Facebook: Your personal info for sale

The misuse of personal information from as many as 50 million Facebook user accounts is setting off alarm bells with lawmakers and privacy advocates.

What does Facebook know about you, and who has access to that data?  

The short answer: Facebook likely knows far more about you than you may suspect, and the data may be in the hands of more advertisers and app developers than you realize.

Facebook says on its ad-targeting site that it sells ads based on the information consumers share with it, as well as which ads they click on, which apps and websites they use, and information from outside data providers and advertisers. 

Consumers can find out some of what they've shared with Facebook by downloading their data files

The process, which takes a few minutes, will compile a list of which ads you've clicked on and which advertisers have your contact information. It's unclear what type of contact information those advertisers are holding. (Some of the advertisers with this reporter's contact information were businesses where, to her knowledge, she hasn't shopped at or clicked on their ads.)

Your data file also includes your ad topics, which Facebook describes as "topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline." 

It also includes all your private messages from Facebook Messenger, status updates, photos and events. 

Christopher Wylie, the data scientist for Cambridge Analytica who disclosed the firm's access to the Facebook data, indicated that private messages were available, but did not confirm that Cambridge Analytica accessed it. 

"It was almost everything that would be on a Facebook profile, so that was things like status updates, likes, and in some cases private messages," Wylie told The Guardian. Asked if Cambridge Analytica had the private messages of Facebook users, Wylie replied, "I can't say whether they did or not."

Facebook changed its policy on allowing developers to access messages in 2015, according to a spokeswoman. 

"Four years ago, our platform policy permitted people to share their own message inbox with developers," the spokeswoman said. "Developer access to messages was enabled only if the person downloaded the app and explicitly approved the permission."

The data files will also tell you what type of peer group Facebook considers you to be in, such as "established adult life." This appears to be a life-status designation based on your friend network.  

The data file doesn't include everything Facebook has. For instance, Facebook says on its site for advertisers that it includes "purchase behaviors." This can include purchases outside of Facebook, as the company has partnerships with point-of-sale companies like Square

Facebook can also track your location via your smartphone, unless you've switched off location tracking.

"It's a little old fashioned to think about, 'Do they have my name?" because they are still delivering information that's influential to you," said Kent Grayson, associate professor of marketing at Northwestern, who studies issues related to trust in business. "They can deliver personalized information to you based on your behaviors."

Facebook isn't alone in tracking consumer activity and selling that data to advertisers. Google, for instance, tracks consumers across its brands. The search giant says that includes everything from search activity to emails its users send and receive. However, Facebook's reach is considered much broader because its users provide data on their "likes" as well as their networks of friends and family members.  

What Facebook sells to advertisers

Facebook has become an advertising behemoth because it can slice and dice its users into targeted groups that companies want to reach. Its "core audience" targeting provides advertisers with four types of information about users: demographics, location, interests and behaviors, according to its ad-targeting site for advertisers.

"Behaviors" are what Cambridge Analytica was searching for. It reportedly wanted to create "personality profiles" of voters before the 2016 presidential campaign. The goal, Wylie said, was to influence U.S. voters to "think of something differently."

Cambridge Analytica was backed by Robert Mercer, a billionaire supporter of President Donald Trump, and worked with Steve Bannon, a campaign strategist. But it's unclear how much the profiles were used by the Trump campaign and how effective they were. The Trump campaign phased out its use of Cambridge Analytica before the election.

What third-party apps get access to

Researcher Aleksandr Kogan, a psychology professor at the University of Cambridge, is at the center of the most recent incident.

Kogan created an app called "thisisyourdigitallife," which offered a personality test to Facebook users.  

The role of Kogan's third-party app was essential to Cambridge Analytica's ability to reap data on tens of millions of consumers. Only 270,000 Facebook users downloaded Kogan's app, but because they agreed to share their friends' data, that exploded to more than 50 million users. 

About 11 percent of apps request friends' data in a 2011 study, said Professor Jens Grossklags of the Technical University of Munich. Because each Facebook user typically has about 250 to 300 friends, the "multiplier effect" is huge, he noted.  

"I would ask [Facebook CEO Mark Zuckerberg], 'Can you explain to me the reasoning why such broad access to user data is granted, especially friends' data?'" he said. Consumers don't often understand what they are sharing and what controls they are giving up, he said.

Facebook says it has changed its app development process and now requires developers to "justify the data they're looking to collect and how they're going to use it." 

"We actually reject a significant number of apps through this process," said Justin Osofsky, vice president of Global Operations. "Three years ago – after Kogan first created his app – we changed the product so that developers can't access the information of people's friends."

Nevertheless, Facebook has a privacy setting that controls whether your friends can share your data with apps. To make sure your friends aren't sharing your data with third-party apps, go "App Settings" and click on the box that says "Apps Others Use." Make sure the boxes for your information categories -- such as "things I like" and "if I'm online -- are unchecked. Other privacy settings can be checked here