> Cambridge Analytica then arranged an informed consent process for research in which several hundred thousand Facebook users would agree to complete a survey for payment that was only for academic use.
> However, Facebook allowed this app not only to collect personal information from survey respondents but also from respondents’ Facebook friends.[13] In this way, Cambridge Analytica acquired data from millions of Facebook users
FB gave them data about friends, when it was supposed to only give them data about respondents. Totally different situation.
Yes, the reason this happened was that when a user authorized the Cambridge Analytica app, it would have the ability to view information about all of that user's friends. Sound familiar?
The fault was not in anything CA did, even though I think what they did was bad. The fault was in Facebook letting clients access more data than you authorized them to.
If I approve an access request for a low level engineer to get a single repo from github, and github lets them access every repo on our orgs account, that's a huge fuckup by github, not me.
No, not even remotely similar. A user authorized CA to see their data for the purpose of a research suvey. CA got more data than the user thought they were giving them. With a custom client, the user is giving the client their account for the purpose of accessing all of Facebook through it. The client is getting exactly what the user is giving them and it makes perfect sense that it needs it.
FB gave them data about friends, when it was supposed to only give them data about respondents. Totally different situation.