Last week, the CEO and founder of Facebook, Mark Zuckerberg, has spent 2 days before 2 committees of the US senate answering questions about privacy concerns at Facebook in light of the Cambridge Analytica scandal. As a Web programmer myself, I found these series of exchanges and Mark’s responses fascinating as well as enlightening. I replayed most of the sessions thanks to YouTube. Here are some key observations.

It was particularly amusing, and concerning at the same time, that many of the senators simply did not understand the fundamentals of how Facebook works, what it actually does, or its business model. A good number of them relied on questions submitted by their constituents who, in turn, did not have much better understanding themselves. As a result, too many questions were irrelevant to the most recent data breach and, instead, focused on advertisers, how users’ data is used, shared, or sold relative to advertising. Zuckerberg had to repeat numerous times that data is not sold to advertisers, neither is it shared with them directly. He also had to repeat that advertising is Facebook’s business model quite a few times. The way Facebook uses users’ data is to decide who sees specific advertisements based on the advertiser’s selections and the users’ expressed interests, as well as their browsing history. This is a pretty standard way how online advertising works across the board. Nothing particularly new or noteworthy there.

From those interrogations, it was made apparent that there are three distinct platforms that are integrated into what is Facebook today. These are the publishing, advertising, and developer platforms. The issue at stake is not the first two but the third one, which the senators spent extremely little time discussing. The key question should have been, “why does Facebook allow developers to collect data from users through their apps?” This is how Cambridge Analytica acquired the data of 87 million Facebook users when a Russian-American researcher, Alexandr Kogan, created a simple quiz app. He was somehow able to collect that data of those that accessed the app and the data of all their friends (without their knowledge). Kogan then sold that data to Cambridge Analytica. It is safe to say that the vast majority of Facebook’s users don’t know that their personal data (and those of their ‘friends’) may be, and likely is, shared with 3^rd party app developers when they interact with the apps, including game apps.

It is also noteworthy that as much as 29,000 data points are collected by Facebook on each user. What is a data point? A data point is a unit of identifiable information about you. For example, favorite dessert, favorite food, favorite ice cream, favorite pet, favorite color, favorite vacation destination, married, single, divorced, name of significant other(s), location(s) you live(d) traveled, religion, and so on, etc. That is just a small number of data points. It is hard to know exactly what each of the 29,000 data points are beyond the ones that are obvious. But that is far more information than you or anyone else close to you knows about you. The more you post personal details, use apps, or interact with Facebook in any other way, you help them fill each of the 29,000 plus data points.

In the same senate sessions, it also was stated that Facebook collects data points even on non-Facebook users. Now, you may ask how is that possible if you are not a Facebook user? Zuckerberg gave some clues on that. He said that it was for security reasons. So, if you have ever had an account on Facebook and closed it, or if you tried to access Facebook with a phony login, or even just visited Facebook, there is what is known as ‘cookies’ which can be tracked and collected between visits. Cookies are tiny bits of code stored on your browser that are used by almost every website from simply tracking visits to that website to allowing visitors to log in and do stuff on the website. This is one potential way that Facebook may track non-Facebook users. If that is the case, those are some pretty sophisticated ‘cookies’. Generally speaking, ‘cookies’ do not store personally identifiable information.

Facebook is not the only player that is going to great lengths to collect as much data on Internet users as possible. Google and Amazon are other competitors for such data. What makes Facebook unique is that it is marketed as a platform that allows you to connect with friends and, as such, encourages users to post personal information. I remember one time it asked me to upload a copy of a photo ID such as a driver’s license or passport page. Just to unlock a recently created account or perform certain action. It was very eerie to see that and I refused. The account remained locked and I couldn’t access it even to delete it. Thankfully there wasn’t much on it.

Your most precious commodity is you and your privacy. Be careful how you share any information about yourself online and don’t give up that privacy readily. Keep in mind that if something is offered for ‘free’, there always is a catch. Oh, and Mark Zuckerberg’s personal data was stolen as well.