A Facebook Game Developer Who Definitely Pinched Your Data Has Spoken Out

A bloke who made a popular Facebook game back in 2010 called Cow Clicker has spoken out about mass data collection and its use by dodgy companies like Cambridge Analytica.

If you missed that rigmarole, Cambridge Analytica used data collected from millions of Facebook profiles to serve ultra-targeted campaign ads during the last US presidential election. Their actions – while morally dubious – we’re seen as above board, but the way this data was collected and sold for commercial use was not.

In the wake of all that, Cow Clicker creator, Ian Bogost, wrote an article in The Atlantic detailing just how much data he had access to, how easy it was to obtain, and how no matter what Mark Zuckerberg says, the damage has already been done – your data is probably already out in the wild.

Fed up with all the trash like FarmVille and Pet Society, Bogost created his own nonsense game. A satirical take on Facebook’s view of gaming, if you will. The whole thing got pretty popular, too, but after getting tired of it, old mate shut it down in 2012.

Like all of Facebook’s apps, as soon as you hand over your permission, developers can access swathes of your personal data.

“If you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior,” Bogost wrote.

“I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.”

He goes on to point out something that’s often overlooked – when opening one of these apps for the first time, you’re prompted with a screen asking you to agree to its terms. You’re asked this before you even see what the app looks like and if you decline, you won’t get access to it at all.

Furthermore, while it’s often surrounded by the regular blue walls of the Facebook page, Bogost points out that you’re actually visiting a third-party website that might not be safe at all.

“To the average web user, especially a decade ago, it looked like the game or app was just a part of Facebook itself,” he wrote. “The page is seamless, with no boundary between the site’s navigational chrome and the third-party app.”

“When a user loads an app, Facebook’s servers pass those requests to a remote computer, where the individual or company that made the app hosts their services. The app sends its responses to Facebook, which formats and presents them to the user, as if they were inside of Facebook itself.”

The data transferred during this time wasn’t even encrypted, that was only enforced years later. What Bogost is getting at, is that no matter how many apps you withdraw your authorisation from, they still have your data. Even he still has your data and if he wanted to, he could do some wild shit with it.

“I could use a database-query tool called FQL, Facebook Query Language, to retrieve the details of those networks, and correlate them back to my users. Had I wanted to, I could have recombined that information with other data and used it for retargeting.”

Luckily, he seems like a nice guy, so I don’t think he’s gonna use your shit against you, should you be on his list. But hopefully his story is enough to make people think twice about their online behaviour.

You can read the full yarn right here.