又是用户数据,Facebook承认再次犯错
Facebook与外部开发者超时分享了部分用户的个人数据,违反了该公司在“剑桥分析丑闻”遭曝光后发布的新政策。
Facebook此前表示,若用户超过90天未与开发者的应用程序互动,就将阻止第三方应用程序开发者访问与获取用户数据。90天后开发者需要获得用户许可才能再次获得后者的电子邮箱、生日和地址等数据的访问权。
Facebook在周三发布的一篇博文中称,这项规定在某些情况下未能实现。如果第三方应用程序的用户也通过该应用与Facebook好友联系,开发者就能同时获取这两个用户的数据。该公司的一位发言人表示,Facebook系统中存在漏洞,导致开发者在获得一个活跃用户的数据时,也可以看到该用户好友的数据,即便后者已经超过90天没有打开这款应用。这个问题涉及近5000名开发者,但Facebook并未透露可能因此而受影响的用户数量。
Facebook还在博文中写道,该问题在被公司发现后的第二天便已经被解决,“我们将继续调查,并在涉及任何重大更新时以透明度为首要指标。”
这个漏洞是两周前由一名Facebook工程师发现的,该公司表示,没有理由认为相关数据遭到了滥用。
不过,Facebook在与第三方分享数据方面有过许多不良记录,这项90天的时间限制就是源自两年多前发生的剑桥分析丑闻。当时,政治数据分析公司剑桥分析购买了数百万Facebook用户的数据,然而用户并不知情。
当时,Facebook对许多数据共享产品进行了限制,并且实施新规,要求用户更加明确地授权外部应用使用其信息。该公司还因为剑桥分析丑闻的相关调查而在2019年年中与美国联邦贸易委员会签订了价值50亿美元的隐私和解协议。(财富中文网)
编译:于佳鑫
Facebook与外部开发者超时分享了部分用户的个人数据,违反了该公司在“剑桥分析丑闻”遭曝光后发布的新政策。
Facebook此前表示,若用户超过90天未与开发者的应用程序互动,就将阻止第三方应用程序开发者访问与获取用户数据。90天后开发者需要获得用户许可才能再次获得后者的电子邮箱、生日和地址等数据的访问权。
Facebook在周三发布的一篇博文中称,这项规定在某些情况下未能实现。如果第三方应用程序的用户也通过该应用与Facebook好友联系,开发者就能同时获取这两个用户的数据。该公司的一位发言人表示,Facebook系统中存在漏洞,导致开发者在获得一个活跃用户的数据时,也可以看到该用户好友的数据,即便后者已经超过90天没有打开这款应用。这个问题涉及近5000名开发者,但Facebook并未透露可能因此而受影响的用户数量。
Facebook还在博文中写道,该问题在被公司发现后的第二天便已经被解决,“我们将继续调查,并在涉及任何重大更新时以透明度为首要指标。”
这个漏洞是两周前由一名Facebook工程师发现的,该公司表示,没有理由认为相关数据遭到了滥用。
不过,Facebook在与第三方分享数据方面有过许多不良记录,这项90天的时间限制就是源自两年多前发生的剑桥分析丑闻。当时,政治数据分析公司剑桥分析购买了数百万Facebook用户的数据,然而用户并不知情。
当时,Facebook对许多数据共享产品进行了限制,并且实施新规,要求用户更加明确地授权外部应用使用其信息。该公司还因为剑桥分析丑闻的相关调查而在2019年年中与美国联邦贸易委员会签订了价值50亿美元的隐私和解协议。(财富中文网)
编译:于佳鑫
Facebook mistakenly shared some users’ personal data with outside developers for a longer period of time than promised, in a breach of policies the social network implemented following the Cambridge Analytica scandal of 2018.
The company previously said that third-party app developers would be blocked from accessing user data if a person didn’t interact with the developer’s app for 90 days. At that point, the developer would be required to ask users for permission to re-access their data, including information like email addresses, birthdays and hometowns.
That failed to happen in some instances, Facebook said Wednesday in a blog post. If a user of a third party app was also connected to a Facebook friend through that app, developers are allowed to pull data from both users at once. But a flaw in the company’s system meant developers who pulled data from one active user could also see data from that user’s friend, even if the friend had not opened the app in more than 90 days, a spokesperson said. The issue applies to apps from some 5,000 developers, but the company didn’t disclose how many users might be affected.
“We fixed the issue the day after we found it,” Facebook wrote in a blog post. “We’ll keep investigating and will continue to prioritize transparency around any major updates.”
The flaw was discovered by a Facebook engineer two weeks ago, and the company says it doesn’t have reason to believe any of the data was misused, the spokesperson said.
Facebook has a long history of blunders when it comes to sharing user data with third parties. The 90-day limit was imposed in response to the revelation more than two years ago that Cambridge Analytica, a political data-analytics firm, had purchased the personal information of millions of Facebook users that was harvested without their knowledge through quiz apps using the social network’s login feature.
At the time, Facebook clamped down on many of its data-sharing products and implemented new rules requiring users to more clearly grant outside apps permission to collect their information. It also signed a $5 billion privacy settlement with the Federal Trade Commission in mid-2019 following an investigation that resulted from the Cambridge Analytica disclosures.
