![](\"https:\/\/media.wired.com\/photos\/5acd412f1a12d84608c603cd\/master\/pass\/ZuckTrailDay1b_18100764119396.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Wed, 11 Apr 2018 01:10:58 +0000<\/strong><\/p>\n Mark Zuckerberg appeared <\/span>before Congress Tuesday, and for five hours, senators who appeared to have halting grasp<\/a> of the company\u2019s intricacies questioned the Facebook CEO on topics ranging from Russia to artificial intelligence. Zuckerberg for the most part gave considered answers to their questions\u2014except when it came to the specifics of how users can control their privacy<\/a>.<\/p>\n That Zuckerberg would dodge uncomfortable questions is a disappointment, though maybe no surprise. But when it came to addressing how the company collects and handles data\u2014and what tools it gives you to control that flow of information\u2014Zuckerberg landed repeatedly on a common refrain: Users have complete control over how their data gets used. \u201cThis is the most important principle for Facebook: Every piece of content that you share on Facebook, you own and you have complete control over who sees it, and how you share it, and you can remove it at any time,\u201d said Zuckerberg.<\/p>\n But in trying to present this as exculpatory, Zuckerberg misses the point. Offering tools to someone doesn\u2019t help at all if they\u2019re hard to find, and even harder to understand.<\/p>\n Zuckerberg cited the \u201cinline\u201d controls that Facebook has gifted its users multiple times. What he\u2019s referring to specifically seems to be the dropdown menu that you see before you post to Facebook, the one that says Who should see this?<\/strong>, and lets you whittle down your audience by friend groups, geography, or not at all.<\/p>\n Offering tools to someone doesn\u2019t help at all if they\u2019re hard to find, and even harder to understand.<\/p>\n Which, sure. That helps. But it\u2019s also not what\u2019s at issue here. The creeping concern around Facebook\u2014and Google and other ad-driven platforms\u2014isn\u2019t whether former coworkers can see your current happy hour pics. It\u2019s whether an infinite, invisible web of advertisers, marketers, and app developers can. There\u2019s no inline control for that, no option before you post not to share your political screed or baby videos with Dove body wash, or some contact lens start-up.<\/p>\n For that, you need to dig deep into Facebook\u2019s settings, a click-intensive process full of unclear language and uncertain paths. Here\u2019s a story<\/a> that walks you through it; it\u2019s well over 2,000 words long. And that\u2019s the condensed version.<\/p>\n "Based on today's hearing, even Facebook must acknowledge they need to do much more to communicate to users how their platform works, what data they collect on Facebook and off, and how that information is used for advertising," says Joe Jerome, policy analyst at the Center for Democracy & Technology. "Mr. Zuckerberg argued that Facebook needs to provide controls where users are, when they're posting photos and messaging friends, but global privacy controls have always been a challenge for Facebook\u2014and any social media platform."<\/p>\n To be honest, all you really need to know about Facebook\u2019s attitude toward what you share with apps and ad networks is that the social media company doesn't put controls for either under its Privacy<\/strong> category. For years, to see which developers might have your information, you\u2019ve had to go to Apps and Websites<\/strong>. To see what advertisers know and see, you have to visit Ads<\/strong>, and decipher inscrutable language like \u201cCan you see online interest-based ads from Facebook?<\/strong>\u201d, which you\u2019ll find under Ads based on your use of websites and apps<\/strong>.<\/p>\n Are these the controls that Zuckerberg thinks give users complete power over their data? It beggars belief, if so. They\u2019re hidden, they\u2019re opaque, and they don\u2019t do enough to communicate what information, precisely, those third parties have about you and what they do with it. And if you have installer\u2019s remorse and want to reclaim your data? Facebook can\u2019t help you with that. You need to contact the developer directly, and hope they listen.<\/p>\n To make matters worse, even Facebook doesn\u2019t necessarily know what happens to your data after an app accesses it. While questioning Zuckerberg, Senator Richard Blumenthal noted that the personality quiz app that exposed up to 87 million people\u2019s data to political firm Cambridge Analytica<\/a> clearly stated in its terms of service that the data it collected could be sold. If Facebook can\u2019t bother to read all the way through an app\u2019s Terms of Service, how can it expect you to read through its own? (And in fact, Zuckerberg acknowledged that most Facebook users likely don\u2019t.) Until October 2015, Facebook even allowed apps to request access to user inboxes<\/a>, which meant developers could read any message those people sent or received.<\/p>\n 'They\u2019re the company that created these problems. We can\u2019t be looking to the company that caused these problems to fix them.'<\/p>\n Sam Lester, EPIC<\/p>\n \u201cGoing forward, we're going to take a more proactive position on this, and do much more regular stock checks and other reviews of apps, as well as increasing the amount of audits that we do,\u201d Zuckerberg said Tuesday. But privacy advocates argue that any added rigor comes years too late, especially given that Facebook's looseness with user data in 2010 led to an FTC consent decree<\/a> that placed strict requirements on how it handled your information. This is a company, after all, that for years left up a detailed privacy setting that didn\u2019t do what it said. In fact, it barely did anything at all<\/a>.<\/p>\n \u201cFacebook already had a legal obligation to not misrepresent its privacy settings and to verify the security of all third party apps on its platform and submit audits,\u201d says Sam Lester, consumer privacy fellow at the Electronic Privacy Information Center. \u201cThey utterly failed to comply with that order, which I think is clear from today\u2019s hearings.\u201d<\/p>\n Facebook did stop the pervasive sharing that allowed the Cambridge Analytica fiasco in 2015. And it will introduce a redesigned settings menu<\/a> soon, one that at the very least puts everything in one place. The company this week proactively started pointing some users to the Apps and Websites<\/strong> setting that shows people what apps could sift through their info. All of that counts as progress. But privacy is not a solved problem for Facebook, especially given its (repeatedly failed previous attempts) at self-correction. Zuckerberg has spent the last 14 years<\/a> apologizing for privacy slip-ups. There\u2019s not much room for benefit of the doubt.<\/p>\n \u201cFor obvious reasons we\u2019re not concerned with what Facebook\u2019s fixes to this problem are,\u201d says Lester. \u201cThey\u2019re the company that created these problems. We can\u2019t be looking to the company that caused these problems to fix them.\u201d<\/p>\n If nothing else, the Cambridge Analytica has shown people what Facebook is and always has been: An alchemist that spins your data into gold. That\u2019s not going to change. But the amount of transparency Facebook gives you around it still needs to\u2014if only Mark Zuckerberg could see it.<\/p>\n