A new Facebook app from Hillary Clinton’s presidential campaign that invites users to “Trump Yourself” could have privacy implications for users.
The app paid for by Clinton’s official campaign organization, Hillary for America, overlays an image of the user with a quote–an insulting one–from the Republican presidential nominee Donald Trump. The image can then be shared on Facebook.
But the app’s true intention likely goes further than just having a bit of fun at the expense of Trump. To Trump Yourself, user must first connect the app to Facebook and authorize the app to view their public profile information and email address. The email permission is toggled on by default and, if switched off, won’t allow the game to function. Small print at the bottom of the Trump Yourself page reads, “By using Trump Yourself, you’ll be opted in to Hillary for America’s emails.”
A Facebook app that collects data on users is nothing new. We’ve warned against the risks of people authorizing and authenticating apps and websites in the past, giving away their personal details to companies they know very little about. But what’s more troubling is Hillary for America’s fast and loose privacy policy.
The policy states that information gathered through social media can be used to “Help connect you with other supporters, and to solicit volunteers, donations and support for HFA and for candidates, issues and organizations that we support.” If a user submits to the terms of Trump Yourself, they can also be targeted with advertisements. The policy goes on to say HFA’s data can be used to “Personalize and improve the Sites and provide advertisements, content or features that match user profiles or interests or that are based on the information you provide or the actions you take.”
To make matters worse, HFA seems to have no qualms with sharing users’ data with third parties, according to the privacy policy. This could mean someone who decided to play Trump Yourself one time is added to a voter database shared with consultants, vendors, other candidates, political groups, and more. We’ve asked Hillary for America to comment on their use of personal data gleaned from Trump Yourself players and will update this article should it respond.
Also worth noting is that Facebook apps don’t just disappear after they are authorized. They remain connected to the user’s account until manually removed. Until then, the can continue to gather data within the limits of the permissions granted. Facebook users who already Trumped themselves have no real recourse to take back their data, except possibly an email or phone call to HFA.
A representative of Hillary for America told Mashable the app does not rely on Facebook data to select the filter, but that doesn’t mean no data is being collected on potential voters and donors.
Facebook as a campaign tool
Even if you don’t authorize the Trump Yourself app, just being on Facebook makes you a target for political campaigns. Particularly on the Democratic Party side, US campaigns have become especially adept at mining data online and leveraging it to target potential voters and campaign donors.
Facebook is in on the scheme, as much of the social network’s income is derived from advertising revenue. Facebook (and ergo Instagram) allows advertisers, be they multi-billion dollar presidential campaigns or small-time local candidates, narrow down an audience by several demographic factors: location, age, gender, device, relationship status, education level, and what type of work they do. Facebook claims to be 89 percent accurate in its targeting method, compared to just 38 percent accuracy when using other ad platforms like Google Adsense.
If you list specific hobbies or interests on Facebook or are a member of a group, Facebook advertisers can target you. If you liked a Donald Trump campaign video or a page supporting some type of activism, such as women’s rights, that makes you a likely voter and/or donor in the eyes of certain candidates. Soon, Facebook says advertisers can even target using data that goes beyond Facebook use, such as websites visited and apps used.
Hitting the right market used to be a game of educated guesses, but once a political campaign gets a hold of a name and email, it doesn’t even have to try. Facebook allows advertisers to upload lists of names of specific people it wants to advertise to. People who play Trump Yourself can look forward to a lot more Clinton campaign advertisements and emails in the near future.
Simply visiting a website affiliated with a campaign, whether you know it or not, can be enough to put a target on your back. The Online Trust Alliance conducted a study that showed 74 percent of presidential candidates websites engage in poor privacy practices. The Disconnect app, which identifies and blocks tracking cookies that monitor your web activity, found three dozen tracking requests on www.hillaryclinton.com alone. Tracking cookies remain active even after leaving a website, recording the websites visited and other information, and then subsequently using that information to tailor advertisements.
Third-party data brokers–businesses that specialize in the mining and sale of voter data online–play a big role as well. All of these databases can be combined to help in targeting.
How to avoid being targeted by a campaign
The only way to truly avoid being another data point in a campaign’s voter database would be to go dark and drop off the internet entirely. It’s not realistic for many people to abstain from Facebook, much less the internet altogether. With that in mind, we have a few tips.
Don’t add information to your Facebook profile unnecessarily. Home town, education, age, etc can all be used to target you. Be wary of the posts you Like and the groups you join, and assess for yourself if they have political leanings. Remove old unused apps that are still connected to your Facebook account, and uncheck optional permissions on the ones you do use. Register to vote with a state or county agency instead of a third-party signature gatherer. Don’t answer polls until you’ve read the pollster’s privacy policy. Use anti-tracking tools like Privacy Badger and Disconnect. Finally, don’t get political on Facebook.
