The Cambridge Analytica scandal involving Facebook hit this month because of its involvement in the election of Donald Trump in 2016. The company used an app developed legitimately by a Cambridge University researcher, Dr. Aleksandr Kogan, as a personality survey called "This is Your Digital Life."
I recall learning about that app about 3 years ago in a presentation at an EdTech conference. By using it as a quiz on Facebook, about 270,000 users gave permission (because most people are unaware of the access they allow) to their data which was collected but then used to additionally collect some public data from their friends.
I suspect a majority of social media users are unaware of how their data is used, and what permissions they have granted (perhaps by default in some instances).
Have you ever used your Facebook login as a way to sign in to another website or app? It asks you if you want to login using your Facebook ID and that seems to save a step or two and is great if you forgot your actual login to that other site.
When those Facebook users took the "This is your digital life" quiz using their Facebook login, they allowed that app's developer to tap into all of the information in their Facebook profile (that includes your name, where you live, email address and friends list). [Note: Currently, apps are no longer permitted to collect data from your Facebook friends.]
I don't give Dr. Kogan, Cambridge Analytica or Facebook a pass on this activity even if users did opt in. Kogan shared it with Cambridge Analytica which Facebook says that was against its policy. Facebook says it asked Cambridge Analytica to delete all of the data back in 2015. Facebook also claims that it only recently found out that wasn't done.
A lot of people seem to have given up on privacy, accepting it as something we just can't control any more. But there is a lot you can and should do.
For example, a very simple change to make in your Facebook privacy settings is to "Limit The Audience for Old Posts on Your Timeline." That means that posts on your timeline that you've shared with Friends of friends, and Public posts, will now be shared only with Friends. Anyone tagged in these posts, and their friends, may also still see these posts, but the public (which includes apps) will not be able to access them legitimately.
Facebook's API, called Platform, allows third-party apps and websites to integrate with your Facebook account and exchange data with them via developer tools. It can be convenient for users, such as decreasing the number of login/password combinations you need to remember, but it has potential for abuse.
When you use the "Log in With Facebook" feature on a site, you grant a third-party app or service access to your Facebook account. It will ask for permission to receive specific Facebook data from you - email address, birthdate, gender, public posts, likes and also things beyond your basic profile info. I have seen cases where when I deny access to some information, it tells me the app can't be loaded. That is a warning. But some legitimate apps, like the scheduling apps Hootsuite and Buffer, do need a lot of permissions in order to allow them to post as you on social networks like Facebook, Twitter, LinkedIn and Instagram. In these cases, by using the app I need to trust that developer and the service it is connecting to via an API.
Being educated about how technology works and knowing how you can protect your own data and privacy is more important than ever. And, of course, you can always not use a service that doesn't seem to help you do that.