that the current technological infrastructure is not in line with the recent advancements. From Equifax to Facebook, having personal info falling in the wrong hands affects us more and more financially as well as politically. With data considered the new oil, the titan companies are gathering are siloing as much info as they can, and at the same time become a lucrative target.

So, what can we do?

You can stop using Chrome and go for Brave since it is Open Source and blocks trackers by default and you can be certain no info is sent to Google.

You can use DuckDuckGo so your search history is not recorded.

Instead of clicking links, you can copy and paste them directly on the address bar so your navigation history cannot be tracked.

You can view Facebook pages by typing in the URL without signing in. You can even give false likes to trick the AI algorithms. After all, an AI is only as good as the data that is fed to it.

But these are not effective methods. Besides, in some cases they would also break the positive browsing experience. We need a system that is secure by structure, where users have full control of their privacy and hacking is unfeasible. Here is where blockchain offers a promising alternative.

The blockchain alternative

There are four specific ways blockchain could alleviate the situation.

1- Users have full control and ownership of their information

In a blockchain solution, users would be the primary owners of their information, and they would grant access to which parties can access their data. This practice is already being used in the medical industry with MedicalChain and EncrypGen, where users have full control of what data is shared about them. Users are even incentivized for sharing their data.

2- Private information can be masked

In blockchain, operations can take place based on the data without actually exposing it. One example is Peer Mountain — a solution that encrypts and stores users’ information on the blockchain. This way, not only is the solution hackproof but also GDPR compliant as the companies that need that data do not need to store or secure it on their servers. Furthermore, it provides granular control. For instance, it is not necessary to share your complete identity document to prove that you are over 21 years old — you only need to share the validated birthdate information that enables the third party to confirm the age.

Another example is Nuggets, a blockchain-based e-commerce payments and ID platform that uses “zero-knowledge” technology and encryption to store data in the blockchain. The user is the only person who can access the encrypted data, and transactions can be verified without the need to share any of the underlying data.

3- Data access can be tracked

Blockchain is… a chain of blocks. Everything is recorded and stored — a principle lending to immutability. This means that every interaction with the system can be tracked to its deepest origins. This would have helped Facebook detect where the harvested information was going. According to James Grundvig, COO and Co-founder of Myntum Ltd: “If Facebook had a private blockchain in place with third party vendors that buy its users’ data, they could have traced out the usage of that data. But no such controls are in place. Just a flimsy users’ agreement.”

4- There are no central authorities or middlemen

The decentralized nature of blockchain makes it tamperproof, and the lack of middlemen removes trust on third parties onto transparent contracts. There would not be any “data sales” cases to deal with, as there would not be a single place to harvest the information from, undetected.

Furthermore, with blockchain, Facebook would never be able to disable Wylie’s accounts. The only way that could happen was through a soft fork or a hard fork and for that to happen, the blockchain community must have consensus. Given that with 10 tweets in total (and five of them being retweets), Wylie’s followers are already 43.8K, that would be very unlikely to happen.