Filed under:

How to fix Facebook

Can Facebook be redeemed? Twelve leading experts share bold solutions to the company’s urgent problems.

Share this story

  • Share this on Facebook
  • Share this on Twitter
  • Share this on Reddit
  • Share All sharing options

Share All sharing options for: How to fix Facebook

Facebook is broken, and after a recent deluge of damning internal company leaks to the press and Congress, the world has unassailable proof of how troubled it really is.

Almost 2 billion people around the world use a product owned by Meta ( formerly called Facebook ), including WhatsApp and Instagram, every day. For many of its users, the nearly $1 trillion valuation company is the internet and their primary platform for communication and information. Millions of us are dependent on its products in one way or another.

So what can be done to fix Facebook? Or is it past the point of fixing?

The documents leaked by employee whistleblower Frances Haugen, which were first reported by the Wall Street Journal in late September, revealed a host of problems: how Facebook-owned Instagram can be detrimental to teenagers’ mental health , how the company struggled to contain erroneous anti-vaccine Covid-19 content posted by its users, and how political extremism spread on the platform leading up to the January 6 Capitol riot. The documents Haugen leaked also showed that Facebook was seemingly aware of serious harms caused by its products, but in many cases failed to sufficiently address them.

In a statement, Facebook spokesperson Drew Pusateri responded in part: “We take steps to keep people safe even if it impacts our bottom line. To say we turn a blind eye to feedback ignores these investments, which includes the over $5 billion we’re on track to spend this year alone on safety and security, as well as the 40,000 people working on these issues at Facebook.”

how to solve facebook privacy issues

For years, Congress has debated how and if it should regulate Facebook and other major social media products like Twitter, TikTok, Snapchat, and Google-owned YouTube. Outside researchers have been raising concerns about how the potentially grave long-term consequences of these platforms may be harming society at large . American users across the political spectrum have become increasingly suspicious of Big Tech . And even Facebook itself has said it welcomes regulation (while at the same time saying it’s against some regulation efforts, like strengthening antitrust laws ). But so far, federal bills to regulate privacy, competition, or other aspects of social media businesses have gone nowhere.

Now, the gravity of the new reporting about Facebook — particularly the research about Instagram’s harm to teenagers — is leading many Republicans and Democrats to agree that even if their political motivations are different, something must be done to rein in Facebook.

And it’s not just Congress that’s thinking about Facebook’s problems and how to deal with them, it’s also social scientists, the company’s former and current employees, policy experts, and the many people who use its services.

Even Facebook says it is seeking guidance on how to address some of its problems. The company says that, for two and a half years, it has been calling for updated regulations on its business.

“Every day, we make difficult decisions on where to draw lines between free expression and harmful speech, privacy, security, and other issues, and we use both our own research and research from outside experts to improve our products and policies,” wrote Pusateri. “But we should not be making these decisions on our own which is why for years we’ve been advocating for updated regulations where democratic governments set industry standards to which we can all adhere.”

So now is an urgent time to explore ideas old and new — inside and outside the realm of political reality — about how to confront a seemingly intractable problem: Can Facebook be fixed?

To try to answer that question, Recode interviewed 12 of the leading thinkers and leaders on Facebook today: from Sen. Amy Klobuchar , who is leading new Senate legislation to update antitrust laws for the tech sector; to Stanford Internet Observatory researcher Renee DiResta, who was one of the first researchers to study viral misinformation on the platform; to former Facebook executive Brian Boland , who was one of the few high-ranking employees at the company to speak out publicly against Facebook’s business practices.

First, most believe that Facebook can be fixed, or at least that some of its issues are possible to improve. Their ideas are wide-ranging, with some more ambitious and unexpected than others. But common themes emerge in many of their answers that reveal a growing consensus about what Facebook needs to change and a few different paths that regulators and the company itself could take to make it happen:

  • Antitrust enforcement. Facebook isn’t just Facebook but, under the Meta umbrella, also Instagram, WhatsApp, Messenger, and Oculus. And several experts Recode interviewed believe that forcing Facebook to spin off these businesses would defang it of its concentrated power, allow smaller competitors to arise, and challenge the company to do better by offering customers alternatives for information and communication.
  • Create a federal agency to oversee social media, like the Food and Drug Administration. The social media industry has no dedicated oversight agency in the US the way that other industries do, despite its growing power and influence in society. That’s why some people we interviewed advocated for making a new agency — or at least increasing funding for the existing FTC — so that it could regulate safety standards on the internet the same way the FDA does for food and pharmaceutical drugs.
  • Change Facebook’s leadership. Facebook’s problems are almost synonymous with the leadership of Mark Zuckerberg, who has unilaterally controlled the company he started in his Harvard dorm room in 2004. Many interviewees believe that for any meaningful change to happen, Facebook needs an executive shake-up, starting from the very top.
  • Section 230 reform. Section 230 is a landmark law that protects free speech as we know it online. It does that by shielding tech companies like Facebook from facing legal consequences for the real-world harm users can cause with the content they post on its platforms. But reforming 230 in a way that won’t run into First Amendment challenges, or entrench incumbents like Facebook itself, will be challenging.
  • Increase transparency. You can’t fix a problem if you don’t know exactly what the problem is. Facebook, like other social media companies, is largely a black box to researchers, journalists, and analysts trying to understand how its complex and ever-changing algorithms dictate what billions of people see online. Which is why some of the experts interviewed by Recode argued that Facebook and other social media companies should be legally required to share certain internal data with vetted researchers about what information is circulating on their platforms.
  • Hold Mark Zuckerberg and other Facebook executives criminally liable. This was the most extreme idea proposed, but some experts Recode interviewed suggested that Facebook executives should be criminally prosecuted for either misleading business partners or downplaying human harms their company causes.

Mark Zuckerberg sitting at a hearing with reporters and onlookers seated behind him.

Other approaches proposed by interviewed experts are more incremental, like redesigning Facebook’s Groups, a part of the app that has been a breeding ground for conspiracy movements like QAnon, anti-vaccine activism, and extremist political events.

The interviews were conducted separately. In each, Recode asked, “How would you fix Facebook?” Each expert defined on their own what they believe are Facebook’s biggest problems, as well as how they would fix them. Recode then asked follow-up questions based on the interviewees’ answers. These interviews have been combined, condensed, and edited for length and clarity.

Their answers are in no way a comprehensive list of all the possible solutions to Facebook’s problems, and many of them would be difficult to achieve anytime soon. But they offer a thoughtful start during a pivotal moment, as millions of people are reconsidering the bargain they agree to each time they use the company’s products.

Sen. Amy Klobuchar

Sen. Amy Klobuchar (D-MN) has long been a leader in Congress calling for regulation of the social media industry , on topics from political advertising to health misinformation . In October, Klobuchar introduced a Senate antitrust bill aimed at stopping major tech platforms from using their power to unfairly disadvantage competitors. Klobuchar also is the chair and top-ranking Democrat on the Senate antitrust committee.

How would you fix Facebook?

​​First, federal privacy law. Second, protecting kids online. Third, antitrust updates [and] law changes, to make our laws as sophisticated as the companies that are now in our economy. And then finally, doing something about the algorithms.

Can you explain what you would do in each of those areas?

People have to opt in if they want their data shared. When Apple recently gave their users a decision about whether to have their data tracked, 75 percent did not opt in. And that is what you would see across platforms, if it actually was a clear choice. Which it never is — it’s very confusing.

Secondly, protecting kids online, that would include not only expanding the protections from the Children’s Online Privacy Protection Act.

You can’t doubt that Facebook developed an innovative product. Yes, they did. But they clearly haven’t been able to compete with the times in terms of what innovations could protect people from the problems they’re having now, like for parents that don’t want to get their kids hooked.

Senators Maria Cantwell and Amy Klobuchar speak with their heads together as they sit behind a desk.

So my argument is that by allowing the antitrust laws to actually work and be updated, then you’re going to be able to look at some of these past mergers, like Instagram.

And here, we’re not talking about “destroying” Facebook or all these dramatic words, we’re talking about looking at the industry as a whole and figuring out if we need to update our competition laws, to track everything from what’s happening with the app stores to what’s happening with the platforms when it comes to selling stuff, so that they cannot be preferencing their own content and discriminating against competitors. I believe that is one, but not the only way; using the marketplace to push innovations and responsiveness to these problems.

How would you reform Section 230?

The one where we need to do the most work to figure out while still respecting free speech is [why] they’ve got total immunity when they amplify [harmful] stuff.

I already have a bill out there to get rid of the immunity for vaccine misinformation during a health crisis, as well as one that [Sen. Mark] Warner’s (D-VA) leading with Mazie Hirono (D-HI) and myself, which is about discrimination, violent conduct, and civil rights violations and the like.

Do you think Facebook can really change with Mark Zuckerberg in charge?

Have I been impressed by how he’s handled this latest crisis? No. He went sailing and issued posts from his boat. Basically he was saying, “Yeah, we’ll look at this,” but we got a whole week of no apologies. And that’s fine. He can choose not to apologize. That’s up to him. That’s a PR decision. But I think we are beyond expecting that he’s going to make the changes or whoever’s in charge of Facebook is going to make the changes. I think it’s time for us to act.

Matt Stoller, research director at the American Economic Liberties Project

Matt Stoller is a leading critic of monopoly power in the US economy , particularly in tech. He’s the author of the book Goliath: The 100-Year War Between Monopoly Power and Democracy .

One, I would send Mark Zuckerberg to jail for securities fraud and advertising fraud. Maybe Sheryl Sandberg too, for insider trading. There, you have a cultural lawlessness, and you have to address that it’s a threat to the law. So we’ve got to start there.

They lied to advertisers around their reach. And that caused advertisers to spend more money on Facebook than they would have. And with these advertising frauds, they decided not to tell investors. [Editor’s note: Facebook has been sued by advertisers for allegedly inflating key metrics around how many of its users actually see advertisements companies pay for.]

Sheryl Sandberg and Mark Zuckerberg walking past shrubbery on a sunny day.

Then, No. 2, I would break up the firm. The mergers of Instagram and WhatsApp are illegal and they should be unwound. That would create more fair competition in the social media market. And when firms compete, they usually have to compete by differentiating their product around quality. I would also break up their advertising. I would also sever Facebook’s ads subsidiary. [Editor’s note: Together with Google, Facebook’s advertising business represents a majority of all advertisements sold online in the US . Some have proposed separating these companies’ advertising business lines from their other lines of business to increase competition.]

And No. 3, set clear rules of the road for the industry around advertising. Just ban surveillance advertising. When I think about the problem, I look at it and I say, “Okay, this is a firm that has an advertising model that is based on undermining social stability.” They break the law and use legal power to fortify and protect their business model. So you have to address that. That’s the problem that I see.

Why do you think criminal liabilities for Mark Zuckerberg is a higher priority than breaking antitrust?

Antitrust or any regulatory policy is going to take several years to really go into force. And these guys just don’t care. They don’t care what the government does. They simply don’t believe that anything will affect them. And the only way to address that problem is to actually bring the problem straight to them. And that means sanctioning them personally: threatening to take away their freedom for violating the law. You have to make the stakes real.

The point here isn’t that Mark Zuckerberg is a bad guy. The point here is that you have a culture of lawlessness at the firm.

Brian Boland, former Facebook executive

Brian Boland is one of the few former Facebook executives to publicly criticize the company for its business practices, arguing that Facebook needs to be more transparent about the proliferation of viral misinformation and other harmful content on its platform. Boland was a vice president of partnerships and marketing, and worked at the company for 11 years.

We need to dramatically improve the safety and privacy of the platform. This breaks down into at least three things — the creation of a fully empowered regulatory body that has oversight over digital companies, reforms of Section 230, and meaningful transparency.

The one thing that Facebook could control right now is transparency. Helping society understand the harms on social media is an important step for fixing the problems. Twitter just shared research data on which political content gets more distribution on Twitter. That’s a great step where they are taking the lead.

Why is a regulatory body so important?

A regulatory body is in line with how we’ve generally worked in the United States when we’ve wanted to rein in industries that are out of control. The same way that we build building codes, that we regulate the chemicals industry. The food supply used to be unsafe, but then the FDA was created to make it safe. If you think about your car that you’re getting in every day, the National Highway Traffic Safety Administration keeps you safe by making sure the car is safe.

So the things that we need to do for digital is just like all the other regulation that we’ve done before. That still gives people the great products, right? You still have awesome cars, you still have amazing food, and there’s chemicals you use every day in your life. And the building that you’re in right now is not going to collapse. We just need to do the same thing with digital platforms and services and have that regulatory body and oversight to understand what’s harmful and broken, and then the regulatory authority to mandate fixing those things.

How would you go about making data more transparent?

I think you start to make data feeds of public data available, in the same way that you have engagement data available in CrowdTangle . But you ensure that it spans the globe and has metrics like reach and engagement and distribution, so people can see what gets recommended [and] goes viral.

Algorithms aren’t good or bad, they just promote things based on the way they’ve been initially coded, and then what they learn along the way, so it’s not like people deeply understand what algorithms do or why they do it.

Mark Zuckerberg appears on a wall-mounted screen behind a staffer sitting at a computer.

What would you change in Section 230?

There are two important elements for me: including a provision for a duty of care and removing protections of what algorithms amplify. A duty-of-care provision would ensure that Section 230 doesn’t remove the responsibility of platforms to reduce harms to their customers. This wouldn’t require that every harmful act is removed, but that the platforms take meaningful steps to reduce harm.

For the second part, we can ensure that we protect people’s free speech on platforms like Facebook, but actually hold the platforms accountable for what they choose to amplify. These algorithms take actions that make some speech heard far more than other speech. Facebook has control over its algorithms and should not be protected from the harms those algorithms can create.

Do you think Facebook can be reformed with Mark Zuckerberg at the helm?

There’s a chance, with strong regulatory oversight, that they’ll be forced to change — but his nature is not to move in this direction. If we want Facebook and Instagram to be responsible and safer, then I don’t think you can have him and the current leadership team leading the company.

Roger McNamee, early Facebook investor and member of “the real Facebook oversight board”

Roger McNamee is an early Facebook investor and former adviser to Mark Zuckerberg. He famously changed his opinion of the company after he saw what he believed were serious failures in its leadership and business priorities.

In my opinion, you need to have three forms of legislative relief. You need to address safety, you need to adjust privacy, and you need to address competition. If Facebook were to disappear tomorrow, 100 companies would compete to fill the void, doing all the same horrible things Facebook is doing. So whatever solutions we craft must be broad enough that they prevent that from happening.

On safety, I recommend that the government create an agency, analogous to the Food and Drug Administration, that would set guidelines for which technologies should be allowed to come to market at all, and what rules they would have to follow to create a commercial product and then to remain in the market.

How do you address privacy issues?

My mentor and friend Shoshana Zuboff said this best, which is that surveillance capitalism is as morally flawed as child labor, and should be banned for the same reason.

The starting place would be to ban any third-party use of location, health, financial, app usage, web browsing, and whatever other categories of intimate data are out there.

Roger McNamee speaking onstage at Web Summit.

You used to have a relationship with Mark Zuckerberg as an early investor. Do you have any confidence that the company can be fixed under his leadership?

I think this is the wrong question, if you don’t mind my saying so. I think that the underlying issue here is, we tell CEOs that their only job is to maximize shareholder value. It used to be that you told CEOs that they had to find a balance between shareholders, employees, the communities where employees live (including the country where they live), and its customers and suppliers. They had five constituents, and now we only have one [shareholders]. And so it’s important to recognize that a big part of what’s wrong here is that we have operated in an environment where we just applied the incorrect set of incentives to managers in any field, and Mark has just been more successful than other people in creating a product that took advantage of the complete absence of rules.

Benedict Evans, technology analyst

Benedict Evans is one of the tech industry’s leading analysts and thinkers on the business of social media. He is an independent analyst, and used to work for the venture capital firm Andreessen Horowitz, an early investor in Facebook.

Do you think anything else needs to be done to fix many of the problems Facebook is criticized for? And if so, what do you think should be done?

We are clearly on a path toward regulatory requirements around content moderation both in the EU and the UK. I don’t know how you could do that in a way that could be reconciled with the American Constitution — it sounds like a legal requirement to remove speech.

You can believe that there’s a lot of nonsense talked about Facebook and also believe that it has huge problems, isn’t on top of them, and doesn’t have the incentive structures right. But it’s amazing to me how much of the press and how many politicians completely ignore YouTube, which has almost exactly the same problems.

Why do you think breaking up Facebook is not the right response?

What is the theory for why changing who owns Instagram would stop teenage girls from looking at self-harm content, and for that content being shared and suggested? Why would the dynamics change? Such a move certainly would not make it any easier to compete with Instagram, just as making YouTube a separate company would not make it any easier to make a new video-sharing site. The network effects are internal to the product, not the ownership. It also wouldn’t change the business model.

To take an analogy from another generation, there are all sorts of problems with cars, and they kill people, but that doesn’t make it sensible to compare them with tobacco. And we can punish GM for shipping a car it knows will blow up in a low-speed rear collision, but we can’t make it stop teenage boys getting drunk and driving too fast. Not everything is an antitrust problem, and most policy problems are complicated and full of trade-offs. Tech policy isn’t any simpler than education policy or health care policy.

I often think the sloganeering around “break them up!” and indeed, the new comparison of tech to tobacco, is displacement: People are hunting for simple slogans and easy answers that let you avoid having to grapple with the complexity of the issues.

In the US, the cult of the First Amendment makes this even harder. The US cannot pass laws requiring social media companies to remove X or Y, whereas the UK and EU are already well on the way to passing such laws, which makes “break them up” an even stronger form of displacement — it’s what you can do as a US politician, rather than what can work.

Rep. Ken Buck

Rep. Ken Buck (R-CO) is a leading Republican in Congress on regulating tech. He co-led the historic congressional investigation into Big Tech and antitrust which finished last year, and has been one of the most senior members of his party to join with Democrats in bipartisan legislation to strengthen antitrust laws.

The obvious dangers of the platform are that bad people can use it for evil purposes. And then there are other unintended consequences where good people use it and are harmed through no fault of their own, but just because of the psychological impact.

When there’s a study that shows that something was dangerous with a car or with a food product, there’s a recall.

Facebook should be able to recall its product and to ameliorate the damages that are done before it goes too far. And they didn’t do that. Part of it has to be a personnel issue with leadership and the failure of leadership.

What’s the personnel issue? What changes would you make there?

I think that people who were in the know and realized that there was an increase in teen suicide rates, and that there was a relationship between their product and that increase — and they continued doing what they did — should be held criminally liable.

And as a member of Congress, what can you do? What are you doing to try to hold those people responsible?

I think that the role of Congress is to examine the situation — which we did with a 16-month investigation on the antitrust subcommittee — [and] expose the problems. And obviously, we saw things from the outside that now the whistleblower has confirmed from the inside with very damaging documents.

Representative Ken Buck.

Two, trying to fix the situation which we are in with antitrust laws, and perhaps with reforms to Section 230 . [Editor’s note: Section 230 is a landmark internet law that shields social media companies from being sued for most kinds of illegal activity committed by their users]. And then No. 3, it’s really up to the executive branch to make a decision on whether there is criminal liability, civil liability, and how to proceed.

Do you think Facebook should be broken up into separate companies?

I’m not sure that breaking up Facebook from Instagram makes as much sense as having other companies that are competing with Facebook and Instagram, in trying to innovate better and, frankly, offer parents an alternative.

I’m absolutely opposed to regulation. I don’t think the government should say, “This is appropriate speech in the newspaper or on Facebook or on Twitter.” I don’t think the government should say, “This is a feature that is positive or negative.” I think we’ve got to give consumers a choice. I think we make much more rational decisions when consumers make that choice.

When someone associates the word regulation with me, they think I’m going crazy. When they associate the words “competition in the marketplace” with me, they’re thinking, “Oh, okay, now I understand.”

Do you think that Facebook can be fixed with Mark Zuckerberg at the helm?

I think he has to take full responsibility and either take himself out of the picture, and others out of the picture, or make sure that changes are made so that he’s getting better information to make better decisions. But Facebook cannot continue to exist, should not continue to exist, the way they have.

Rashad Robinson, president, Color of Change

Rashad Robinson is the president of Color of Change, a civil rights advocacy group that co-led a historic advertiser boycott against Facebook last June in protest of the proliferation of hate speech on the platform.

I would have Instagram and WhatsApp owned by other people. And so I would shrink it.

And I would create real consequences and liability to its business model for the harm that it causes. And I would force Facebook to actually have to pay reparations for the harm they have done to local independent media , and to all the sorts of institutions that their sort of platform has destroyed.

Do you think you’ve seen progress since you helped lead the boycott against Facebook?

At that time [of the boycott], we didn’t have any levers within the government. There was no one to ask at the White House to get involved in this. Now a year has happened and we have a Biden administration. And so my demands are not to Facebook anymore, my demands are to the Biden administration and to Congress, and to tell them that they actually have to do their jobs, that we have outsized harm being done by this platform, and they actually have to do something about it.

What would real consequences look like for Facebook?

I’m not the numbers guy, but I do think [the consequences that] we’ve seen in the past from the FTC and other places have been the equivalent of a maybe expensive night out for [Facebook]. [Editor’s note: In 2019, the FTC fined Facebook $5 billion for its privacy failures in the Cambridge Analytica scandal. While it was a record-breaking fine imposed by the FTC, it failed to hinder Facebook’s financial performance and growth.]

I think that surveillance marketing on these platforms, combined with these platforms being able to have Section 230, that has to end — you can’t have it both ways. [Editor’s note: Surveillance marketing , or surveillance capitalism , is a pejorative name for business models — such as those that underpin Facebook and Google — that track people’s online behavior to target specific advertisements to them.]

Do you think Facebook can be fixed with Mark Zuckerberg in charge?

The current leadership lacks the sort of moral integrity to be the type of problem solvers our society needs. And the sooner they deal with the structures that have allowed them to be in charge, the better for all of us. But to be clear, this moment we are in — the story will be told in generations about who Mark Zuckerberg is and what he has done. And Mark Zuckerberg will always want to play by a different set of rules. He believes he can. He’s built a system for that.

A crowd of identical cardboard cutouts of Mark Zuckerberg wearing a “fix Facebook” T-shirt on the lawn of the Capitol building.

Nate Persily, professor at Stanford Law School and director of the Stanford Cyber Policy Center

Nate Persily co-founded an academic partnership program with Facebook in 2018, called Social Science One , which aimed to give researchers studying the real-world effects of social media unprecedented access to otherwise private Facebook data.

In 2020, Persily resigned from the program. He has since discussed the limitations of voluntary programs like Social Science One and is calling for legislation to mandate companies like Facebook to share more information with outside researchers.

The internet platforms have lost their right to secrecy. They simply are too big and too powerful. They cannot operate in secret like a lot of other corporations. And so they have an obligation to give access to their data to outsiders.

I have been working on this for five years. I’ve tried to do it with Facebook, and I’ve become convinced that legislation is the only answer.

And why do you think this is the first of Facebook’s problems to fix?

There is a fundamental disagreement between conventional wisdom and what the platforms are saying on any number of these issues.

That’s where the Haugen revelations are so momentous. It’s not just that you see quasi-salacious stuff about what’s happening on the platforms — it’s that you actually get a window into what they have access to and the kind of studies that they can perform. And then you start saying, “Well, look, if outsiders with public spirit had access to the data, think about what we could learn right now.”

Of course, all of this has to be done in a privacy-protected way to make sure that there’s no repeat of another Cambridge Analytica — and that’s where the devil is in the details.

Why should the average person care about Facebook being transparent with its data with researchers?

If you think that these platforms are the cause of any number of social problems stretching from anorexia to genocide, then we cannot trust their representations as to whether social media is innocent or guilty of committing these problems or contributing to these problems. And so [transparency] is a prerequisite to any kind of policy intervention in any of these areas, as well as actions by civil society. So part of it is informing governments and policymakers, but some of it is also informing us about what the dangers are on the platforms and how we can act to prevent them.

Transparency is a meta problem, if you will. It is the linchpin to studying every other problem as to the harms that social media is wreaking on society. And let me also say, we should be prepared for the possibility that when we do have access to the data, the truth is going to be not as bad as people think.

The story could be a much more complicated one than that algorithms are manipulating people into doing things that they otherwise wouldn’t do.

How do you make sure that Facebook is transparent with the data?

It’s quite simple. The FTC, working with the National Science Foundation, shall develop a program for vetted researchers and research projects, and shall compel the platforms to share the data with those researchers in a privacy-protected format. The data will reside at the firms [and will] not be given over to the federal government, so that we prevent another Cambridge Analytica.

It’s also not just about requiring data transparency [with researchers]. We should require [social media platforms] to disclose certain things to the public that are not privacy-dangerous. Basically, something like, “What are the most popular stories and popular links on Facebook each day?” That is not privacy-endangering.

Sen. Ed Markey

Massachusetts Sen. Ed Markey, a Democrat, has been a key congressional voice on online privacy for children for over two decades. He co-introduced the Children’s Online Privacy Protection Act of 1998 (COPPA) , a law requiring tech companies to obtain parental consent “before collecting, using, or disclosing personal information from children” under 13. Today, he’s focused on updating COPPA and making broader reforms to the tech industry.

No. 1, I will pass the Child Online Privacy Protection Act 2.0. I was the author of that law in 1998 that’s been used to protect children in company after company. We have to upgrade that law in order to pass a long-overdue bill of rights for kids and for teens, so that kids under 16 get the same protection as kids under 13.

I would say [we should also] ban targeted ads to children and create an online eraser button, so parents and children can tell companies to delete the troves of data that they have collected about young people. And to have a cybersecurity protection requirement for kids and teens.

Because it’s obvious that Facebook only cares about children to the extent to which they are of monetary value.

Senator Ed Markey seated behind a desk.

Why children’s privacy first over many issues that Facebook has, like misinformation?

Kids are uniquely vulnerable. And we adults need to make sure that their data is not being used in ways that are harmful to them.

Facebook won’t protect young people. It can’t be voluntary any longer; it does not work.

Do you think Facebook can be fixed with Mark Zuckerberg at the helm?

I think regardless of who is running Facebook, we have to put a new, tough regulatory scheme in place in the event that Mark Zuckerberg leaves and his successor has the exact same philosophy. So we can’t trust the institution. We have to trust our laws.

Do you think Facebook should be broken up?

I think that the antitrust process is something that should begin. But just breaking up Facebook won’t solve the problems that we’re discussing today. We need to pass an impressive set of laws that stop social media giants from invading our privacy.

Renée DiResta, disinformation researcher at Stanford Internet Observatory

Renée DiResta is a longtime researcher of disinformation on social networks . She advised Congress on the role of foreign influence misinformation networks in the 2016 US elections. DiResta has also been one of the first social media researchers to track how anti-vaccine content and other kinds of false or extremist content spreads through Facebook Groups.

Groups are probably the most broken things on the platform today.

If I could pick one thing to really focus on in the short term, it would be more sophisticated rethinking of groups and how people are recommended groups, and how groups are evaluated for inclusion and being promoted to other people.

Why do you think fixing Groups is more important than, say, what people see in their news feed?

Because [groups] are a very, very significant part of what you see in your feed.

QAnon came out of these groups that were recommended to people, and then they came to be places where people really felt that they had found new friends and, in a sense, that kind of insularity. They evolved into echo chambers, and the groups became deeply disruptive.

But Facebook did not appear to have sophisticated metrics for evaluating [if] what was happening within groups was healthy or not healthy. The challenge became: Once groups are formed, disbanding them is a pretty major step. Perhaps one example of this is the Stop the Steal group, which grew to several [hundreds of thousands of] people or more. [Editor’s note: The Stop the Steal Facebook group was one of the key platforms where organizers of the January 6 Capitol riot prepared to march on Washington, DC.]

Protesters hold signs that read “Stop the steal,” “Make America great again,” and “Stealing in un-American!”

How could Facebook better curate content?

I think there are certain areas where [Groups] should largely be kept out of the recommendation engine entirely. I believe there are plenty of researchers who disagree with me, but I do believe that there are many areas where it’s not a problem to allow the content to be on site — it’s more a matter of it being amplified and pushed to new people.

[But] health misinformation actually kills people. Like, there is a non-theoretical harm that is very, very real. And that’s where I argue for certain cases being treated distinctly differently. You’re not going for six people being wrong on the internet, or at the local pub, or standing at the local corner with a bullhorn. That’s not what we’re going for. When we give people amplification, when we enable them to grow massive communities that trust in them [rather than] in authorities — which are institutions that actually have more accurate information — then we find ourselves in a situation where there are real negative impacts on real people in the real world. And so that question of, “How do we understand harms?” is actually the guiding principle that we should be using to understand, “How do we rethink curation?”

Katie Harbath, former director of public policy at Facebook

Katie Harbath spent 10 years working at Facebook, including as a public policy director on issues like election security. She left the company this March and is now the founder and CEO of tech policy consultancy Anchor Change.

I think one of the struggles with Facebook right now is just people see Mark, hear Mark, or see the name Facebook, and they just don’t trust anything that comes out of their mouths.

Are there changes in leadership at the top and fresh blood that are needed to help really give a new perspective, and really be somebody that people would listen to?

Can you talk a little bit about organizational and structural problems at Facebook?

Facebook’s such a flat company, and they want to move fast. They’re giving People [HR] employees different metrics because most of those are usually centered around growth. Then, when the Integrity team comes in and wants to make changes that might slow those numbers, you can get resistance. [Editor’s note: The Integrity team at Facebook is responsible for assessing the misuses and unintended consequences of the platform.] Because that’s what people’s bonuses are attached to.

The tech world loves working in ones and zeros — they’re very data-driven. Data wins arguments. But the problems that the Integrity team is working on aren’t all data-centric. There’s a lot of nuance. There’s gonna be trade-offs. So if you’ve got Integrity as a whole separate team, they’re trying to go to another team and be like, “Hey, you should do this because it’s gonna produce X, Y, and Z harms.” But they’re like, “Well, that’s gonna screw up my metric, and then I’ll get a bad performance review.” So you end up pitting teams against one another, like Integrity and Product.

Illustration of a thumbs-down emoji with cracks and repair tape.

How would you fix that?

There’s no structural change that’s perfect.

But is it right for Integrity to be under Growth? Should it be separate? Should it be better integrated into the product lifecycle? One of the things that came out of some of these settlements around privacy is that there are particular procedures that the company had to put into place in order to make privacy considerations from the very beginning. So are there elements of that, that need to be done with the Integrity team?

Derek Thompson, staff writer, the Atlantic

Derek Thompson writes about economics, technology, and the media. He’s been writing about Facebook for several years, and his recent piece comparing Facebook to “attention alcohol” has sparked conversations about reframing how we think about social media .

One, I would treat social media the way we treat alcohol: have bans and clearer limitations on use among teenagers. And study the effects of social media on anxiety, depression, and negative social comparison. Two, I would continue to shame Facebook to edit its algorithm in a way that downshifts the emphasis on high-arousal emotions such as anger and outrage. And three, I would hire more people to focus not on misinformation in the US, but on the connection between mis- or disinformation and real-world violence in places outside the US, where real-world violence flowing from these Facebook products is a common phenomenon.

What would it mean to treat Facebook the way we treat alcohol?

The debate about Facebook is way too dichotomous. It’s between one group that says Facebook is effectively evil, and another group that says Facebook is basically no big deal. And that leaves a huge space in the middle for people to treat Facebook the same way we think about alcohol. I love alcohol. I use alcohol all the time, the same way I use social media all the time. But [with alcohol], I also understand, based on decades of research and social norms, that there are ways to overdo it.

We have a social vocabulary around [alcohol] overuse and drinking and driving. We don’t have a similar social vocabulary around social media. And social media can be very good as a social lubricant — and also dangerous as a compulsive product, as we have with alcohol. And that’s why I see them as reasonably analogous.

How would you change Facebook’s algorithm?

Facebook is both a mirror and a machine. It holds up a high-quality mirror to human behavior and shows us a reflection that includes all of human kindness, and all of human generosity, and all of human hate, and all of human conspiracy theorizing, but it is also a machine that, through the accentuation of high-arousal emotions, brings forth or elicits the most outrage and the most conspiracy theorizing and the most absurd disinformation.

We can’t fix the mirror — that would require fixing humanity. But we can fix the machine, and it’s pretty clear to me that the Facebook algorithmic machine is optimized for surfacing outrage, indignation, hate, and other high-arousal negative emotions. I would like to see more research done not only by Facebook itself but also by any government, the NIH, maybe by Stanford and Harvard, on alternative ways of organizing the world’s information [than] predominantly by the hybrid distribution of high-arousal negative emotions.

Can you explain why addressing Facebook’s issues in its operations outside the US is a priority problem that you would fix, and how you would fix that?

Most tech critics are hysterically over-devoted to the problems of technology in America, when these tech companies touch billions of people outside of America. And we should spend more time thinking about their impact outside of the country where their headquarters are based. Most of Facebook’s research into its negative effects, as I understand it, is focused on the effects of Facebook in the US. But we didn’t have WhatsApp- and Facebook-inspired genocide in the US.

Correction, November 8, 9:40 am: A previous version of this story misstated the last name of Rashad Robinson, president of Color of Change.

Will you help keep Vox free for all?

At Vox, we believe that clarity is power, and that power shouldn’t only be available to those who can afford to pay. That’s why we keep our work free. Millions rely on Vox’s clear, high-quality journalism to understand the forces shaping today’s world. Support our mission and help keep Vox free for all by making a financial contribution to Vox today.

We accept credit card, Apple Pay, and Google Pay. You can also contribute via

how to solve facebook privacy issues

Can California show the way forward on AI safety?

The supreme court will decide if the government can seize control of youtube and twitter, how discredited health claims find a second life on tiktok, sign up for the newsletter today, explained, thanks for signing up.

Check your inbox for a welcome email.

Oops. Something went wrong. Please enter a valid email and try again.

  • Work & Careers
  • Life & Arts

Become an FT subscriber

Limited time offer save up to 40% on standard digital.

  • Global news & analysis
  • Expert opinion
  • Special features
  • FirstFT newsletter
  • Videos & Podcasts
  • Android & iOS app
  • FT Edit app
  • 10 gift articles per month

Explore more offers.

Standard digital.

  • FT Digital Edition

Premium Digital

Print + premium digital.

Then $75 per month. Complete digital access to quality FT journalism on any device. Cancel anytime during your trial.

  • 10 additional gift articles per month
  • Global news & analysis
  • Exclusive FT analysis
  • Videos & Podcasts
  • FT App on Android & iOS
  • Everything in Standard Digital
  • Premium newsletters
  • Weekday Print Edition

Complete digital access to quality FT journalism with expert analysis from industry leaders. Pay a year upfront and save 20%.

  • Everything in Print
  • Everything in Premium Digital

The new FT Digital Edition: today’s FT, cover to cover on any device. This subscription does not include access to or the FT App.

Terms & Conditions apply

Explore our full range of subscriptions.

Why the ft.

See why over a million readers pay to read the Financial Times.

International Edition

A timeline of Facebook's privacy issues — and its responses

Image: Mark Zuckerberg

SAN FRANCISCO — Facebook’s recent crisis is just one of many privacy issues that company has had to deal with in its relatively short existence.

Barely two years old in 2006, the company faced user outrage when it introduced its News Feed. A year later it had to apologize for telling people what their friends had bought. Years after that, the Federal Trade Commission stepped in — and is now looking at the company again. Facebook has a history of running afoul of regulators and weathering user anger, all the while collecting record profits and racking up more than 2 billion users.

Those privacy issues are now front and center. Facebook's loose handling of how its data was acquired by app developers has plunged the company into the biggest crisis of its 14-year existence. The revelation that a data analytics company used by Donald Trump’s presidential campaign was able to surreptitiously collect data on 50 million people through a seemingly innocuous quiz app has forced CEO Mark Zuckerberg to issue a public apology — and promise changes.

Taking a step back to look at Facebook’s pattern of privacy issues provides an important perspective on just how many times the company has faced serious criticism. What follows is a rundown of the biggest privacy issues Facebook has faced to date:

When : September 2006

What : Facebook debuts News Feed

Facebook’s response : Tells users to relax

Facebook was only two years old when it introduced News Feed on Sept. 5, 2006. The curated feed was intended as a central destination so users didn't have to browse through friends' profiles to see what they had changed.

Facebook had about 8 million users at the time, and not all of them were happy about every move of their personal life being blasted into a daily feed for their friends.

An estimated 1 million users joined "Facebook News Feed protest groups," arguing the feature was too intrusive . But Facebook stayed the course.

“One of the things I'm most proud of about Facebook is that we believe things can always be better, and we're willing to make big bets if we think it will help our community over the long term,” Zuckerberg said in a post reflecting on the 10th anniversary of News Feed.

The outrage died down, and News Feed became a major part of Facebook’s success.

When : December 2007

What : Beacon, Facebook’s first big brush with advertising privacy issues

Facebook’s response : Zuckerberg apologizes, gives users choice to opt out

There was once a time when companies could track purchases by Facebook users and then notify their Facebook friends of what had been bought -- many times without any user consent.

USA - Technology Facebook Creator Mark Zuckerberg

In an apology on Dec. 6, 2007, Zuckerberg explained his thought process behind the program, called Beacon, and announced that users would be given the option to opt out of it.

“We were excited about Beacon because we believe a lot of information people want to share isn’t on Facebook, and if we found the right balance, Beacon would give people an easy and controlled way to share more of that information with their friends,” he said.

At the time, Facebook was also talking to the Federal Trade Commission (FTC) about online privacy and advertising.

When : November 2011

What : Facebook settles FTC privacy charges

Facebook’s response : Facebook agrees to undergo an independent privacy evaluation every other year for the next 20 years.

Facebook settled with the Federal Trade Commission in 2011 over charges that it didn't keep its privacy promise to users by allowing private information to be made public without warning.

Regulators said Facebook falsely claimed that third-party apps were able to access only the data they needed to operate. In fact, the apps could access nearly all of a user’s personal data. Facebook users that never authenticated a third-party app could even have private posts collected if their friends used apps. Facebook was also charged with sharing user information with advertisers, despite a promise they wouldn’t.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," Jon Leibowitz, then chairman of the FTC, said at the time. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

As part of the agreement in 2011, Facebook remains liable for a $16,000-per-day penalty for violating each count of the settlement.

When : June 2013

What : Facebook bug exposes private contact info

Facebook’s response : Facebook fixes bug, notifies people whose info may have been exposed.

A bug exposed the email addresses and phone numbers of 6 million Facebook users to anyone who had some connection to the person or knew at least one piece of their contact information.

The bug was discovered by a White Hat hacker — someone who hacks with the intention of helping companies find bugs and build better security practices.

When people joined Facebook and uploaded their contact lists, Facebook explained it would match that data to other people on Facebook in order to create friend recommendations.

“For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook,” Facebook’s team explained in a June 2013 message .

That information was “inadvertently stored in association with people’s contact information,” Facebook said. That meant that when a Facebook user chose to download their information through Facebook’s DYI tool, they were provided with a list of additional contact information for people they knew or with whom they may have had some association.

Facebook said it pulled the tool offline and fixed it. The company also said it had notified regulators and pledged to tell affected users.

When : July 2014

What : Mood-manipulation experiment on thousands of Facebook users

Facebook’s response : Facebook data scientist apologizes

Facebook's mood-manipulation experiment in 2014 included more than half a million randomly selected users. Facebook altered their news feeds to show more positive or negative posts. The purpose of the study was to show how emotions could spread on social media. The results were published in the Proceedings of the National Academy of Sciences , kicking off a firestorm of backlash over whether the study was ethical.

Adam D.I. Kramer, the Facebook data scientist who led the experiment , ultimately posted an apology on Facebook. Four years later, the experiment no longer appears to be online.

“I can understand why some people have concerns about it, and my co-authors and I are very sorry for the way the paper described the research and any anxiety it caused,” he wrote, according to The New York Times .

When : April 2015

What : Facebook cuts off apps from taking basically all the data they want

Facebook’s response : Please keep building apps

If Person A downloads an app, that app shouldn’t be able to suck data from Person B just because they’re friends, right? In 2014, Facebook cited privacy concerns and promised it would limit access to developers. But by the time the policy took effect the next year , Facebook had one big issue: It still couldn’t keep track of how many developers were using previously downloaded data, according to current and former employees who spoke with The Wall Street Journal .

Image: Chris Wylie

When Paul Grewal, Facebook vice president and deputy general counsel announced Cambridge Analytica’s ban from Facebook last week, he said Facebook has a policy of doing ongoing manual and automated checks to ensure apps are complying with Facebook policies.

“These include steps such as random audits of existing apps along with the regular and proactive monitoring of the fastest growing apps,” he said.

When : January 2018

What : Europe’s data protection law

Facebook’s response : Facebook complies

Facebook has also began preparing for the start of a strict European data protection law that takes effect in May. Called the General Data Protection Regulation , the law governs how companies store user information and requires them to disclose a breach within 72 hours.

In January, Facebook released a set of privacy principles explaining how users can take more control of their data.

One particularly notable principle many will be watching to see if Facebook upholds is accountability.

"In addition to comprehensive privacy reviews, we put products through rigorous data security testing. We also meet with regulators, legislators and privacy experts around the world to get input on our data practices and policies," Facebook's team said in January.

When : February 2018

What : Belgian court tells Facebook to stop tracking people across the entire internet

Facebook’s response : Appeal the court’s ruling

In February, Facebook was ordered to stop collecting private information about Belgian users on third-party sites through the use of cookies. Facebook was also ordered to delete all data it collected illegally from Belgians, including those who aren't Facebook users but may have still landed on a Facebook page, or risk being fined up to 100 million euros.

Facebook said it has complied with European data protection laws and gives people the choice to opt out of data collection on third-party websites and applications. The company said it would appeal the ruling.

When : March 2018

What : Revealed that Facebook knew about massive data theft and did nothing

Facebook’s response : An apology tour and policy changes

The world finally got the answer to the question “Where’s Zuck?” on Wednesday when the Facebook CEO and co-founder broke his silence on the data harvesting allegations. In a statement posted on his Facebook wall, Zuckerberg avoided the word “sorry” but did express partial blame for Facebook’s role in not doing enough to protect user privacy.

Image: Facebook holds annual F8 developers conference in San Jose, California

He laid out three steps Facebook will take now, including investigating all apps that were able to access user data before 2014, when the company began changing its permissions for developers. Facebook will put restrictions on the data apps can access, limiting them to a person’s name, photo and email. Finally, Zuckerberg said Facebook will make an easy tool that lets everyone see which apps have access to their data and allow them to revoke access.

"I've been working to understand exactly what happened and how to make sure this doesn't happen again,” he wrote. “The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it."


  • The Magazine
  • Newsletters
  • Managing Yourself
  • Managing Teams
  • Work-life Balance
  • The Big Idea
  • Data & Visuals
  • Reading Lists
  • Case Selections
  • HBR Learning
  • Topic Feeds
  • Account Settings
  • Email Preferences

Can Facebook Ever Be Fixed?

  • Andrew Burt

how to solve facebook privacy issues

Its trust problem won’t change until its business model does.

For those paying attention to privacy scandals and data leaks over the last few years, Facebook has emerged as a leading culprit. From its 20-plus scandals of 2018 (yes, someone actually counted ) to an actual spyware app the company paid users to download to downright disastrous security practices exposed earlier this year, the company can’t seem to get much right. Which is why the recent post  (which the Washington Post  also ran) in which Facebook CEO Mark Zuckerberg proposes four new ideas to regulate the internet should come as no surprise. That Zuckerberg might fall short, yet again, in offering meaningfully changes in the way his company collects, stores, or analyzes its users’ data is to be expected. Broadly speaking, Zuckerberg’s latest proposals are mostly superficial when compared to the scale and the scope of the problems Facebook is confronting.

For those paying attention to privacy scandals and data leaks over the last few years, Facebook has emerged as a leading culprit. From its 20-plus scandals of 2018 (yes, someone actually counted ) to an actual spyware app the company paid users to download to downright disastrous security practices exposed earlier this year, the company can’t seem to get much right.

how to solve facebook privacy issues

  • Andrew Burt is the managing partner of Luminos.Law , a boutique law firm focused on AI and analytics, and a visiting fellow at Yale Law School’s Information Society Project.

Partner Center

Ad-free. Influence-free. Powered by consumers.

The payment for your account couldn't be processed or you've canceled your account with us.

We don’t recognize that sign in. Your username maybe be your email address. Passwords are 6-20 characters with at least one number and letter.

We still don’t recognize that sign in. Retrieve your username. Reset your password.

Forgot your username or password ?

Don’t have an account?

  • Account Settings
  • My Benefits
  • My Products
  • Donate Donate

Save products you love, products you own and much more!

Other Membership Benefits:

Suggested Searches

  • Become a Member

Car Ratings & Reviews

Car Reliability Guide

Car Buying & Pricing

Which Car Brands Make the Best Vehicles?

Car Maintenance & Repair

The Cost of Car Ownership Over Time

Key Topics & News

Listen to the Talking Cars Podcast

Home & Garden

Bed & Bath

Top Picks From CR

Best Mattresses

Lawn & Garden


Best Snow Blowers

Home Improvement

Home Improvement Essential

Best Wood Stains

Home Safety & Security


Best DIY Home Security Systems


What to Do With a Broken Appliance

Small Appliances

Best Small Kitchen Appliances

Laundry & Cleaning

Best Washing Machines

Heating, Cooling & Air

Best Air Purifiers


Home Entertainment


Home Office

Cheapest Printers for Ink Costs

Smartphones & Wearables


Find the Right Phone for You

Digital Security & Privacy


CR Security Planner

Take Action

How to Use Facebook Privacy Settings

These controls and techniques give users a measure of control over how Facebook collects and uses personal data

Lock with Facebook thumbs up

Facebook’s privacy settings are confusing. Take the “clear history” button: It doesn’t actually delete anything . Then there’s the facial recognition control that was missing on hundreds of millions of accounts. (Facebook later shut down the app’s facial recognition features.) It can even be hard to find the Facebook settings that do work as you’d expect. Facebook has 22 pages of settings, and many privacy controls aren’t on the page labeled “Privacy.”

It’s important for users who care about their privacy to understand the available settings—even if these controls don’t offer all the protections you might want. This guide will lead you to the most useful Facebook privacy settings, plus a few outside tools to further limit the company’s tracking.

Below, you’ll find instructions on how to:

  • “Clear” the Data Facebook Gets From Tracking You Around the Web

Keep Your Location Data Private

  • Limit Data Collection by Facebook’s Partners

Guard Your Account From Hackers

Make your profile harder to find, limit who sees your photos and posts, take some control over targeted ads, avoid ads on sensitive subjects, prevent facebook from following you on other websites, decide who can message you.

  • Protect Your Privacy on Facebook’s Sibling Products

Clean Up Your Friends List

'clear' the data facebook gets from tracking you around the web.

Facebook collects a lot of data about you even when you’re not on Facebook. Hundreds of thousands of apps, websites, and other services send the company reams of information about what you’re doing on other parts of the internet—and sometimes even what you’re up to in the real world.

For a peek behind the curtain, the Off-Facebook Activity menu will give you a look at some of that data.

It houses the Clear History button, which, despite the name, doesn’t actually delete anything. Instead, it “disconnects” the data from your account, preventing the company from using it for targeted ads.

Facebook keeps a copy of that information—and will continue to use it for analytics reports provided to other websites and detailed performance measurements for the company’s advertising clients.

You’ll also find a setting called Manage Future Activity, which lets you keep your history cleared by default. Note that after you turn it off, other companies will keep sending Facebook information about you. But again, Facebook says that the data won’t be used to target you with ads.

There’s a major caveat. Turning off Future Activity disables the Facebook Login tool that lets you sign in to other apps and websites using your Facebook credentials. You can go through a list one by one and disable Future Off-Facebook Activity for specific services where you don’t need Facebook Login.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Your Facebook information > Off-Facebook activity.

From there, you can click “Clear previous activity.” To prevent the data from being used for targeted ads going forward, tap “Disconnect future activity.”

When you use the Facebook mobile app, whether you’re scrolling through your news feed, tagging a family photo on the Golden Gate Bridge, or just leaving the app idling in the background, the company can collect data about your location to use for targeting ads.

The most accurate source of location data can be controlled through your device’s location services settings. Adjusting that won’t stop the company from accessing your location entirely, though. Facebook admits it uses information such as your network connection to approximate your whereabouts for advertising purposes. But if you revoke the Facebook app’s location permission, the data available to the company will be less precise.

On an Android phone: Go to the phone’s Settings > Location > App location permissions > Facebook > Select “Allow only while using the app” or “Deny.” (These instructions may vary slightly depending on what phone you have. On older phones, check for a Permissions menu.)

On an iPhone: Go to the phone’s Settings > Privacy > Location Services > Facebook. Then click either “While Using the App” or “Never.”

Only the newest version of Android provides the “Only while using the app” option. Users with older Android phones can access a location setting in the Facebook app itself to get the same effect. Find a Background Location setting in the Location menu under Privacy Shortcuts.

Limit Data Collection by Facebook's Partners

The Facebook Login feature is an easy way to sign in to other websites and apps. But as described above, Facebook gets to collect more of your personal data in exchange. It can also give the companies that provide those outside services access to account info, which can include your name, photo, email address, and other data visible to the public by default, such as your “likes” and comments.

It may be impossible to find and delete personal info harvested by other companies in the past, but you can see which apps are currently collecting data from your account and stop them. You will no longer be able to access these apps using your Facebook Login, so by default Facebook will notify the app so they have opportunity to provide you with another way to log in. (You can disable that using a check box when you remove the app.)

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Apps and Websites > See More > Click on the box next to the app’s name > Remove.

It’s a good idea to use two-factor authentication , also called multifactor authentication, to bolster the password on any account that offers it. This is particularly important if you’ve ever used the same password on more than one account or you tend to use subpar passwords. (Consumer Reports has expert tips for creating good passwords.)

Once you turn on two-factor authentication in Facebook’s settings, the company will send you a verification code—via text or app—to confirm your identity when you access your account from an unverified location, device, or browser.

That makes it much harder for someone to breach your account with a stolen password.

But Facebook has misused this technology. After an investigation a few years ago, the company admitted it used phone numbers collected for two-factor authentication for advertising purposes .

Security experts still recommend that you use two-factor authentication, however, because it’s one of the best ways to protect your account. You don’t have to give Facebook your phone number to use two-factor authentication, either—a dedicated app such as Google Authenticator or Duo Mobile can be a more private and secure solution. It’s easy to set up.

If Facebook already has your phone number, follow the instructions in the section below so that strangers can’t use it to find your page.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Security and Login > Set Up Two-Factor Authentication > Get Started.

The default settings on Facebook permit your user profile to show up in any Google search that includes your name. But you can change the settings to make your profile less Google-able. And while you’re at it, you can also set limits on who can send you friend requests and look you up using the email address or phone number tied to your account.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Do you want search engines outside of Facebook to link to your profile? > Edit > Click the check box on the bottom > Turn Off.

Then on the same page, select “Who can look you up using the phone number you provided?” > Only me. Do the same for “Who can look you up using the email address you provided?”

It can be fun to share the details of your life with family members and friends, but it’s less amusing to serve up that data to criminals who comb Facebook pages for personal details to use in identity-theft scams . If you leave your info open to the public, anyone can discover your birth date, mother’s maiden name, and passion for poodles.

Each time you post a new photo, video, or status update, Facebook’s interface gives you the option to keep the news among your friends. You can even exclude certain pals—like, say, your boss or a nosy neighbor.

That’s a good practice going forward, and it’s also easy to go back to your old posts and limit the audience retroactively. That way, you can make certain you’re not sharing telltale details with people you don’t know. While you’re at it, you can change the default audience so that your future posts are more private automatically.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Who can see your future posts? > Edit. Select “Friends” or another group you may have set up.

Then on the same page, click “Limit the audience for posts you’ve shared with friends of friends or Public?” Select “Limit Past Posts.”

There isn’t much you can do to keep your information away from Facebook’s marketing services. But there is a lot you can do to take some control over the kinds of ads you see (in fact, we’ve written a whole guide to controlling annoying or upsetting ads).

There are three Facebook settings worth thinking about. The first is “Data about your activity from partners.” The specifics are complicated, but the bottom line is that if you turn the setting off, Facebook says it will avoid using some of the data it gets about what you do on other companies’ websites and services for its own ads.

The second is “Ads shown off of Facebook.” Facebook doesn’t just show you ads on Facebook; the company’s ad system runs all over the internet and even in other apps. The “Ads shown off of Facebook” setting determines whether advertisers can use information based on your Facebook activity to target you on other platforms.

Finally, you’ve probably seen Facebook ads that list your friends’ names: “So-and-so likes . . . .” That’s because Facebook lets advertisers use your name and products you “like”—Girl Scout Cookies, Starbucks coffee, Ford trucks—in ads pitched to people in your network. You can turn off the “Social Interactions” setting to put a stop to it.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Ads > On the left-hand side, select “Ad Settings” > Select “Data about your activity from partners” and turn the toggles off. Then do the same for “Ads shown off of Facebook” and “Social Interactions.”

(Facebook has recently been rolling out updates to its advertising settings. The last few instructions may be slightly different on some accounts, but they will be close enough that you should be able to find your way.)

You can’t turn off Facebook ads, but you can try to avoid ads on certain topics. If there’s a subject or a brand you want to avoid, you can type it into a search bar and you may be able to limit whether those ads are delivered to you. Facebook also recommends a few subjects that are commonly sensitive for some people, including alcohol, gambling, parenting, pets, politics, and weight loss. However, the company doesn’t guarantee you’ll never see ads on any of these topics, even if you turn them off.

There are also additional ways you can adjust your social media feed for a healthier and more pleasant experience.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Ads > Ad Topics > Click the search bar to see some recommended selections, or search for the topic you want to avoid. Click on the topic, and select “See fewer.”

As we discussed above, Facebook’s data collection doesn’t stop when you leave the platform . If you’ve ever gone to a website that uses Facebook services—Like and Share buttons, Facebook Login, or the company’s invisible analytics tools—you’ve provided info on the stories you’ve read, the videos you’ve watched, and the products you’ve looked at.

“If those buttons are on the page, regardless of whether you touch them, Facebook is collecting data,” says Casey Oppenheim, a co-founder of the digital security firm Disconnect.

Millions of websites also use Facebook’s hidden tracking “pixels” that give you no visual clue you’re being monitored. There’s no foolproof way to stop that surveillance—and no way at all through Facebook’s settings. You can, however, install an ad blocking extension such as Disconnect, uBlock, or Privacy Badger on your browser to disrupt Facebook’s efforts to track you online.

The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has designed an ad blocker specifically for this task. It’s called Facebook Container , and it uses a unique browser tab to wall off the social media platform from the rest of your online activity. It takes only a few clicks to install the Facebook Container extension for Firefox.

(Consumer Reports uses Facebook’s services, too. For details on the data we collect, consult our privacy policy .)

When someone you aren’t friends with tries to contact you, their messages generally get sent to a “message requests” folder.

You won’t get a notification about these messages, and Facebook lets you read them without telling the other person you’ve taken a look. That gives you a little preview before you decide to open up a dialog.

However, you can decide not to receive these messages at all. Or you can go in the other direction with some kinds of connections and have messages open up straight to a regular chat. Because the company combined the messaging platforms on Instagram and Facebook Messenger, there are also some options for communicating with Instagram followers you haven’t friended on Facebook.

Facebook allows for some fine-tuning. You can make specific choices for different categories of people, such as friends of friends.

On a browser: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Under “How you get message requests,” tap the various potential connections to choose how you want to be contacted.

Protect Your Privacy on Facebook's Sibling Products

Adjusting your Facebook settings is a great first step toward protecting your privacy. But the apps on your phone and the services you use online unite to form an entire data ecosystem, and you should take the whole picture into account.

If you use Facebook’s—or now Meta’s— Instagram and WhatsApp , lock down your settings on those products, too. (And now that you’re on a roll, consider doing the same for other services, such as Google and even LinkedIn .)

The people on your friends list can jeopardize your privacy, sometimes without even knowing it.

While Facebook closed the loophole that allowed the 2014 data leak that led to the Cambridge Analytica scandal , there are plenty of other ways friends can let you down—by posting inappropriate content, for example, or falling for scams that permit accounts to be hacked.

That’s why it’s best not to maintain Facebook “friendships” with people you don’t really know (e.g., your best friend’s sister’s yoga instructor). Facebook doesn’t make it easy to delete large groups of friends. You have to go to your Facebook profile, select people to dismiss one at a time, hover over a drop-down menu, and choose “Unfriend.”

To make the process a little easier, consider using the “birthday method.” When you log in to Facebook, check the birthday notifications the app has sent you, and for each one decide whether to send out well wishes or to quietly unfriend people you’re willing to part with . This can help you keep your account more secure.

How Targeted Ads Work

Do you often see online ads that relate to your likes and hobbies? On the “ Consumer 101 ” TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.

Thomas Germain

Thomas Germain was previously a technology reporter at Consumer Reports, covering several product categories and reporting on digital privacy and security issues. He investigated the sharing of sensitive personal data by health-related websites and the prevalence of dark patterns online, among other topics. During his tenure, Germain’s work was cited in multiple actions by the Federal Trade Commission.

Sharing is Nice

We respect your privacy . All email addresses you provide will be used just for sending this story.

Trending in Privacy

How to Wipe a Computer Clean of Personal Data

How to Turn Off Smart TV Snooping Features

What to Do If Your Instagram Account Gets Hacked

Period Tracker Apps and Privacy

  • International edition
  • Australia edition
  • Europe edition

Facebook headquarters in Menlo Park, California.

Regulate, break up, open up: how to fix Facebook in 2022

After another disastrous year for the company, experts and activists see clear ways to tackle its problems

T his year the public saw an alarming side of Facebook, after a huge leak of internal documents revealed the extent of vaccine misinformation and extremism on the platform, a two-tier system of who gets to break the rules and the toxic effects of Instagram for teens .

Digital rights activists around the world have warned about these issues for years, but with the company facing mounting pressure, next year could provide an unprecedented opportunity for action.

We spoke to researchers, activists and tech experts about how Facebook can be reined in 2022 and beyond, and the innovative solutions that could bring about change.

In the US, the path towards regulation is likely to be a long one. But this year has seen rare bipartisan calls to tighten the rules on big tech.

Section 230 of the Communications Decency Act, which protects Facebook from lawsuits if users post anything illegal, has once again come under scrutiny. Rashad Robinson, president of the civil rights group Color of Change, who led a corporate boycott of Facebook in July 2020 , says amending it is a critical first step.

“I believe that there needs to be a removal of the Section 230 immunity when it comes to paid advertising and when it comes to things that are connected to product design,” Robinson said.

Meanwhile, lawmakers have introduced bills – including the Children and Media Research Advancement Act and the Algorithmic Justice and Online Platform Transparency Act of 2021 – that would, respectively, fund research into the platform’s effects on young people and tackle Facebook’s often inscrutable algorithms.

Robinson says such laws would address “the ways in which Facebook makes money and refuses to be held accountable”.

The whistleblower Frances Haugen and Rashad Robinson, president of Color of Change, testify on Capitol Hill on 1 December.

In Europe, 2022 will see a final decision by the European court of justice (ECJ) in a German online gaming case that could pave the way for Facebook to face legal ramifications for privacy violations.

Javier Pallero, the policy director at the digital civil rights organisation Access Now, says any regulation must consider human rights, particularly when it comes to content moderation in the global south. Facebook’s current moderation model is flawed, he says. “They either allow too much or they take down too much and they end up basically censoring entities, activists, and so on around the world. So you need human moderators, ergo, you need more investment, you need more people.”

Breaking it up

Facebook’s sheer size and market dominance remain a significant barrier to change, and a growing chorus of lawmakers and others are calling for a simple solution : break it up.

Matt Stoller, research director at the American Economic Liberties Project, says Facebook’s vast power is the greatest threat to democracy. “He’s operating like a sovereign,” Stoller says of Zuckerberg. “And that’s what a monopolist is. Somebody who has control, governing power over a market.”

First, Stoller urges breaking up Facebook’s grip on the social media market. Once Facebook took over all its competitors, he says, “they just started surveilling and doing anything that they wanted, and there was really no way around it”.

Second, Stoller proposes bringing criminal charges against Zuckerberg and his leadership team over allegations of fraud and insider trading . (Facebook has rejected those claims.)

Third, Stoller recommends imposing rules on the social media marketplace so companies such as Facebook can’t be financed by or engage in advertising that is driven by hyper-personalized surveillance.

Fixing Facebook from within

Some of the strongest efforts for change are coming from Facebook’s own workforce or former workers, including Frances Haugen, the former product manager at Facebook’s civic integrity department who disclosed tens of thousands of the company’s internal documents to the Wall Street Journal and the US Securities and Exchange Commission.

Jeff Allen and Sahar Massachi are a former data scientist and data engineer at Facebook who helped build the company’s election and civic integrity team and now run a non-profit organization called the Integrity Institute. They believe the solution is empowering integrity professionals who deal with issues such as trust, security and detecting fake activity.

people wear angry emoji masks

Massachi says Facebook’s culture incentivises the opposite: one team will flag harmful content and recommend driving down engagement, while another team will find a trick to increase engagement with the harmful content.

To fix this, he proposes introducing a monthly metric that ranks companies based on integrity. Regulators could monitor companies based on this metric. He envisions regulators being able to take concrete action if companies don’t keep up their score.

Katie Harbath, founder and CEO of the tech policy consultancy Anchor Change, said the lack of empowerment for integrity teams was a structural problem at Facebook. “The fact that the integrity team reports into the growth team is problematic,” she said, leading to prioritising growth. “One way to think about this would be to actually put integrity and growth on the same level within the company.”

Open the company up to researchers

When Facebook promised to collaborate on a research initiative with academics after the Cambridge Analytica scandal, there were hopes it would shed light on how Facebook affects society. Instead, researchers were met with flawed and incomplete data, with only a handful of scholars granted access .

Nate Persily, professor at Stanford Law School and the director of the Stanford Cyber Policy Center, has worked with Facebook in an academic capacity but became increasingly frustrated with the amount of data the company shared with researchers. Since then he has drafted text for a law – the Platform Transparency and Accountability Act – which would grant scholars access to information the social media company holds, while protecting user privacy.

“These companies have thrived in secrecy and we are now seeing that from the Frances Haugen revelations,” Persily said.

The impact of opening the data up would be twofold: first, it would educate academics and the public about what’s happening on the platform, including the role of algorithms, apps targeting kids, and rates of disinformation, Persily said. Second, Facebook would behave differently if it knew it was being watched.

  • Social media
  • Social networking

Most viewed


Account information.

how to solve facebook privacy issues

Share with Your Friends

Facebook data privacy scandal: A cheat sheet

Your email has been sent

Image of TechRepublic Staff

A decade of apparent indifference for data privacy at Facebook has culminated in revelations that organizations harvested user data for targeted advertising, particularly political advertising, to apparent success. While the most well-known offender is Cambridge Analytica–the political consulting and strategic communication firm behind the pro-Brexit Leave EU campaign, as well as Donald Trump’s 2016 presidential campaign–other companies have likely used similar tactics to collect personal data of Facebook users.

TechRepublic’s cheat sheet about the Facebook data privacy scandal covers the ongoing controversy surrounding the illicit use of profile information. This article will be updated as more information about this developing story comes to the forefront. It is also available as a download, Cheat sheet: Facebook Data Privacy Scandal (free PDF) .

SEE: Navigating data privacy (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

What is the Facebook data privacy scandal?

The Facebook data privacy scandal centers around the collection of personally identifiable information of “ up to 87 million people ” by the political consulting and strategic communication firm Cambridge Analytica. That company–and others–were able to gain access to personal data of Facebook users due to the confluence of a variety of factors, broadly including inadequate safeguards against companies engaging in data harvesting, little to no oversight of developers by Facebook, developer abuse of the Facebook API, and users agreeing to overly broad terms and conditions.

SEE: Information security policy (TechRepublic Premium)

In the case of Cambridge Analytica, the company was able to harvest personally identifiable information through a personality quiz app called thisisyourdigitiallife, based on the OCEAN personality model. Information gathered via this app is useful in building a “psychographic” profile of users (the OCEAN acronym stands for openness, conscientiousness, extraversion, agreeableness, and neuroticism). Adding the app to your Facebook account to take the quiz gives the creator of the app access to profile information and user history for the user taking the quiz, as well as all of the friends that user has on Facebook. This data includes all of the items that users and their friends have liked on Facebook.

Researchers associated with Cambridge University claimed in a paper that it “can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender,” with a model developed by the researchers that uses a combination of dimensionality reduction and logistic/linear regression to infer this information about users.

The model–according to the researchers–is effective due to the relationship of likes to a given attribute. However, most likes are not explicitly indicative of their attributes. The researchers note that “less than 5% of users labeled as gay were connected with explicitly gay groups,” but that liking “Juicy Couture” and “Adam Lambert” are likes indicative of gay men, while “WWE” and “Being Confused After Waking Up From Naps” are likes indicative of straight men. Other such connections are peculiarly lateral, with “curly fries” being an indicator of high IQ, “sour candy” being an indicator of not smoking, and “Gene Wilder” being an indicator that the user’s parents had not separated by age 21.

SEE: Can Russian hackers be stopped? Here’s why it might take 20 years (TechRepublic cover story) | download the PDF version

Additional resources

  • How a Facebook app scraped millions of people’s personal data (CBS News)
  • Facebook reportedly thinks there’s no ‘expectation of privacy’ on social media (CNET)
  • Cambridge Analytica: ‘We know what you want before you want it’ (TechRepublic)
  • Average US citizen had personal information stolen at least 4 times in 2019 (TechRepublic)
  • Facebook: We’ll pay you to track down apps that misuse your data (ZDNet)
  • Most consumers do not trust big tech with their privacy (TechRepublic)
  • Facebook asks permission to use personal data in Brazil (ZDNet)

What is the timeline of the Facebook data privacy scandal?

Facebook has more than a decade-long track record of incidents highlighting inadequate and insufficient measures to protect data privacy. While the severity of these individual cases varies, the sequence of repeated failures paints a larger picture of systemic problems.

SEE: All TechRepublic cheat sheets and smart person’s guides

In 2005, researchers at MIT created a script that downloaded publicly posted information of more than 70,000 users from four schools. (Facebook only began to allow search engines to crawl profiles in September 2007.)

In 2007, activities that users engaged in on other websites was automatically added to Facebook user profiles as part of Beacon, one of Facebook’s first attempts to monetize user profiles. As an example, Beacon indicated on the Facebook News Feed the titles of videos that users rented from Blockbuster Video, which was a violation of the Video Privacy Protection Act . A class action suit was filed, for which Facebook paid $9.5 million to a fund for privacy and security as part of a settlement agreement.

SEE: The Brexit dilemma: Will London’s start-ups stay or go? (TechRepublic cover story)

In 2011, following an FTC investigation, the company entered into a consent decree, promising to address concerns about how user data was tracked and shared. That investigation was prompted by an incident in December 2009 in which information thought private by users was being shared publicly, according to contemporaneous reporting by The New York Times .

In 2013, Facebook disclosed details of a bug that exposed the personal details of six million accounts over approximately a year . When users downloaded their own Facebook history, that user would obtain in the same action not just their own address book, but also the email addresses and phone numbers of their friends that other people had stored in their address books. The data that Facebook exposed had not been given to Facebook by users to begin with–it had been vacuumed from the contact lists of other Facebook users who happen to know that person. This phenomenon has since been described as “shadow profiles.”

The Cambridge Analytica portion of the data privacy scandal starts in February 2014. A spate of reviews on the Turkopticon website–a third-party review website for users of Amazon’s Mechanical Turk–detail a task requested by Aleksandr Kogan asking users to complete a survey in exchange for money. The survey required users to add the thisisyourdigitiallife app to their Facebook account, which is in violation of Mechanical Turk’s terms of service . One review quotes the request as requiring users to “provide our app access to your Facebook so we can download some of your data–some demographic data, your likes, your friends list, whether your friends know one another, and some of your private messages.”

In December 2015, Facebook learned for the first time that the data set Kogan generated with the app was shared with Cambridge Analytica. Facebook founder and CEO Mark Zuckerberg claims “we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.”

According to Cambridge Analytica, the company took legal action in August 2016 against GSR (Kogan) for licensing “illegally acquired data” to the company, with a settlement reached that November.

On March 17, 2018, an exposé was published by The Guardian and The New York Times , initially reporting that 50 million Facebook profiles were harvested by Cambridge Analytica; the figure was later revised to “up to 87 million” profiles. The exposé relies on information provided by Christopher Wylie, a former employee of SCL Elections and Global Science Research, the creator of the thisisyourdigitiallife app. Wylie claimed that the data from that app was sold to Cambridge Analytica, which used the data to develop “psychographic” profiles of users, and target users with pro-Trump advertising, a claim that Cambridge Analytica denied.

On March 16, 2018, Facebook threatened to sue The Guardian over publication of the story, according to a tweet by Guardian reporter Carole Cadwalladr . Campbell Brown, a former CNN journalist who now works as head of news partnerships at Facebook, said it was “not our wisest move,” adding “If it were me I would have probably not threatened to sue The Guardian.” Similarly, Cambridge Analytica threatened to sue The Guardian for defamation .

On March 20, 2018, the FTC opened an investigation to determine if Facebook had violated the terms of the settlement from the 2011 investigation.

In April 2018, reports indicated that Facebook granted Zuckerberg and other high ranking executives powers over controlling personal information on a platform that is not available to normal users. Messages from Zuckerberg sent to other users were remotely deleted from users’ inboxes, which the company claimed was part of a corporate security measure following the 2014 Sony Pictures hack . Facebook subsequently announced plans to make available the “unsend” capability “to all users in several months,” and that Zuckerberg will be unable to unsend messages until such time that feature rolls out. Facebook added the feature 10 months later , on February 6, 2019. The public feature permits users to delete messages up to 10 minutes after the messages were sent. In the controversy prompting this feature to be added, Zuckerberg deleted messages months after they were sent.

On April 4, 2018, The Washington Post reported that Facebook announced “malicious actors” abused the search function to gather public profile information of “most of its 2 billion users worldwide.”

In a CBS News/YouGov poll published on April 10, 2018, 61% of Americans said Congress should do more to regulate social media and tech companies. This sentiment was echoed in a CBS News interview with Box CEO Aaron Levie and YML CEO Ashish Toshniwal who called on Congress to regulate Facebook. According to Levie, “There are so many examples where we don’t have modern ways of either regulating, controlling, or putting the right protections in place in the internet age. And this is a fundamental issue that, that we’re gonna have to grapple with as an industry for the next decade.”

On April 18, 2018, Facebook updated its privacy policy .

On May 2, 2018, SCL Group, which owns Cambridge Analytica, was dissolved. In a press release , the company indicated that “the siege of media coverage has driven away virtually all of the Company’s customers and suppliers.”

On May 15, 2018, The New York Times reported that Cambridge Analytica is being investigated by the FBI and the Justice Department. A source indicated to CBS News that prosecutors are focusing on potential financial crimes.

On May 16, 2018, Christopher Wylie testified before the Senate Judiciary Committee . Among other things, Wylie noted that Cambridge Analytica, under the direction of Steve Bannon, sought to “exploit certain vulnerabilities in certain segments to send them information that will remove them from the public forum, and feed them conspiracies and they’ll never see mainstream media.” Wylie also noted that the company targeted people with “characteristics that would lead them to vote for the Democratic party, particularly African American voters.”

On June 3, 2018, a report in The New York Times indicated that Facebook had maintained data-sharing partnerships with mobile device manufacturers, specifically naming Apple, Amazon, BlackBerry, Microsoft, and Samsung. Under the terms of this personal information sharing, device manufacturers were able to gather information about users in order to deliver “the Facebook experience,” the Times quotes a Facebook official as saying. Additionally, the report indicates that this access allowed device manufacturers to obtain data about a user’s Facebook friends, even if those friends had configured their privacy settings to deny information sharing with third parties.

The same day, Facebook issued a rebuttal to the Times report indicating that the partnerships were conceived because “the demand for Facebook outpaced our ability to build versions of the product that worked on every phone or operating system,” at a time when the smartphone market included BlackBerry’s BB10 and Windows Phone operating systems, among others. Facebook claimed that “contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.” The distinction being made is partially semantic, as Facebook does not consider these partnerships a third party in this case. Facebook noted that changes to the platform made in April began “winding down” access to these APIs, and that 22 of the partnerships had already been ended.

On June 5, 2018, the The Washington Post and The New York Times reported that the Chinese device manufacturers Huawei, Lenovo, Oppo, and TCL were granted access to user data under this program. Huawei, along with ZTE, are facing scrutiny from the US government on unsubstantiated accusations that products from these companies pose a national security risk .

On July 2, 2018, The Washington Post reported that the US Securities and Exchange Commission, Federal Trade Commission, and Federal Bureau of Investigation have joined the Department of Justice inquiry into the Facebook/Cambridge Analytica data scandal. In a statement to CNET , Facebook indicated that “We’ve provided public testimony, answered questions, and pledged to continue our assistance as their work continues.” On July 11th, the Wall Street Journal reported that the SEC is separately investigating if Facebook adequately warned investors in a timely manner about the possible misuse and improper collection of user data. The same day, the UK assessed a £500,000 fine to Facebook , the maximum permitted by law, over its role in the data scandal. The UK’s Information Commissioner’s Office is also preparing to launch a criminal probe into SCL Elections over their involvement in the scandal.

On July 3, 2018, Facebook acknowledged a “bug” unblocked people that users has blocked between May 29 and June 5.

On July 12, 2018, a CNBC report indicated that a privacy loophole was discovered and closed. A Chrome plug-in intended for marketing research called allowed users to access the list of members for private Facebook groups. Congress sent a letter to Zuckerberg on February 19, 2019 demanding answers about the data leak, stating in part that “labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have,” and “Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others.”

Fallout from a confluence of factors in the Facebook data privacy scandal has come to bear in the last week of July 2018. On July 25th, Facebook announced that daily active user counts have fallen in Europe, and growth has stagnated in the US and Canada. The following day, Facebook suffered the worst single-day market value decrease for a public company in the US, dropping $120 billion , or 19%. On the July 28th, Reuters reported that shareholders are suing Facebook, Zuckerberg, and CFO David Wehner for “making misleading statements about or failing to disclose slowing revenue growth, falling operating margins, and declines in active users.”

On August 22, 2018, Facebook removed Facebook-owned security app Onavo from the App Store , for violating privacy rules. Data collected through the Onavo app is shared with Facebook.

In testimony before the Senate, on September 5, 2018, COO Sheryl Sandberg conceded that the company “[was] too slow to spot this and too slow to act” on privacy protections. Sandberg, and Twitter CEO Jack Dorsey faced questions focusing on user privacy, election interference, and political censorship. Senator Mark Warner of Virginia even said that, “The era of the wild west in social media is coming to an end,” which seems to indicate coming legislation.

On September 6, 2018, a spokesperson indicated that Joseph Chancellor was no longer employed by Facebook . Chancellor was a co-director of Global Science Research, the firm which improperly provided user data to Cambridge Analytica. An internal investigation was launched in March in part to determine his involvement. No statement was released indicating the result of that investigation.

On September 7, 2018, Zuckerberg stated in a post that fixing issues such as “defending against election interference by nation states, protecting our community from abuse and harm, or making sure people have control of their information and are comfortable with how it’s used,” is a process which “will extend through 2019.”

On September 26, 2018, WhatsApp co-founder Brian Acton stated in an interview with Forbes that “I sold my users’ privacy” as a result of the messaging app being sold to Facebook in 2014 for $22 billion.

On September 28, 2018, Facebook disclosed details of a security breach which affected 50 million users . The vulnerability originated from the “view as” feature which can be used to let users see what their profiles look like to other people. Attackers devised a way to export “access tokens,” which could be used to gain control of other users’ accounts .

A CNET report published on October 5, 2018, details the existence of an “ Internet Bill of Rights ” drafted by Rep. Ro Khanna (D-CA). The bill is likely to be introduced in the event the Democrats regain control of the House of Representatives in the 2018 elections. In a statement, Khanna noted that “As our lives and the economy are more tied to the internet, it is essential to provide Americans with basic protections online.”

On October 11, 2018, Facebook deleted over 800 pages and accounts in advance of the 2018 elections for violating rules against spam and “inauthentic behavior.” The same day, it disabled accounts for a Russian firm called “Social Data Hub,” which claimed to sell scraped user data. A Reuters report indicates that Facebook will ban false information about voting in the midterm elections.

On October 16, 2018, rules requiring public disclosure of who pays for political advertising on Facebook, as well as identity verification of users paying for political advertising, were extended to the UK . The rules were first rolled out in the US in May.

On October 25, 2018, Facebook was fined £500,000 by the UK’s Information Commissioner’s Office for their role in the Cambridge Analytica scandal. The fine is the maximum amount permitted by the Data Protection Act 1998. The ICO indicated that the fine was final. A Facebook spokesperson told ZDNet that the company “respectfully disagreed,” and has filed for appeal .

The same day, Vice published a report indicating that Facebook’s advertiser disclosure policy was trivial to abuse. Reporters from Vice submitted advertisements for approval attributed to Mike Pence, DNC Chairman Tom Perez, and Islamic State, which were approved by Facebook. Further, the contents of the advertisements were copied from Russian advertisements. A spokesperson for Facebook confirmed to Vice that the copied content does not violate rules, though the false attribution does. According to Vice, the only denied submission was attributed to Hillary Clinton.

On October 30, 2018, Vice published a second report in which it claimed that it successfully applied to purchase advertisements attributed to all 100 sitting US Senators, indicating that Facebook had yet to fix the problem reported in the previous week. According to Vice, the only denied submission in this test was attributed to Mark Zuckerberg.

On November 14, 2018, the New York Times published an exposé on the Facebook data privacy scandal, citing interviews of more than 50 people, including current and former Facebook executives and employees. In the exposé, the Times reports:

  • In the Spring of 2016, a security expert employed by Facebook informed Chief Security Officer Alex Stamos of Russian hackers “probing Facebook accounts for people connected to the presidential campaigns,” which Stamos, in turn, informed general counsel Colin Stretch.
  • A group called “Project P” was assembled by Zuckerberg and Sandberg to study false news on Facebook. By January 2017, this group “pressed to issue a public paper” about their findings, but was stopped by board members and Facebook vice president of global public policy Joel Kaplan, who had formerly worked in former US President George W. Bush’s administration.
  • In Spring and Summer of 2017, Facebook was “publicly claiming there had been no Russian effort of any significance on Facebook,” despite an ongoing investigation into the extent of Russian involvement in the election.
  • Sandberg “and deputies” insisted that the post drafted by Stamos to publicly acknowledge Russian involvement for the first time be made “less specific” before publication.
  • In October 2017, Facebook expanded their engagement with Republican-linked firm Definers Public Affairs to discredit “activist protesters.” That firm worked to link people critical of Facebook to liberal philanthropist George Soros , and “[lobbied] a Jewish civil rights group to cast some criticism of the company as anti-Semitic.”
  • Following comments critical of Facebook by Apple CEO Tim Cook , a spate of articles critical of Apple and Google began appearing on NTK Network, an organization which shares an office and staff with Definers. Other articles appeared on the website downplaying the Russians’ use of Facebook.

On November 15, 2018, Facebook announced it had terminated its relationship with Definers Public Affairs, though it disputed that either Zuckerberg or Sandberg was aware of the “specific work being done.” Further, a Facebook spokesperson indicated “It is wrong to suggest that we have ever asked Definers to pay for or write articles on Facebook’s behalf, or communicate anything untrue.”

On November 22, 2018, Sandberg acknowledged that work produced by Definers “was incorporated into materials presented to me and I received a small number of emails where Definers was referenced.”

On November 25, 2018, the founder of Six4Three, on a business trip to London, was compelled by Parliament to hand over documents relating to Facebook . Six4Three obtained these documents during the discovery process relating to an app developed by the startup that used image recognition to identify photos of women in bikinis shared on Facebook users’ friends’ pages. Reports indicate that Parliament sent an official to the founder’s hotel with a warning that noncompliance would result in possible fines or imprisonment. Despite the warning, the founder of the startup remained noncompliant, prompting him to be escorted to Parliament, where he turned over the documents.

A report in the New York Times published on November 29, 2018, indicates that Sheryl Sandberg personally asked Facebook communications staff in January to “research George Soros’s financial interests in the wake of his high-profile attacks on tech companies.”

On December 5, 2018, documents obtained in the probe of Six4Three were released by Parliament . Damian Collins, the MP who issued the order compelling the handover of the documents in November, highlighted six key points from the documents:

  • Facebook entered into whitelisting agreements with Lyft, Airbnb, Bumble, and Netflix, among others, allowing those groups full access to friends data after Graph API v1 was discontinued. Collins indicates “It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.”
  • According to Collins, “increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers’ relationship with Facebook is a recurring feature of the documents.”
  • Data reciprocity between Facebook and app developers was a central focus for the release of Platform v3, with Zuckerberg discussing charging developers for access to API access for friend lists.
  • Internal discussions of changes to the Facebook Android app acknowledge that requesting permissions to collect calls and texts sent by the user would be controversial, with one project manager stating it was “a pretty high-risk thing to do from a PR perspective.”
  • Facebook used data collected through Onavo, a VPN service the company acquired in 2013, to survey the use of mobile apps on smartphones. According to Collins, this occurred “apparently without [users’] knowledge,” and was used by Facebook to determine “which companies to acquire, and which to treat as a threat.”
  • Collins contends that “the files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.” Documents disclosed specifically indicate Facebook revoked API access to video sharing service Vine.

In a statement , Facebook claimed, “Six4Three… cherrypicked these documents from years ago.” Zuckerberg responded separately to the public disclosure on Facebook, acknowledging, “Like any organization, we had a lot of internal discussion and people raised different ideas.” He called the Facebook scrutiny “healthy given the vast number of people who use our services,” but said it shouldn’t “misrepresent our actions or motives.”

On December 14, 2018, a vulnerability was disclosed in the Facebook Photo API that existed between September 13-25, 2018, exposing private photos of 6.8 million users. The Photo API bug affected people who use Facebook to log in to third-party services.

On December 18, 2018, The New York Times reported on special data sharing agreements that “[exempted] business partners from its usual privacy rules, naming Microsoft’s Bing search engine, Netflix, Spotify, Amazon, and Yahoo as partners in the report. Partners were capable of accessing data including friend lists and private messages, “despite public statements it had stopped that type of sharing years earlier.” Facebook claimed the data sharing was about “helping people,” and that this was not done without user consent.

On January 17, 2019, Facebook disclosed that it removed hundreds of pages and accounts controlled by Russian propaganda organization Sputnik, including accounts posing as politicians from primarily Eastern European countries.

On January 29, 2019, a TechCrunch report uncovered the “Facebook Research” program , which paid users aged 13 to 35 to receive up to $20 per month to install a VPN application similar to Onavo that allowed Facebook to gather practically all information about how phones were used. On iOS, this was distributed using Apple’s Developer Enterprise Program, for which Apple briefly revoked Facebook’s certificate as a result of the controversy .

Facebook initially indicated that “less than 5% of the people who chose to participate in this market research program were teens,” and on March 1, 2019 amended the statement to “about 18 percent.”

On February 7, 2019, the German antitrust office ruled that Facebook must obtain consent before collecting data on non-Facebook members, following a three-year investigation.

On February 20, 2019, Facebook added new location controls to its Android app that allows users to limit background data collection when the app is not in use .

The same day, ZDNet reported that Microsoft’s Edge browser contained a secret whitelist allowing Facebook to run Adobe Flash, bypassing the click-to-play policy that other websites are subject to for Flash objects over 398×298 pixels. The whitelist was removed in the February 2019 Patch Tuesday update.

On March 6, 2019, Zuckerberg announced a plan to rebuild services around encryption and privacy , “over the next few years.” As part of these changes, Facebook will make messages between Facebook, Instagram, and WhatsApp interoperable. Former Microsoft executive Steven Sinofsky –who was fired after the poor reception of Windows 8–called the move “fantastic,” comparing it to Microsoft’s Trustworthy Computing initiative in 2002.

CNET and CBS News Senior Producer Dan Patterson noted on CBSN that Facebook can benefit from this consolidation by making the messaging platforms cheaper to operate, as well as profiting from users sending money through the messaging platform, in a business model similar to Venmo.

On March 21, 2019, Facebook disclosed a lapse in security that resulted in hundreds of millions of passwords being stored in plain text, affecting users of Facebook, Facebook Lite, and Instagram. Facebook claimed that “these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

Though Facebook’s post does not provide specifics, a report by veteran security reporter Brian Krebs claimed “between 200 million and 600 million” users were affected, and that “more than 20,000 Facebook employees” would have had access.

On March 22, 2019, a court filing by the attorney general of Washington DC alleged that Facebook knew about the Cambridge Analytica scandal months prior to the first public reports in December 2015. Facebook claimed that employees knew of rumors relating to Cambridge Analytica, but the claims relate to a “different incident” than the main scandal, and insisted that the company did not mislead anyone about the timeline of the scandal.

Facebook is seeking to have the case filed in Washington DC dismissed, as well as to seal a document filed in that case.

On March 31, 2019, The Washington Post published an op-ed by Zuckerberg calling for governments and regulators to take a “more active role” in regulating the internet. Shortly after, Facebook introduced a feature that explains why content is shown to users on their news feeds .

On April 3, 2019, over 540 million Facebook-related records were found on two improperly protected AWS servers . The data was collected by Cultura Colectiva, a Mexico-based online media platform, using Facebook APIs. Amazon deactivated the associated account at Facebook’s request.

On April 15, 2019, it was discovered that Oculus, a company owned by Facebook, shipped VR headsets with internal etchings including text such as “ Big Brother is Watching .”

On April 18, 2019, Facebook disclosed the “unintentional” harvesting of email contacts belonging to approximately 1.5 million users over the course of three years. Affected users were asked to provide email address credentials to verify their identity.

On April 30, 2019, at Facebook’s F8 developer conference , the company unveiled plans to overhaul Messenger and re-orient Facebook to prioritize Groups instead of the timeline view, with Zuckerberg declaring “The future is private.”

On May 9, 2019, Facebook co-founder Chris Hughes called for Facebook to be broken up by government regulators, in an editorial in The New York Times. Hughes, who left the company in 2007, cited concerns that Zuckerberg has surrounded himself with people who do not challenge him . “We are a nation with a tradition of reining in monopolies, no matter how well-intentioned the leaders of these companies may be. Mark’s power is unprecedented and un-American,” Hughes said.

Proponents of a Facebook breakup typically point to unwinding the social network’s purchase of Instagram and WhatsApp.

Zuckerberg dismissed Hughes’ appeal for a breakup in comments to France 2, stating in part that “If what you care about is democracy and elections, then you want a company like us to invest billions of dollars a year, like we are, in building up really advanced tools to fight election interference.”

On May 24, 2019, a report from Motherboard claimed “multiple” staff members of Snapchat used internal tools to spy on users .

On July 8, 2019, Apple co-founder Steve Wozniak warned users to get off of Facebook .

On July 18, 2019, lawmakers in a House Committee on Financial Services hearing expressed mistrust of Facebook’s Libra cryptocurrency plan due to its “pattern of failing to keep consumer data private.” Lawmakers had previously issued a letter to Facebook requesting the company pause development of the project.

On July 24, 2019, the FTC announced a $5 billion settlement with Facebook over user privacy violations. Facebook agreed to conduct an overhaul of its consumer privacy practices as part of the settlement. Access to friend data by Sony and Facebook was “immediately” restricted as part of this settlement, according to CNET. Separately, the FTC settled with Aleksandr Kogan and former Cambridge Analytica CEO Alexander Nix , “restricting how they conduct any business in the future, and requiring them to delete or destroy any personal information they collected.” The FTC announced a lawsuit against Cambridge Analytica the same day.

Also on July 24, 2019, Netflix released “The Great Hack,” a documentary about the Cambridge Analytica scandal .

In early July, 2020, Facebook admitted to sharing user data with an estimated 5,000 third-party developers after it access to that data was supposed to expire.

Zuckerberg testified before Congress again on July 29, 2020, as part of an antitrust hearing that included Amazon’s Jeff Bezos, Apple’s Tim Cook, and Google’s Sundar Pichai . The hearing didn’t touch on Facebook’s data privacy scandal, and was instead focused on Facebook’s purchase of Instagram and WhatsApp , as well as its treatment of other competing services.

  • Facebook knew of illicit user profile harvesting for 2 years, never acted (CBS News)
  • Facebook’s FTC consent decree deal: What you need to know (CNET)
  • Australia’s Facebook investigation expected to take at least 8 months (ZDNet)
  • Election tech: The truth about Cambridge Analytica’s political big data (TechRepublic)
  • Google sued by ACCC for allegedly linking data for ads without consent (ZDNet)
  • Midterm elections, social media and hacking: What you need to know (CNET)
  • Critical flaw revealed in Facebook Fizz TLS project (ZDNet)
  • CCPA: What California’s new privacy law means for Facebook, Twitter users (CNET)

What are the key companies involved in the Facebook data privacy scandal?

In addition to Facebook, these are the companies connected to this data privacy story.

SCL Group (formerly Strategic Communication Laboratories) is at the center of the privacy scandal, though it has operated primarily through subsidiaries. Nominally, SCL was a behavioral research/strategic communication company based in the UK. The company was dissolved on May 1, 2018.

Cambridge Analytica and SCL USA are offshoots of SCL Group, primarily operating in the US. Registration documentation indicates the pair formally came into existence in 2013. As with SCL Group, the pair were dissolved on May 1, 2018.

Global Science Research was a market research firm based in the UK from 2014 to 2017. It was the originator of the thisisyourdigitiallife app. The personal data derived from the app (if not the app itself) was sold to Cambridge Analytica for use in campaign messaging.

Emerdata is the functional successor to SCL and Cambridge Analytica. It was founded in August 2017, with registration documents listing several people associated with SCL and Cambridge Analytica, as well as the same address as that of SCL Group’s London headquarters.

AggregateIQ is a Canadian consulting and technology company founded in 2013. The company produced Ripon, the software platform for Cambridge Analytica’s political campaign work, which leaked publicly after being discovered in an unprotected GitLab bucket .

Cubeyou is a US-based data analytics firm that also operated surveys on Facebook, and worked with Cambridge University from 2013 to 2015. It was suspended from Facebook in April 2018 following a CNBC report .

Six4Three was a US-based startup that created an app that used image recognition to identify photos of women in bikinis shared on Facebook users’ friends’ pages. The company sued Facebook in April 2015, when the app became inoperable after access to this data was revoked when the original version of Facebook’s Graph API was discontinued .

Onavo is an analytics company that develops mobile apps. They created Onavo Extend and Onavo Protect, which are VPN services for data protection and security, respectively. Facebook purchased the company in October 2013 . Data from Onavo is used by Facebook to track usage of non-Facebook apps on smartphones .

The Internet Research Agency is a St. Petersburg-based organization with ties to Russian intelligence services. The organization engages in politically-charged manipulation across English-language social media, including Facebook.

  • If your organization advertises on Facebook, beware of these new limitations (TechRepublic)
  • Data breach exposes Cambridge Analytica’s data mining tools (ZDNet)
  • Was your business’s Twitter feed sold to Cambridge Analytica? (TechRepublic)
  • US special counsel indicts 13 members of Russia’s election meddling troll farm (ZDNet)

Who are the key people involved in the Facebook data privacy scandal?

Nigel Oakes is the founder of SCL Group, the parent company of Cambridge Analytica. A report from Buzzfeed News unearthed a quote from 1992 in which Oakes stated, “We use the same techniques as Aristotle and Hitler. … We appeal to people on an emotional level to get them to agree on a functional level.”

Alexander Nix was the CEO of Cambridge Analytica and a director of SCL Group. He was suspended following reports detailing a video in which Nix claimed the company “offered bribes to smear opponents as corrupt,” and that it “campaigned secretly in elections… through front companies or using subcontractors.”

Robert Mercer is a conservative activist, computer scientist, and a co-founder of Cambridge Analytica. A New York Times report indicates that Mercer invested $15 million in the company. His daughters Jennifer Mercer and Rebekah Anne Mercer serve as directors of Emerdata.

Christopher Wylie is the former director of research at Cambridge Analytica. He provided information to The Guardian for its exposé of the Facebook data privacy scandal. He has since testified before committees in the US and UK about Cambridge Analytica’s involvement in this scandal.

Steve Bannon is a co-founder of Cambridge Analytica, as well as a founding member and former executive chairman of Breitbart News, an alt-right news outlet. Breitbart News has reportedly received funding from the Mercer family as far back as 2010. Bannon left Breitbart in January 2018. According to Christopher Wylie, Bannon is responsible for testing phrases such as “ drain the swamp ” at Cambridge Analytica, which were used extensively on Breitbart.

Aleksandr Kogan is a Senior Research Associate at Cambridge University and co-founder of Global Science Research, which created the data harvesting thisisyourdigitiallife app. He worked as a researcher and consultant for Facebook in 2013 and 2015. Kogan also received Russian government grants and is an associate professor at St. Petersburg State University, though he claims this is an honorary role .

Joseph Chancellor was a co-director of Global Science Research, which created the data harvesting thisisyourdigitiallife app. Around November 2015, he was hired by Facebook as a “quantitative social psychologist.” A spokesperson indicated on September 6, 2018, that he was no longer employed by Facebook.

Michal Kosinski , David Stillwell , and Thore Graepel are the researchers who proposed and developed the model to “psychometrically” analyze users based on their Facebook likes. At the time this model was published, Kosinski and Stillwell were affiliated with Cambridge University, while Graepel was affiliated with the Cambridge-based Microsoft Research. (None have an association with Cambridge Analytica, according to Cambridge University .)

Mark Zuckerberg is the founder and CEO of Facebook. He founded the website in 2004 from his dorm room at Harvard.

Sheryl Sandberg is the COO of Facebook. She left Google to join the company in March 2008. She became the eighth member of the company’s board of directors in 2012 and is the first woman in that role.

Damian Collins is a Conservative Party politician based in the United Kingdom. He currently serves as the Chair of the House of Commons Culture, Media and Sport Select Committee. Collins is responsible for issuing orders to seize documents from the American founder of Six4Three while he was traveling in London, and releasing those documents publicly.

Chris Hughes is one of four Facebook co-founders, who originally took on beta testing and feedback for the website, until leaving in 2007. Hughes is the first to call for Facebook to be broken up by regulators.

  • Facebook investigates employee’s ties to Cambridge Analytica (CBS News)
  • Aleksandr Kogan: The link between Cambridge Analytica and Facebook (CBS News)
  • Video: Cambridge Analytica shuts down following data scandal (CBS News)

How have Facebook and Mark Zuckerberg responded to the data privacy scandal?

Each time Facebook finds itself embroiled in a privacy scandal, the general playbook seems to be the same: Mark Zuckerberg delivers an apology, with oft-recycled lines, such as “this was a big mistake,” or “I know we can do better.” Despite repeated controversies regarding Facebook’s handling of personal data, it has continued to gain new users. This is by design–founding president Sean Parker indicated at an Axios conference in November 2017 that the first step of building Facebook features was “How do we consume as much of your time and conscious attention as possible?” Parker also likened the design of Facebook to “exploiting a vulnerability in human psychology.”

On March 16, 2018, Facebook announced that SCL and Cambridge Analytica had been banned from the platform. The announcement indicated, correctly, that “Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time,” and passing the information to a third party was against the platform policies.

The following day, the announcement was amended to state:

The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.

On March 21, 2018, Mark Zuckerberg posted his first public statement about the issue, stating in part that:

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”

On March 26, 2018, Facebook placed full-page ads stating : “This was a breach of trust, and I’m sorry we didn’t do more at the time. We’re now taking steps to ensure this doesn’t happen again,” in The New York Times, The Washington Post, and The Wall Street Journal, as well as The Observer, The Sunday Times, Mail on Sunday, Sunday Mirror, Sunday Express, and Sunday Telegraph in the UK.

In a blog post on April 4, 2018, Facebook announced a series of changes to data handling practices and API access capabilities. Foremost among these include limiting the Events API, which is no longer able to access the guest list or wall posts. Additionally, Facebook removed the ability to search for users by phone number or email address and made changes to the account recovery process to fight scraping.

On April 10, 2018, and April 11, 2018, Mark Zuckerberg testified before Congress. Details about his testimony are in the next section of this article.

On April 10, 2018, Facebook announced the launch of its data abuse bug bounty program. While Facebook has an existing security bug bounty program, this is targeted specifically to prevent malicious users from engaging in data harvesting. There is no limit to how much Facebook could potentially pay in a bounty, though to date the highest amount the company has paid is $40,000 for a security bug.

On May 14, 2018, “around 200” apps were banned from Facebook as part of an investigation into if companies have abused APIs to harvest personal information. The company declined to provide a list of offending apps.

On May 22, 2018, Mark Zuckerberg testified, briefly, before the European Parliament about the data privacy scandal and Cambridge Analytica. The format of the testimony has been the subject of derision, as all of the questions were posed to Zuckerberg before he answered. Guy Verhofstadt, an EU Parliament member representing Belgium, said , “I asked you six ‘yes’ and ‘no’ questions, and I got not a single answer.”

What did Mark Zuckerberg say in his testimony to Congress?

In his Senate testimony on April 10, 2018, Zuckerberg reiterated his apology, stating that “We didn’t take a broad enough view of our responsibility, and that was a big mistake. And it was my mistake. And I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here,” adding in a response to Sen. John Thune that “we try not to make the same mistake multiple times.. in general, a lot of the mistakes are around how people connect to each other, just because of the nature of the service.”

Sen. Amy Klobuchar asked if Facebook had determined whether Cambridge Analytica and the Internet Research Agency were targeting the same users. Zuckerberg replied, “We’re investigating that now. We believe that it is entirely possible that there will be a connection there.” According to NBC News , this was the first suggestion there is a link between the activities of Cambridge Analytica and the Russian disinformation campaign.

On June 11, 2018, nearly 500 pages of new testimony from Zuckerberg was released following promises of a follow-up to questions for which he did not have sufficient information to address during his Congressional testimony. The Washington Post notes that the release, “in some instances sidestepped lawmakers’ questions and concerns,” but that the questions being asked were not always relevant, particularly in the case of Sen. Ted Cruz, who attempted to bring attention to Facebook’s donations to political organizations, as well as how Facebook treats criticism of “Taylor Swift’s recent cover of an Earth, Wind and Fire song.”

  • Facebook gave Apple, Samsung access to data about users — and their friends (CNET)
  • Zuckerberg doubles down on Facebook’s fight against fake news, data misuse (CNET)
  • Tech execs react to Mark Zuckerberg’s apology: “I think he’s sorry he has to testify” (CBS News)
  • On Facebook, Zuckerberg gets privacy and you get nothing (ZDNet)
  • 6 Facebook security mistakes to fix on Data Privacy Day (CNET)
  • Zuckerberg takes Facebook data apology tour to Washington (CNET)
  • Zuckerberg’s Senate hearing highlights in 10 minutes (CNET via YouTube)
  • Russian politicians call on Facebook’s Mark Zuckerberg to testify on privacy (CNET)

What is the 2016 US presidential election connection to the Facebook data privacy scandal?

In December 2015, The Guardian broke the story of Cambridge Analytica being contracted by Ted Cruz’s campaign for the Republican Presidential Primary. Despite Cambridge Analytica CEO Alexander Nix’s claim i n an interview with TechRepublic that the company is “fundamentally politically agnostic and an apolitical organization,” the primary financier of the Cruz campaign is Cambridge Analytica co-founder Robert Mercer, who donated $11 million to a pro-Cruz Super PAC. Following Cruz’s withdrawal from the campaign in May 2016, the Mercer family began supporting Donald Trump.

In January 2016, Facebook COO Sheryl Sandberg told investors that the election was “a big deal in terms of ad spend,” and that through “using Facebook and Instagram ads you can target by congressional district, you can target by interest, you can target by demographics or any combination of those.”

In October 2017, Facebook announced changes to its advertising platform, requiring identity and location verification and prior authorization in order to run electoral advertising. In the wake of the fallout from the data privacy scandal, further restrictions were added in April 2018, making “issue ads” regarding topics of current interest similarly restricted .

In secretly recorded conversations by an undercover team from Channel 4 News, Cambridge Analytica’s Nix claimed the firm was behind the “defeat crooked Hillary” advertising campaign, adding, “We just put information into the bloodstream of the internet and then watch it grow, give it a little push every now and again over time to watch it take shape,” and that “this stuff infiltrates the online community, but with no branding, so it’s unattributable, untrackable.” The same exposé quotes Chief Data Officer Alex Tayler as saying, “When you think about the fact that Donald Trump lost the popular vote by 3 million votes but won the electoral college vote, that’s down to the data and the research.”

  • How Cambridge Analytica used your Facebook data to help elect Trump (ZDNet)
  • Facebook takes down fake accounts operated by ‘Roger Stone and his associates’ (ZDNet)
  • Facebook, Cambridge Analytica and data mining: What you need to know (CNET)
  • Civil rights auditors slam Facebook stance on Trump, voter suppression (ZDNet)
  • The Trump campaign app is tapping a “gold mine” of data about Americans (CBS News)

What is the Brexit tie-in to the Facebook data privacy scandal?

AggregateIQ was retained by Nigel Farage’s Vote Leave organization in the Brexit campaign , and both The Guardian and BBC claim that the Canadian company is connected to Cambridge Analytica and its parent organization SCL Group. UpGuard, the organization that found a public GitLab instance with code from AggregateIQ, has extensively detailed its connection to Cambridge Analytica and its involvement in Brexit campaigning .

Additionally, The Guardian quotes Wylie as saying the company “was set up as a Canadian entity for people who wanted to work on SCL projects who didn’t want to move to London.”

  • Brexit: A cheat sheet (TechRepublic)
  • Facebook suspends another data analytics firm, AggregateIQ (CBS News)
  • Lawmakers grill academic at heart of Facebook scandal (CBS News)

How is Facebook affected by the GDPR?

Like any organization providing services to users in European Union countries, Facebook is bound by the EU General Data Protection Regulation ( GDPR ). Due to the scrutiny Facebook is already facing regarding the Cambridge Analytica scandal, as well as the general nature of the social media giant’s product being personal information, its strategy for GDPR compliance is similarly receiving a great deal of focus from users and other companies looking for a model of compliance.

While in theory the GDPR is only applicable to people residing in the EU, Facebook will require users to review their data privacy settings. According to a ZDNet article , Facebook users will be asked if they want to see advertising based on partner information–in practice, websites that feature Facebook’s “Like” buttons. Users globally will be asked if they wish to continue sharing political, religious, and relationship information, while users in Europe and Canada will be given the option of switching automatic facial recognition on again.

Facebook members outside the US and Canada have heretofore been governed by the company’s terms of service in Ireland. This has reportedly been changed prior to the start of GDPR enforcement, as this would seemingly make Facebook liable for damages for users internationally, due to Ireland’s status as an EU member.

  • Google, Facebook hit with serious GDPR complaints: Others will be soon (ZDNet)
  • Facebook rolls out changes to comply with new EU privacy law (CBS News)
  • European court strikes down EU-US Privacy Shield user data exchange agreement as invalid (ZDNet)
  • GDPR security pack: Policies to protect data and achieve compliance (TechRepublic Premium)
  • IT pro’s guide to GDPR compliance (free PDF) (TechRepublic)

What are Facebook “shadow profiles?”

“Shadow profiles” are stores of information that Facebook has obtained about other people–who are not necessarily Facebook users. The existence of “shadow profiles” was discovered as a result of a bug in 2013. When a user downloaded their Facebook history, that user would obtain not just his or her address book, but also the email addresses and phone numbers of their friends that other people had stored in their address books.

Facebook described the issue in an email to the affected users. This is an excerpt of the email, according to security site Packet Storm:

When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. Because of the bug, the email addresses and phone numbers used to make friend recommendations and reduce the number of invitations we send were inadvertently stored in their account on Facebook, along with their uploaded contacts. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, which included their uploaded contacts, they may have been provided with additional email addresses or telephone numbers.

Because of the way that Facebook synthesizes data in order to attribute collected data to existing profiles, data of people who do not have Facebook accounts congeals into dossiers, which are popularly called a “shadow profile.” It is unclear what other sources of input are added to said “shadow profiles,” a term that Facebook does not use, according to Zuckerberg in his Senate testimony.

  • Shadow profiles: Facebook has information you didn’t hand over (CNET)
  • Finally, the world is getting concerned about data privacy (TechRepublic)
  • Firm: Facebook’s shadow profiles are ‘frightening’ dossiers on everyone (ZDNet)

What are the possible implications for enterprises and business users?

Business users and business accounts should be aware that they are as vulnerable as consumers to data exposure. Because Facebook harvests and shares metadata–including SMS and voice call records–between the company’s mobile applications, business users should be aware that their risk profile is the same as a consumer’s. The stakes for businesses and employees could be higher, given that incidental or accidental data exposure could expose the company to liability, IP theft, extortion attempts, and cybercriminals.

Though deleting or deactivating Facebook applications won’t prevent the company from creating so-called advertising “shadow profiles,” it will prevent the company from capturing geolocation and other sensitive data. For actional best practices, contact your company’s legal counsel.

  • Social media policy (TechRepublic Premium)
  • Want to attain and retain customers? Adopt data privacy policies (TechRepublic)
  • Hiring kit: Digital campaign manager (TechRepublic Premium)
  • Photos: All the tech celebrities and brands that have deleted Facebook (TechRepublic)

How can I change my Facebook privacy settings?

According to Facebook, in 2014 the company removed the ability for apps that friends use to collect information about an individual user. If you wish to disable third-party use of Facebook altogether–including Login With Facebook and apps that rely on Facebook profiles such as Tinder–this can be done in the Settings menu under Apps And Websites. The Apps, Websites And Games field has an Edit button–click that, and then click Turn Off.

Facebook has been proactively notifying users who had their data collected by Cambridge Analytica, though users can manually check to see if their data was shared by going to this Facebook Help page .

Facebook is also developing a Clear History button, which the company indicates is “their database record of you.” CNET and CBS News Senior Producer Dan Patterson noted on CBSN that “there aren’t a lot of specifics on what that clearing of the database will do, and of course, as soon as you log back in and start creating data again, you set a new cookie and you start the process again.”

To gain a better understanding of how Facebook handles user data, including what options can and cannot be modified by end users, it may be helpful to review Facebook’s Terms of Service , as well as its Data Policy and Cookies Policy .

  • Ultimate guide to Facebook privacy and security (
  • Facebook’s new privacy tool lets you manage how you’re tracked across the web (CNET)
  • Securing Facebook: Keep your data safe with these privacy settings (ZDNet)
  • How to check if Facebook shared your data with Cambridge Analytica (CNET)

Note: This article was written and reported by James Sanders and Dan Patterson. It was updated by Brandon Vigliarolo.

how to solve facebook privacy issues

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Image of TechRepublic Staff

Create a TechRepublic Account

Get the web's best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let's start with the basics.

* - indicates required fields

Sign in to TechRepublic

Lost your password? Request a new password

Reset Password

Please enter your email adress. You will receive an email message with instructions on how to reset your password.

Check your email for a password reset link. If you didn't receive an email don't forgot to check your spam folder, otherwise contact support .

Welcome. Tell us a little bit about you.

This will help us provide you with customized content.

Want to receive more TechRepublic news?

You're all set.

Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add [email protected] to your contacts list.

  • Skip to main content
  • Keyboard shortcuts for audio player

After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users

Emma Bowman, photographed for NPR, 27 July 2019, in Washington DC.

Emma Bowman

how to solve facebook privacy issues

The leaked data includes personal information from 533 million Facebook users in106 countries. Olivier Douliery/AFP via Getty Images hide caption

The leaked data includes personal information from 533 million Facebook users in106 countries.

Facebook decided not to notify over 530 million of its users whose personal data was lifted in a breach sometime before August 2019 and was recently made available in a public database. Facebook also has no plans to do so, a spokesperson said.

Phone numbers, full names, locations, some email addresses, and other details from user profiles were posted to an amateur hacking forum on Saturday, Business Insider reported last week.

The leaked data includes personal information from 533 million Facebook users in 106 countries.

In response to the reporting, Facebook said in a blog post on Tuesday that "malicious actors" had scraped the data by exploiting a vulnerability in a now-defunct feature on the platform that allowed users to find each other by phone number.

After A Major Hack, U.S. Looks To Fix A Cyber 'Blind Spot'

National Security

After a major hack, u.s. looks to fix a cyber 'blind spot'.

The social media company said it found and fixed the issue in August 2019 and its confident the same route can no longer be used to scrape that data.

"We don't currently have plans to notify users individually," a Facebook spokesman told NPR.

According to the spokesman, the company does not have complete confidence in knowing which users would need to be notified. He also said that in deciding whether to notify users, Facebook weighed the fact that the information was publicly available and that it was not an issue that users could fix themselves.

The information did not include financial information, health information or passwords, Facebook said, but the data leak still leaves users vulnerable, security experts say.

"Scammers can do an enormous amount with little information from us," says CyberScout founder Adam Levin, a cybersecurity expert and consumer protection advocate. In the case of this breach, he said, "It's serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier."

Phone numbers are increasingly used to connect people to their digital presence, including the use of two-factor authentication via text message and phone calls to verify one's identity.

FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations

FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations

The misuse of its user data is a familiar battle for Facebook, and its handling of user privacy has endured scrutiny.

In July 2019, months before patching up the aforementioned issue, Facebook reached a $5 billion settlement with the U.S. Federal Trade Commission for violating an agreement with the agency to protect user privacy.

To find out whether your personal information was leaked in the breach, you can check the data tracking tool, HaveIBeenPwnd . Its creator, Troy Hunt, updated the site with the latest data from the Facebook leak. Hunt said that 65% of the latest batch of data had already been added to the tracker from previous leaks.

Editor's note: Facebook is among NPR's financial supporters.

11 Common Facebook Problems and Errors (and How to Fix Them)

Facebook has lots of problems and frustrations. Here are fixes for the most annoying Facebook issues and errors you'll come across.

Even though nearly everyone uses Facebook, there's plenty wrong with the platform. For every great story or picture you see on Facebook, you have to put up with a dozen low-quality memes, annoying posts, and frustrating user interface elements.

We'll help you put a stop to these Facebook annoyances. Let's look at solutions for some common Facebook problems and errors, so you don't have to put up with them anymore.

1. Require Reviews for Tags

Facebook tagging is a fun feature on the surface, but it's also a privacy risk. If someone takes an embarrassing picture of you and tags you in it, all your friends will be able to see that picture. There's also a risk that someone could use a tagged post to obtain too much personal information about you.

In 2021, Facebook discontinued its facial recognition feature, meaning that the service will no longer recognize your face and suggest it as a tag in photos for your friends. Manual tagging for photos and posts is still an option, however.

You can't completely block photo tags on Facebook, though you can prevent others from seeing tags. Click your profile at the top-right, then go to Settings & privacy > Settings > Privacy > Profile and tagging to see the relevant options.

Here, change the Who can see posts you're tagged in on your profile? to Only me , if you don't want tags to appear at all. You can also change the options under Reviewing to require your approval before tags appear to your friends.

Facebook Profile and Tagging settings

If Facebook Tagging Isn't Working

If it seems like Facebook tagging isn't working, meaning that typing @ followed by someone's name doesn't function, the reason is likely that your friend disabled this option on their account. Try tagging someone else and see if that works. If you still have problems, refer to sections #10 and #11 below for tips on troubleshooting deeper Facebook errors.

2. Mute Excessive Posters on Facebook

We all know someone who posts all the time on Facebook:

  • An uncle shares too many political rants.
  • Your grandpa has no idea how to use Facebook and posts nonsense every day.
  • That one friend shares too many pictures of their pet.
  • A friend from college copies and pastes a blurry JPEG riddled with grammatical errors to let you know that they really hate cancer.

These scenarios result in a Facebook friend dilemma. You don't want to unfriend these people and hurt their feelings, but you're also sick of seeing their posts. The solution is to unfollow them; you won't see their updates anymore, but will still remain friends.

To unfollow someone on Facebook , visit their profile page. On the right side below their cover photo, you should see a box that says Friends . Click that, then select Unfollow .

Facebook Unfollow 2021

Now, you won't have to suffer from that person's posts anymore. You'll still be friends, so you can visit their timeline when you want to check out what they're up to. And if you change your mind, just click the Follow button to start seeing their posts in your feed again.

For a short-term solution, you can also click the three-dot Menu button on any post, then choose Snooze [Name] for 30 days . This will hide their posts for a month, so you can take a break from that person.

Unfollowing someone doesn't send them a notification, so don't worry about them knowing. If you ever want to see everyone you've unfollowed in one place, click your profile photo at the top-right of Facebook and choose Settings & privacy > Feed .

From the resulting menu, pick Reconnect and you'll see everyone you've unfollowed. Click the Plus button to follow any of them again.

3. Keep Important Friends First

On the opposite end of the posting spectrum are friends whose posts you don't want to miss. Facebook's always-changing algorithms mean you might not ever see certain updates from friends. To combat this, you can mark your closest friends to see their updates at the top of your Facebook feed.

Visit the friend's page whose posts you want to prioritize. Click the Friends box again, but this time, select Favorites . Facebook will then put updates from that person closer to the top when you refresh your feed. You're able to add up to 30 people to the Favorites list.

To see who's on your Favorites list, visit the same Feed panel as above and choose Favorites . This will show all your friends; click All at the top-right and change the box to Favorites Only to see who's on the list and easily remove people if needed.

Facebook Manage Favorites

4. Opt Out of Targeted Ads on Facebook

Facebook makes most of its money from advertising. Thus, the platform spends a lot of time trying to serve you the most relevant ads in the hopes you'll interact with them. By default, Facebook tracks you everywhere you go and uses your browsing habits to influence what ads you see. You can opt out of these personalized ads and see more general ones based on your public characteristics.

To do so, click your profile photo at the top-right of Facebook's interface and select Settings & privacy > Settings . On the left sidebar, click the See more in Accounts Center link, as this setting is now applied to all your Meta accounts. Once on this new page, click Ad preferences > Ad settings .

Meta Account Ad Settings

Here, you'll see a few categories. Choose No under Activity information from ad partners and Facebook won't use your activity on other sites to show ads on Facebook.

Open the Categories used to reach you and you can prevent Facebook from using information like your employer, education, and relationship status to show ads. Pick Other Categories at the bottom to see what Facebook thinks you're interested in; choose Remove for any topics you don't want to influence ads.

Next, Audience-based advertising lets you see advertisers that include you on their lists, based on your information or activity. You can check each of these lists, see why you're on it, and prevent that list from being used to show you ads here.

Facebook Advertising List Info

Setting Social interactions to Only Me prevents Facebook from using pages that you like to show ads to your friends.

Finally, if you disable the slider in Ads shown off of Meta , websites that use Meta's ad services can't use your profile to affect the ads you see outside of Facebook.

5. Stop Sharing Posts With Everyone

Just like you get sick of seeing other people's posts on Facebook, sometimes you don't want to share your own updates with certain friends. Maybe you don't want your boss to see what you were up to on your day off, or don't care for another round of commentary on your life from your sister. Using a few methods, you can easily hide your posts from certain people.

If you only want to hide a post from someone once, click the audience selector button in the Create Post window. This appears under your name and probably says Friends or Public . The audience menu has many options to let you control exactly who sees your updates.

One option is to choose Friends except and search for any friends you don't want to see the post. Click the red Remove button to keep them from seeing the post, then Save Changes to finish.

Conversely, you can pick Specific friends to only share with certain people you pick. To get even more granular, try the Custom option, which lets you share with specific people or lists while preventing certain people or lists from seeing the post.

Facebook Change Audience

To keep someone from seeing your posts all the time, you can add them to your Restricted list . People on this list won't see anything you post unless it's set to Public or you tag them in it. To add someone to this list, visit their page, select the Friends button, and then click Edit Friend List . Scroll down and click the Restricted list.

In this panel, you can also add that person to the Close Friends group. This list also provides an easy way to share posts exclusively with your most trusted friends, and is an option in the audience selector.

Facebook Restricted List Friends

6. Block Annoying Auto-Playing Videos

Very few people like videos that play as soon as you scroll past them. They're loud and can catch you off-guard if you thought your volume was muted. Plus, if you're on a metered connection, they're a waste of data.

To turn off auto-play for videos on Facebook, click your profile picture again and choose Settings & privacy > Settings . Click the Videos tab on the left, then set the Auto-Play Videos option to Off .

Facebook Disable Video Autoplay

7. Block Annoying App Invites

Facebook features hundreds of games, nearly all of them designed to waste your time and//or take your money. If you're sick of friends pleading for extra lives in Facebook games, you can block all Facebook invites and requests by game or by person.

To do this, take another trip to Settings & privacy > Settings > Privacy and pick the Blocking tab on the left this time. Find the Block app invites section, click Edit , and enter the name of any friend who's invited you incessantly. You'll automatically block all game requests from them in the future. This won't affect any other interactions with them on Facebook.

If you'd like, you can also enter an app's name in the Block apps field. This will prevent it from contacting you and using your non-public Facebook information. If desired, use the other fields here to granularly block people on Facebook through various channels.

Facebook Blocking Menu

8. Change the Facebook Interface to Your Liking

You can't change many interface elements of Facebook through the default options. If you want to take your Facebook customization to the next level, you'll need to install a Facebook-transforming browser extension .

The best one is Social Fixer . It's available as a browser extension for Chrome, Firefox, Safari, and Opera. Once you install Social Fixer, it makes several improvements out of the box.

To tweak how it runs, click the wrench icon that it shows in the upper-right corner of every Facebook page, followed by Social Fixer Options on the resulting menu, to customize your Facebook experience.

Social Fixer Menu

Social Fixer offers too many options to cover here, but the highlights include:

  • Automatically enable Most Recent view in your News Feed ( General tab).
  • Use Ctrl + Enter instead of Enter to submit comments ( General tab).
  • Enable the Friend Manager to get alerts when people unfriend you ( General tab).
  • Use the Hide Posts tab to hide any updates with certain words.
  • Try some pre-made Filters to weed out politics, spoilers, and more.
  • Check Display Tweaks to hide some annoying interface elements.

Dig into the Social Fixer options and you'll find many more ways to change the most annoying parts of Facebook.

Solutions for Common Facebook Errors

To wrap up, let's go over some tips for common Facebook errors you might run into.

9. You Forgot Your Facebook Password

Forgetting your Facebook login information is one of the most common issues people run into. We've written a full guide on recovering your Facebook account if you can't log in . And if you think your Facebook account was hacked , you need to act quickly.

10. You Can't Connect to Facebook

Since Facebook is one of the biggest sites on the web, it rarely experiences an outage. So the next time you can't get on Facebook, the problem likely lies on your end. You should follow a few steps if you think Facebook is down :

  • Check a website like Down for Everyone to see if Facebook is really down. If it is, you can't do much more than wait.
  • Visit another website to make sure your connection is working. If not, follow our guide to fixing internet connection problems .
  • Clear your browser cache and cookies , or try to open Facebook in an incognito window or another browser. If this works, there may be something wrong with your current browser.
  • Disable any VPNs or tracker-blocking extensions you're using, then try to connect to Facebook again without them.
  • Reboot your PC and router.

These tips also come in handy for loading errors, like when the "see more" button is not working on Facebook, or a search says "More results may be available; see more when you're back online". Chances are that you have a problem with your browser or internet connection. Try rebooting your PC and signing into Facebook with another browser when this happens.

11. Facebook Says "There Was a Problem..."

A lot of Facebook's common errors start with "there was a problem," such as There was a problem following this profile or Sorry, there was a problem tagging someone in this post . Most of the time, these errors have to do with the privacy settings of the other account.

If you see these warnings, the other person might have blocked you on Facebook , turned off tagging, or otherwise changed their privacy options. You can check with them if you're not sure, though that might be awkward.

When you get messages like this, make sure you've done basic Facebook troubleshooting too. Refresh the page, try logging out and back in, and make sure you don't have a network issue, as described above. If you're comfortable with it, try asking a mutual friend if they have the same problem. This can confirm your suspicions that you've been blocked or otherwise restricted.

How to Fix Facebook Problems Easily

We've shared fixes for some of the most common Facebook problems and errors. By flipping the right settings or using powerful extensions, you can make Facebook a more pleasant experience for yourself.

There are lots of other aspects of Facebook to master, so make sure you know how to put its various elements to use.

  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cybersecurity
  • Applications
  • IT Management
  • Small Business
  • Development
  • PC Hardware
  • Search Engines
  • Virtualization

10 Ways Facebook Can Improve Privacy and Security

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

Facebook is in a world of danger. The world’s largest social network has been facing increased pressure from privacy advocates, legislators and its users over what some see as an unacceptably weak level of privacy and security on the site.

Facebook CEO Mark Zuckerberg said recently he understands what the critics are saying and plans to improve the company’s privacy settings to make them easier to use. The CEO said in a recent e-mail exchange with well-known tech blogger Robert Scoble his company has “made a bunch of mistakes,” and he plans on correcting them. But it won’t be easy.

Users are growing increasingly concerned about the overall security of the site and the privacy of their personal data. Although Facebook says it wants to do everything it can to safeguard users, it also has to remember its business model, which relies on the free exchange of personal information. That said, something needs to be done.

For too long now, people have been criticizing Facebook for its seeming willingness to share as much information as users will allow. All that needs to stop now. Facebook has a responsibility to keep user data safe and private. And it needs to remember that.

Here are 10 things that Facebook must do to increase user privacy and security. 1. Listen to users

Facebook needs to spend more time listening to its users. Although the company realizes that it can’t always give in to users’ demands, it also needs to realize that the users need to be happy with the way things are going. That can only happen if it starts listening to what the users want. They don’t want to have to deal with complicated privacy settings. They also don’t want to have to worry about security when talking to friends. If Facebook started listening to its users more often, it would have a much easier time running its business.

2. Ads aren’t everything

Part of the reason Facebook is facing all this trouble today is its desire to increase its bottom line through advertising. The company fully understands that the more open profile information is, the easier it is to attract advertisers that want to target a specific portion of its user base. Although that’s entirely understandable, it’s also starting to come back and bite Facebook. Advertising revenue can still be a key component in its revenue, but it can’t dedicate its operation to that. Facebook Credits could be even bigger for the company and that feature doesn’t inherently call Facebook’s privacy and security settings into question. Look beyond ads, Facebook. It’s safer that way.

3. Third-party partners can’t always be trusted

Facebook has started sharing profile information with some of its third-party partners. Several privacy advocates have railed against this policy, saying that type of transfer of personal information isn’t helping users in any way. They make a solid point. If Facebook is truly dedicated to increasing the privacy of its social network, it can’t simply trust that the information it shares with third parties will be handled responsibly. That’s not to say that third parties can never be trusted. But as consumers have learned time and again, the more companies that have their hands on a user’s information, the worse it could potentially be for that user.

4. No users means no money

Facebook is in a dangerous position. The more the company alienates its user base, the more uncertain its future becomes. It can’t forget that Facebook won’t exist without users communicating with friends. Recently, a group was formed that plans to “quit” Facebook by the end of May if things don’t get better on the site. So far, more than 10,000 folks have signed up. Granted, that’s not a huge number, considering Facebook has 400 million active users. But it could be the start of something much bigger. Facebook should be concerned about its future. And it needs to realize that making users happy should be its first step.

What Facebook Needs to Remember

5. Make things easier for users

Currently, Facebook’s privacy features are quite good. They allow users to control almost every facet of their profiles, including who can see the content they or others share with friends. But they’re too difficult for the average, novice Web user to find. And when they finally find those settings, there isn’t enough information to help users adequately determine what to do with each setting. That could be a serious problem. Facebook needs to work hard at making its privacy settings more available and much easier to use. That will not only give its users more options, it will get back the political capital Facebook has lost over these past several months.

6. Establish a quick-response security team

One of the first things Facebook should do is establish a quick-response security team. Although the company currently has security teams in place, it needs to come up with a top-notch team of professionals that are constantly sniffing out issues across the social network, such as searching for phishing scams and for malware that has found its way onto the site. If Facebook can demonstrate to users that it’s serious about security and has a quick-response team in place to limit the impact of potential privacy breaches, it could significantly improve its chances of regaining user trust.

7. Start educating users This one won’t be easy, but it’s necessary. Facebook needs to do a better job of educating people on the dangers of using social networks. It also needs to help users understand how they can improve their own security and privacy. Admittedly, it will be tough for Facebook to do that. But it needs to try. Educating users is an extremely important step for a company that’s trying desperately to look like the good guy in the security and privacy battle. If it can make the point that it’s attempting to educate users to help them find problems before they wreak havoc on their own computers, it might be able to keep from alienating its core base.

8. Make privacy and security controls more business-friendly

Consumers might not care about how Facebook’s privacy and security controls affect corporations, but the enterprise certainly does. Nowadays, more and more people are accessing social networking sites from the office. Although they don’t see the dangers of that, the IT staff does. It’s a constant struggle for IT professionals to stay ahead of social network use. But if Facebook added security controls designed specifically for IT administrators to use in their operations, that would change everything. Not only would it make users who want to be able to access social networks at work happy, it would make it easier for companies to safeguard their networks if trouble erupts on the site.

9. Make security a community project

Facebook should tap into the knowledge of its international community to improve the site’s security. As Linux, Google and other open-source advocates have shown throughout the years, relying on the intelligence of the community is a smart strategy. Typically, folks across the globe can contribute more to a solid security strategy than a handful of so-called experts sitting in a room somewhere discussing how to improve a platform. By drawing on its users, Facebook can not only improve its security, it can give the community a vested interest in making the site more secure. 10. Always remember the responsibility

In recent months, Facebook might have lost its way. It became too complacent, believing that its success would continue indefinitely. It also figured that its users wouldn’t care nearly as much about privacy as they actually do. It was a mistake. Going forward, Facebook needs to remember that it has a responsibility to keep its site secure. It also has a responsibility to keep its users’ privacy intact. If it can achieve both of those goals, everything will be fine. But if it loses sight of those goals again, more trouble will certainly await it.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis


10 best artificial intelligence (ai) 3d generators, ringcentral expands its collaboration platform, 8 best ai data analytics software &..., zeus kerravala on networking: multicloud, 5g, and..., datadog president amit agarwal on trends in....

footer ad

how to solve facebook privacy issues

In today’s world, ignoring data privacy issues is like a sailor turning a blind eye to rising seas and a falling barometer.

Increasing use (and abuse) of personal data puts data privacy at the top of your business’s risk management agenda. It is an escapable challenge and dangerous to ignore.

Breaching GDPR and other regulations, such as CCPA and HIPAA, comes with hefty fines. What’s more, the reputation damage can be an existential threat to your business and a career limiting blot on an IT manager’s resumé.

But what exactly are the most challenging data privacy issues, and how do you solve them?

Here are eight of the most important.

8 most challenging data privacy issues

Download the article as a pdf

Share it with colleagues. Print it as a booklet. Read it on the plane.

#1: Embedding data privacy

Unfortunately, many businesses only have data privacy tacked onto their IT security or disaster recovery plan. But that’s not good enough because data privacy touches on so many parts of your business.

You can’t afford to treat privacy as an afterthought. It needs to be baked into the heart of your data strategy and staff training. It’s not easy, so ensure you collaborate with and get buy-in from all departments. Make sure you choose tools that support your current privacy policies, for example by making data anonymization easier.

New call-to-action

#2: Proliferating devices

Data privacy becomes harder to handle when you factor in things like the Internet of Things (IOT), bring-your-own-device IT policies and proliferating internet-connected tablets, phones and watches. When you bring more devices into the workplace, you end up having more data to manage.

Your organization must be able to manage compliance and data privacy from any source, different operating systems and multiple apps. To remedy this, ensure you have the right data governance procedures in place.

#3: Increasing maintenance costs

Keeping your systems secure and preventing data privacy issues at the enterprise level can be expensive. But, the costs of a data breach are so significant, you need to bite the bullet and invest properly.

That’s why automating processes is so important. It helps in different ways:

  • Reducing the number of data silos
  • Eliminating points of friction and manual processing
  • Reducing the risk of human error
  • More opportunities for de-duplication
  • Improved governance and control
  • Lower costs

#4: Access control is difficult in many industries

Data privacy breaches are often caused by poorly managed access within an organization. People and processes matter as much as technology. Humans are the weakest link in the chain of privacy and security.

However, as distributed working proliferates, it’s harder to manage user access and secure your sensitive data. To remedy this, you need an effective data architecture and strong data governance processes .

#5: Getting visibility into all your data

If your organization isn’t aware of the location, nature, and sensitivity of your data, how can you possibly keep the right information private?

Using tools to discover and classify your data is essential. This will ensure you can treat data uniquely and protect your sensitive data from any privacy issues. 

Book a free demo CloverDX CTA

#6: A bad data culture

A miser’s hoard of data is increasingly a risk rather than an asset. The days when it made sense to hold onto as much data as technologically possible are over. In the past, thanks to ‘big data’ hype, many organizations and IT leaders believed that more data is always better. That’s no longer automatically true.

Today, keeping data for its own sake broadens the attack surface for data theft and increases the risk of breaching many data privacy laws. Forward-thinking IT teams need to balance the value of collecting, storing and processing large volumes of data against the pressing requirements for privacy, security and compliance.

Instead, build a great data culture that understands the value of data and data privacy.

#7: The ever-increasing scale of data

As cloud storage and compute costs come down, businesses are now swimming (or drowning) in data.

Indeed, as the amount of global data grows (and is now tracked in the tens of zettabytes ), the challenge of managing these oceans of data is huge.

With hundreds of systems and millions of data records, you need a solution that can handle the scale.

#8: A long list of regulations and documentation to follow

With so many regulations to follow, it can be difficult to keep track of what level of data privacy you need to achieve for your different datasets.

By building processes, data modeling , and automating as much as possible, you can make it easier to handle the complexity of different regulations.

Are you taking risks with data privacy?

From an evolving technology landscape, to gaining visibility into all your data infrastructure, there are plenty of data privacy challenges your modern business must tackle.

But, if you follow the advice we’ve covered, you’ll be well-positioned to handle your data privacy issues.

However, removing all the danger from your data isn’t a quick-fix solution. For example, many organizations hold onto their data for too long. This is a problem because data value decreases over time, but the costs and risks attached to it don’t.

To learn more about how you can de-risk your data, remove privacy issues, and make your data a real asset for your business, watch our webinar on removing danger from data.

The Data Happiness Scorecard  Are you happy with how data is being managed in your business?

Join 54,000+ data-minded IT professionals. Get regular updates from the CloverDX blog. No spam. Unsubscribe anytime.

Related articles

Street crossing in a shopping district symbolising trust

Why data trust matters to your customers

Woman working on a laptop in silhouette

Solving data sharing in a hybrid working world

Sparks fly as two wires converge carrying data

5 ways to reduce friction between IT and business users

Samsung Galaxy S24 gets big update that promises to fix display issues and camera

An end to the reported issues?

The Samsung Galaxy S24 on an orange background showing screen settings

Samsung has taken the unusual step of announcing that a big software update is coming to Galaxy S24 phones to fix a few issues that have been a cause for complaint from many owners.

Samsung says in a new blog post that "based on your feedback" the Galaxy S24 will get some "enhanced options and experiences across the device display and camera." 

That seems to be a generous way of saying that Samsung has (potentially) sorted the much-criticized vivid display issue that made the screen appear more washed out than previous Galaxy phones. 

The solution is a new 'vividness' option within the display's 'advanced settings', which lets you choose a more vibrant look than the "natural" one that Samsung mistakingly thought you'd prefer. You'll still get to choose between 'vivid' and 'natural' display options, but this new slider will give you additional fine-tuning controls. 

Alongside that screen fix, Samsung says that it's made enhancements "across the camera experience", including boosts for the "device’s zoom functions, Portrait Mode, Nightography, rear camera video shooting capabilities and more".

Samsung didn't reveals any more specifics about what exactly these refinements do, but hopefully they'll fix a few of the other issues that some Galaxy S24 owners have experienced. These include an image shift problem that seemed to change the camera's field of view when switching from 1x to 5x zoom on the Galaxy S24 Ultra. 

These updates will "begin rolling out in February" according to Samsung, so keep an eye out for its arrival within the next ten days or so.

An end to the S24 issues?

Unfortunately, recent complaints about the Galaxy S24's display haven't stopped at that previously-mentioned vividness issue – this week we've seen several  Reddit users report some odd grain on their S24 displays when viewing dark and gray colors.

Meanwhile, other owners have reported seeing "frankly unacceptable" horizontal bars when looking at the screens when they're set at low brightness. We don't yet know if Samsung's software update is going to help fix either or both of these reported issues, but we'll soon find out as the rollout is imminent.

The grainy screen problem appears to be more hardware-related, as some affected owners have reported being offered a free replacement from Samsung. But given that Samsung has unusually made a public announcement for this incoming software update, we're expecting it to also fix as many bugs as possible alongside the new features.

In our tests, we also haven't encountered any of the issues above with the Samsung Galaxy S24 , Galaxy S24 Plus or Galaxy S24 Ultra , so have no hesitation recommending the phones. If you do prefer your smartphone displays to be on the punchy side, you'll also now have that extra option with the S24 series thanks to this update.

You might also like

  • Another great Samsung Galaxy S24 feature could come to Galaxy S23 phones very soon
  • Samsung Galaxy S24 Ultra review: taken to the extreme
  • I can't believe I love this Samsung Galaxy S24 Ultra downgrade

Get daily insight, inspiration and deals in your inbox

Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.

Mark Wilson

Mark is TechRadar's Senior news editor. Having worked in tech journalism for a ludicrous 17 years, Mark is now attempting to break the world record for the number of camera bags hoarded by one person. He was previously Cameras Editor at both TechRadar and Trusted Reviews, Acting editor on, as well as Features editor and Reviews editor on Stuff magazine. As a freelancer, he's contributed to titles including The Sunday Times, FourFourTwo and Arena. And in a former life, he also won The Daily Telegraph's Young Sportswriter of the Year. But that was before he discovered the strange joys of getting up at 4am for a photo shoot in London's Square Mile. 

Apple’s foldable iPhone could land in September 2026, alongside the iPhone 18

Five reasons to upgrade to the Samsung Galaxy S24

University of Cambridge apparently suffering DDoS attack - and it isn't the only one affected

Most Popular

By Kristina Terech February 19, 2024

By Sead Fadilpašić February 19, 2024

By James Pickard February 19, 2024

By Becca Caddy February 19, 2024

By Wayne Williams February 19, 2024

By Christian Guyton February 19, 2024

By Cat Bussell February 19, 2024

By Darren Allan February 19, 2024

By Alex Whitelock February 19, 2024

  • 2 More 128TB SSDs are coming as almost no one noticed this launch — another SSD controller that can support up to 128TB appeared paving the way for HDD-beating capacities
  • 3 One of Japan's largest tech companies just launched its own cloud storage service — its main appeal is not its free 10GB storage but its unlimited transfer service
  • 4 Months before launch, Palworld’s community manager thought that anything above 50,000 players ‘seemed unobtainable’
  • 5 Probably the highest ever resolution on a tablet: NEC's latest slate beats iPad, Samsung Galaxy Tab with high-res display — and eight JBL speakers, yes eight
  • 2 Some of the world's biggest cloud computing firms want to make millions of servers last longer — doing so will save them billions of dollars every year
  • 3 More 128TB SSDs are coming as almost no one noticed this launch — another SSD controller that can support up to 128TB appeared paving the way for HDD-beating capacities
  • 4 I took this Nikon super-telephoto lens on a dream safari trip – and learned a big lesson about pro primes
  • 5 Amazon is filled with cheap projectors – are they worth it?

Hartford leaders aim to fix problems with landlords

New London church cleanup costs taxpayers $244,000

New London church cleanup costs taxpayers $244,000

Hartford taking action against problem landlords

Hartford taking action against problem landlords

CT home and car taxes among highest in the U.S.

CT home and car taxes among highest in the U.S.

Suspect custody after police chase on I-91

Suspect custody after police chase on I-91

Cost of New London church collapse revealed

Cost of New London church collapse revealed

  • Newsletters
  • Account Activating this button will toggle the display of additional content Account Sign out

So Apparently We Just Impeach Cabinet Members for Fun Now?

This is Totally Normal Quote of the Day , a feature highlighting a statement from the news that exemplifies just how extremely normal everything has become.

“Who said it was gonna fix the problem?” —Republican Rep. Ralph Norman, when an MSNBC reporter asked him how impeaching DHS Secretary Alejandro Mayorkas would solve the problems at the U.S. southern border

If at first you don’t succeed, try, try again. That’s how House Republicans managed—barely—to impeach Homeland Security Secretary Alejandro Mayorkas on Tuesday night, in their second attempt this month.

In a 214–213 vote, House Republicans made history by impeaching the first sitting Cabinet official in 148 years. (Secretary of War William Belknap was impeached most recently , in 1876.) House Majority Leader Steve Scalise came back to Capitol Hill to vote for impeachment after receiving a round of treatment for blood cancer. Meanwhile, two Democrats—Reps. Lois Frankel and Judy Chu—were absent, and presumably if either one had been present to vote, Mayorkas would not have been impeached.

“Desperate times call for desperate measures,” Speaker Mike Johnson said in a press conference Wednesday morning. “We had to do that.”

Did they really have to, though? As recently as one week ago, House Republicans were not so sure impeachment was necessary, and fell one vote short in impeaching Mayorkas. Shortly before the first vote, Rep. Mike Gallagher, who crossed party lines and voted no, criticized the party’s motivations for pursuing impeachment in a Wall Street Journal op-ed, noting that there were no actual criminal offenses cited, only underenforcement of current immigration policies. “If we are to make underenforcement of the law, even egregious underenforcement, impeachable, almost every cabinet secretary would be subject to impeachment,” wrote Gallagher, who also just announced he’s not seeking reelection .

“Creating a new, lower standard for impeachment, one without any clear limiting principle, wouldn’t secure the border or hold Mr. Biden accountable,” Gallagher added. “It would only pry open the Pandora’s box of perpetual impeachment.”

And in the same week of the first Mayorkas impeachment vote, Republicans blew up their very own immigration bill , legislation that would have beefed up border security and sent more aid to Ukraine. Why? Largely because presumptive Republican presidential nominee Donald Trump declared he needed chaos at the southern border to continue for the sake of his campaign .

Mayorkas’ impeachment is now in the hands of the Senate, which will most likely dismiss the charges against him, allowing the homeland security secretary to resume his regular duties. Then what was all this for? Well, Norman might have just admitted the quiet part out loud.

comscore beacon

  • Back to main menu
  • Global IT Asset Management
  • IT Security
  • Cloud & Container Security
  • Web App Security
  • Certificate Security & SSL Labs
  • Developer API
  • Cloud Platform
  • Start a discussion

Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review

Diksha Ojha

Last updated on: February 15, 2024

Table of Contents

Microsoft patch tuesday for february 2024, adobe patches for february 2024, zero-day vulnerabilities patched in february patch tuesday edition, other critical severity vulnerabilities patched in february patch tuesday edition, other microsoft vulnerability highlights, microsoft release summary.

  • Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)

Rapid Response with Patch Management (PM)

Evaluate vendor-suggested mitigation with policy compliance (pc), qualys monthly webinar series.

The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. 

Microsoft Patch Tuesday’s February 2024 edition addressed 79 vulnerabilities, including five critical and 66 important severity vulnerabilities. Microsoft has addressed two vulnerabilities known to be exploited in the wild in this batch of updates. Microsoft has also addressed six  vulnerabilities in Microsoft Edge (Chromium-based). The vulnerabilities have been patched earlier this month.

Microsoft Patch Tuesday, February edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Exchange Server, Azure File Sync, Azure Active Directory, SQL Server, Windows Kernel, DNS Server, Windows Internet Connection Sharing (ICS), and more.

Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.

The February 2024 Microsoft vulnerabilities are classified as follows:

Adobe has released five security advisories to address 29 vulnerabilities in Adobe Commerce, Substance 3D Painter, Adobe FrameMaker Publishing Server, Adobe Acrobat and Reader, and Substance 3D Designer. Oot of 29, 15 vulnerabilities are given critical severity ratings. On successful exploitation, the vulnerabilities may lead to memory leaks, potential code execution, security feature bypass, and denial of service attacks.

CVE-2024-21351: Windows SmartScreen Security Feature Bypass Vulnerability

Windows SmartScreen is a security feature in Microsoft Windows operating systems that protects against malicious software and websites. SmartScreen is a background application that employs a cloud-based component to scan web pages you visit for security risks updated regularly.

To exploit the vulnerability, an authenticated attacker must send a specially crafted malicious file compromised by them. An attacker may exploit the vulnerability to bypass the SmartScreen user experience. The vulnerability could allow a malicious attacker to inject code into SmartScreen and potentially gain code execution, potentially leading to data exposure, lack of system availability, or both.

CISA has acknowledged the active exploitation of the vulnerability by adding this to its Known Exploited Vulnerabilities Catalog . CISA has requested users to patch it before March 5, 2024.

CVE-2024-21412: Internet Shortcut Files Security Feature Bypass Vulnerability

An internet shortcut file is a small file that contains a target URI or GUID to an object or the name of a target program file. Internet shortcuts are typically text files with the .URL extension.

An unauthenticated attacker may exploit the vulnerability by sending the targeted user a specially crafted file to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker must convince them to act by clicking the file link.

CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft updated the advisory on Feb 14, 2024, mentioning the active exploitation of the vulnerability.

Microsoft Exchange Server is a platform that offers email, calendaring, contact, scheduling, and collaboration features. It runs exclusively on Windows Server operating systems and is designed to be accessed from mobile devices, desktops, and web-based systems.

An attacker could use an NTLM credentials-leaking type vulnerability to target an NTLM client, like Outlook. The compromised credentials can then be used to access the Exchange server as the victim’s client and act on the server on the victim’s behalf. Successful exploitation of the vulnerability may allow an attacker to relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.

CISA has acknowledged the active exploitation of the vulnerability by adding this to its Known Exploited Vulnerabilities Catalog . CISA has requested users to patch it before March 7, 2024.

CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Pragmatic General Multicast (PGM), a.k.a. ‘reliable multicast,’ is a scalable receiver-reliable protocol. PGM allows receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is best suited for applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers.

This vulnerability can only be exploited on the systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. An attacker must take additional actions before exploitation to prepare the target environment.

CVE-2024-21413: Microsoft Office Remote Code Execution Vulnerability

An attacker who exploits the vulnerability may bypass the Office Protected View and open it in editing instead of the protected mode. An attacker could gain high privileges, which include read, write, and delete functionality.

CVE-2024-20684: Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines.

Successful exploitation of the vulnerability may allow a Hyper-V guest to affect the functionality of the Hyper-V host.

CVE-2024-21380: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Dynamics NAV is an enterprise resource planning (ERP) app that helps businesses with finance, manufacturing, customer relationship management (CRM), supply chains, analytics, and electronic commerce. Small and medium-sized companies and local subsidiaries of large international groups use it.

An attacker must win a race condition to exploit the vulnerability. An authenticated attacker must convince a user to click on a specially crafted URL to be compromised by them. Successful exploitation of the vulnerability may allow an attacker to craft a payload enabling them to access sensitive user data, which could result in unauthorized access to the victim’s account or compromise of other confidential information.

  • CVE-2024-21378 is a remote code execution vulnerability in Microsoft Outlook. To exploit the vulnerability, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. An attacker may exploit the vulnerability by sending a malicious file and convincing the user to open it. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality. 
  • CVE-2024-21346 is an elevation of privilege vulnerability in Win32k. An attacker may exploit the vulnerability to gain SYSTEM privileges. 
  • CVE-2024-21379 is a remote code execution vulnerability in Microsoft Word. On successful exploitation, an attacker could gain high privileges, which include read, write, and delete functionality.
  • CVE-2024-21345 is an elevation of privilege vulnerability in Windows Kernel. An authenticated attacker could run a specially crafted application and give them control of the targeted destination and source of the copy. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
  • CVE-2024-21371 is an elevation of privilege vulnerability in Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
  • CVE-2024-21338 is an elevation of privilege vulnerability in Windows Kernel. An attacker must first log on to the system to exploit this vulnerability. After that, an attacker could run a specially crafted application to exploit the vulnerability and take control of an affected system.

This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Azure DevOps, Microsoft Office, Azure Stack, Windows Hyper-V, Skype for Business, Trusted Compute Base, Microsoft Defender for Endpoint, Microsoft Dynamics, Azure Connected Machine Agent, Windows Win32K – ICOMP, Microsoft ActiveX, Microsoft WDAC OLE DB provider for SQL, Windows SmartScreen, Microsoft WDAC ODBC Driver, Windows Message Queuing, Windows LDAP – Lightweight Directory Access Protocol, Azure Site Recovery, Windows OLE, Microsoft Teams for Android, Microsoft Azure Kubernetes Service, Microsoft Windows DNS, Microsoft Office Outlook, Microsoft Office Word, Microsoft Office OneNote, .NET, Microsoft Edge (Chromium-based), Microsoft Windows, and Internet Shortcut Files.

Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)

Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).

You can see all your impacted hosts by these vulnerabilities using the following QQL query:

how to solve facebook privacy issues

VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches with one click.

The following QQL will return the missing patches for this Patch Tuesday:

how to solve facebook privacy issues

With Qualys Policy Compliance’s Out-of-the-Box Mitigation or Compensatory Controls, the risk of a vulnerability being exploited is reduced when the remediation (fix/patch) cannot be implemented immediately.

Qualys Policy Compliance team releases these exclusive controls based on vendor-suggested Mitigation/Workaround.

Mitigation refers to a setting, standard configuration, or general best practice existing in a default state that could reduce the severity of the exploitation of a vulnerability.

A workaround is sometimes used temporarily to achieve a task or goal when the usual or planned method isn’t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned.

The following Qualys Policy Compliance Control IDs (CIDs) and System Defined Controls (SDC) have been published to support the evaluation of the recommended workaround:

  • 23810 Status of the ‘Extended Protection’ setting on the host (Without checking whether windows authentication is enabled)
  • 27468 Status of the ‘Required SSL’ setting on the host

The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: [23810, 27468]

how to solve facebook privacy issues

The next Patch Tuesday falls on March 12, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘ This Month in Vulnerabilities and Patch’s webinar .’

how to solve facebook privacy issues

The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management . Combining these two solutions can reduce the median time to remediate critical vulnerabilities.

During the webcast, we will discuss this month’s high-impact vulnerabilities, including those that are a part of this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.

Join the webinar

This Month in Vulnerabilities & Patches

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

How the candidates running for Dianne Feinstein's Senate seat say they'll solve California's housing crisis

  • California voters are casting their ballots for a new US Senator.
  • Housing affordability and homelessness are top issues for voters.
  • Here's where the leading candidates for the Senate seat stand on housing and homelessness policy.

Insider Today

California voters have already started mailing their ballots in for the March 5th primary to fill the US Senate seat previously held by Dianne Feinstein.

While Russia's invasion of Ukraine and the Gaza crisis dominate headlines coming out of Washington, California voters are more focused on issues closer to home, including the housing affordability crisis and rising homelessness. California has among the worst housing crises in the country, which is one of the reasons why it's home to 30% of the nation's unhoused population and half of all unsheltered people in the country.

Federal lawmakers have historically left housing policy to states and local governments, which control how land is used — through policies like zoning codes — and how buildings are built — through regulations like building and fire codes. But as housing affordability has become an increasingly urgent issue across the country, policymakers in Washington have been forced to weigh in more.

Where the candidates stand

The three Democrats in the race — Reps. Barbara Lee, Katie Porter, and frontrunner Rep. Adam Schiff — agree on fundamental issues, including expanding affordable housing tax credits and boosting federal subsidies for renters and homebuyers.

The Republican in the race, former professional baseball player Steve Garvey, who's tied in second place with Porter , has been much vaguer about his positions on housing. He's proposed an audit of federal homelessness programs and said he'd support funding mental health and substance abuse programs, as well as affordable housing.

All three Democrats support raising the state's minimum wage from $7.25 to at least $20 per hour, in part as a way to address homelessness. They also believe homelessness is largely a result of the housing shortage.

"The housing affordability crisis is fundamentally a supply problem. We simply do not have enough housing that's affordable, and because of that, we have seen a dramatic rise in people experiencing homelessness," Schiff wrote in his housing policy plan .

Rep. Katie Porter, who's represented south-central Orange County since 2019, has called housing affordability her "top issue" during her Senate campaign.

"The problem is Washington," Porter said during a recent debate . "We have housing policy that is being written by career politicians who cater to their big bank donors."

Porter recently announced a 10-point housing policy plan that includes creating a congressional committee focused specifically on housing, subsidizing the construction of starter homes, and expanding Section 8 housing vouchers to everyone who qualifies.

Some housing experts warn that Porter's focus on subsidizing starter homes disproportionately benefits middle-income, rather than the neediest low-income, Americans.

Housing is the top issue for Californians, but career politicians in Washington have been too slow to provide solutions. My kids are worried they won’t be able to afford housing in California when they grow up. I have a 10-point plan to tackle—and solve—our housing crisis ⤵️ 1/ — Katie Porter (@katieporteroc) February 7, 2024

Schiff, who is leading in polls , has released a plan that would send $100 billion in federal funding to fight homelessness, expand housing vouchers, and boost tax incentives for developers. Schiff and Porter's housing plans are quite similar, experts say .

Lee, who's trailing the other candidates in polling, supports a slew of bills to subsidize federal rental assistance, aid for homebuyers, and affordable housing construction. The congresswoman, who experienced homelessness herself after leaving an abusive relationship as a young mother, supports putting $1 trillion into a National Affordable Housing Trust Fund that would both support both housing supply and demand-side policies.

The top two vote-getters in the March 5 primary will advance to the general election in November.

I’m the only candidate in this race with the lived experience of being unhoused. I’ve been leading this fight my entire career. In the Senate, I’ll work to pass my DEPOSIT Act, secure HUD grants to build affordable housing, and enact national rent control policies. #CASenDebate — Barbara Lee (@BarbaraLeeForCA) February 13, 2024

how to solve facebook privacy issues

Watch: Who is Laphonza Butler, Dianne Feinstein's replacement?

how to solve facebook privacy issues

  • Main content

how to solve facebook privacy issues

.NET 6.0 Update - February 13, 2024 (KB5035119)

.NET 6.0 has been refreshed with the latest update as of February 13, 2024. This update contains both security and non-security fixes. See the  release notes  for details on updated packages.

.NET 6.0 servicing updates are upgrades. The latest servicing update for 6.0 will remove the previous 6.0 update upon successful installation. For example, when .NET 6.0.27 is installed .NET 6.0.26 version will be removed from the computer if present. 

How to obtain and install the update

This update is available on Microsoft Update for Windows client operating systems and available on WSUS and  MU Catalog  for Windows Server operating systems.


This update will be offered if you have .NET 6.0 installed on a  supported version of Windows .

Restart Requirement

You may need to restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET based applications before you apply this update.

Supported Windows Versions

This page on  .NET 6.0 Supported Windows Versions  provides the most up-to-date details on the supported operating system versions.

.NET Support Lifecycle

This page on  .NET Core and .NET 6 Support Policy  provides the most up-to-date details on .NET Core Support Lifecycle Policy.

How to obtain help and support for this update

Microsoft support.

For assisted support with .NET Core technologies,  contact a Microsoft Support Professional .

You need to be on a supported servicing level (the latest available servicing update) to be eligible for support.

Community Support

Community support is another great way to get help and even contribute to projects. See our  Community page  for details.

More Information

To get the latest .NET update, go to the  Download .NET  website


Need more help?

Want more options.

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

how to solve facebook privacy issues

Microsoft 365 subscription benefits

how to solve facebook privacy issues

Microsoft 365 training

how to solve facebook privacy issues

Microsoft security

how to solve facebook privacy issues

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

how to solve facebook privacy issues

Ask the Microsoft Community

how to solve facebook privacy issues

Microsoft Tech Community

how to solve facebook privacy issues

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

Thank you for your feedback.


  1. Facebook marks Data Privacy Day by sharing its 7 privacy principles

    how to solve facebook privacy issues


    how to solve facebook privacy issues

  3. How to Protect Your Personal Data and Privacy on Facebook

    how to solve facebook privacy issues

  4. The Ultimate Facebook Privacy and Security Checklist

    how to solve facebook privacy issues

  5. Here’s How to Lock Down Your Facebook Privacy Settings—to the Extent

    how to solve facebook privacy issues

  6. The Best Guide to Facebook Privacy Settings

    how to solve facebook privacy issues


  1. How To Hide Your Profile On Facebook


  1. Troubleshoot Privacy Issues

    Click Settings & Privacy, then click Settings. Click Privacy in the left column. Click Edit next to Who can send you friend requests? From the dropdown menu, click Everyone or Friends of Friends. To make it easier for your friends to find you on Facebook: Use the first and last name you use in everyday life.

  2. 12 Big Tech experts explain how to fix Facebook

    In my opinion, you need to have three forms of legislative relief. You need to address safety, you need to adjust privacy, and you need to address competition. If Facebook were to disappear ...

  3. What Mark Zuckerberg should do to fix Facebook's privacy problem

    Here are some immediate steps that Facebook should take to address this problem: First, Facebook should immediately stop sharing data about political and religious preferences with advertisers...

  4. Adjust your Facebook privacy settings

    Adjust your Facebook privacy settings | Facebook Help Center Your privacy settings page has a group of general controls for your Facebook account.

  5. A timeline of Facebook's privacy issues

    The revelation that a data analytics company used by Donald Trump's presidential campaign was able to surreptitiously collect data on 50 million people through a seemingly innocuous quiz app has...

  6. Managing Your Privacy Settings

    Managing Your Privacy Settings | Facebook Help Center Managing Your Privacy Settings Your privacy is important to us, which is why we provide tools to help keep your account secure and your privacy protected. Learn how to: Set your account to private. Block someone and what happens when you block someone. Turn off your Activity status.

  7. Can Facebook Ever Be Fixed?

    Can Facebook Ever Be Fixed? by Andrew Burt April 08, 2019 Ivan Vranic/Unsplah/HBR Staff/Chris Ison-PA Images/Getty Images Summary. For those paying attention to privacy scandals and data leaks...

  8. How to Use Facebook Privacy Settings

    On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Ads > On the left-hand side, select "Ad Settings" > Select "Data about ...

  9. Regulate, break up, open up: how to fix Facebook in 2022

    In Europe, 2022 will see a final decision by the European court of justice (ECJ) in a German online gaming case that could pave the way for Facebook to face legal ramifications for privacy ...

  10. Solutions To Facebook's Privacy And Security Concerns Come At A Cost

    August 3, 20187:16 AM ET Heard on Morning Edition Jasmine Garsd 3-Minute Listen Playlist After more than a year of scandals and just months ahead of the midterm elections, there's growing concern...

  11. Facebook data privacy scandal: A cheat sheet

    Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

  12. After Data Breach Exposes 530 Million, Facebook Says It Will Not ...

    Olivier Douliery/AFP via Getty Images. Facebook decided not to notify over 530 million of its users whose personal data was lifted in a breach sometime before August 2019 and was recently made ...

  13. Facebook, Here's 6 Creative Ways You Can Fix Your Privacy Problem

    Facebook can solve its privacy problem with six business model innovations. By Yazin Akkawi , Founder, Chime In @ yvzin_ Getty Images Facebook has been reeling ever since the Cambridge...

  14. What Is Facebook Doing to Address the Challenges It Faces?

    Our tactics include blocking and removing fake accounts; finding and removing bad actors; limiting the spread of false news and misinformation; and bringing unprecedented transparency to political advertising. We've also improved our machine learning capabilities, which allow us to be more effective in finding and removing violating behavior.

  15. 11 Common Facebook Problems and Errors (and How to Fix Them)

    Click your profile at the top-right, then go to Settings & privacy > Settings > Privacy > Profile and tagging to see the relevant options. Here, change the Who can see posts you're tagged in on your profile? to Only me, if you don't want tags to appear at all.

  16. A recent history of Facebook security and privacy issues

    On Jan. 4, 2018, Facebook CEO Mark Zuckerberg posted his New Year's resolution, vowing to fix Facebook's various issues with abuse, election interference and misinformation campaigns. But a timeline of events since then shows a bevy of Facebook security and data privacy issues. In February 2018, Facebook was found guilty in German and Belgian ...

  17. 10 Ways Facebook Can Improve Privacy and Security

    1. Listen to users Facebook needs to spend more time listening to its users. Although the company realizes that it can't always give in to users' demands, it also needs to realize that the users...

  18. How Facebook can fix its data privacy problem

    Advertisement U.S. markets closed How Facebook should fix its privacy problem Rob Pegoraro · Contributing Editor April 2, 2018 at 9:58 AM Zuckerberg has been on a bit of a publicity tour...

  19. Facebook faces mass legal action over data leak

    DRI claims Facebook failed to protect user data and notify those who had been affected. The data leak was first discovered and fixed in 2019, but was recently made easily available online for free ...

  20. Fix a Problem

    Fix a Problem This collection of articles is meant to help you troubleshoot problems with your profile picture, cover photo, timeline, posts, and profile. If you're having trouble logging into your account, you can learn how to fix a login problem. You can also learn about your privacy and keeping your account secure. Fix a problem

  21. Report a Problem

    Report that something isn't working on Facebook. Log into Facebook on a computer. Click your profile picture in the top right of Facebook. Select Help & support, then select Report a problem and follow the on-screen instructions. Learn more about what data gets sent to us when you report something that isn't working.

  22. The 8 Most Challenging Data Privacy Issues (and How to Solve Them)

    #1: Embedding data privacy Unfortunately, many businesses only have data privacy tacked onto their IT security or disaster recovery plan. But that's not good enough because data privacy touches on so many parts of your business. You can't afford to treat privacy as an afterthought.

  23. Samsung Galaxy S24 gets big update that promises to fix display issues

    Samsung says in a new blog post that "based on your feedback" the Galaxy S24 will get some "enhanced options and experiences across the device display and camera." That seems to be a generous way ...

  24. Hartford leaders aim to fix problems with landlords

    Updated: 5 hours ago. A woman was killed in a three-vehicle crash in Avon on Tuesday morning, police said. Hartford leaders aim to fix problems with landlords.

  25. Why was Alejandro Mayorkas impeached? Not to solve any problems

    That's how House Republicans managed—barely—to impeach Homeland Security Secretary Alejandro Mayorkas on Tuesday night, in their second attempt this month. In a 214-213 vote, House ...

  26. Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review

    Microsoft Patch Tuesday's February 2024 edition addressed 79 vulnerabilities, including five critical and 66 important severity vulnerabilities. Microsoft has addressed two vulnerabilities known to be exploited in the wild in this batch of updates. Microsoft has also addressed six vulnerabilities in Microsoft Edge (Chromium-based).

  27. What the California Senate Candidates Say They'll Do on Housing

    Schiff, who is leading in polls, has released a plan that would send $100 billion in federal funding to fight homelessness, expand housing vouchers, and boost tax incentives for developers. Schiff ...

  28. .NET 6.0 Update

    This update contains both security and non-security fixes. See the release notes for details on updated packages. .NET 6.0 servicing updates are upgrades. The latest servicing update for 6.0 will remove the previous 6.0 update upon successful installation. For example, when .NET 6.0.27 is installed .NET 6.0.26 version will be removed from the ...