Zuckerberg spends the first part of his response running through the events as we know them, and by now they're fairly well understood -- a Cambridge researcher created a personality quiz that was taken by around 300,000 people, but because of the way Facebook's Friend APIs worked at the time, those 300,000 people inadvertently also handed over information about the people in their own social networks. All together, this meant Kogan -- and Cambridge Analytica, the political research firm with whom Kogan shared everything -- walked away with data from tens of millions of people. Upon discovering that transaction, Facebook banned the app and insisted all that data be deleted. As it turns out, that might not have been the case, so Facebook recently banned Cambridge Analytica from the platform and hired a forensics firm to audit CA's systems to make sure the data is really gone.
After getting everyone up to speed, Zuckerberg laid out a plan for ensuring incidents like this don't happen again. As mentioned, that will involve Facebook investigating apps that had access to broad swathes of user information before shutting down the API that allowed users to pass on data about their friends. Developers that fall into Facebook's crosshairs and do not agree to an audit will be banned outright.
Going forward, Facebook will also prevent developers from re-accessing your data if you haven't used their app within three months. More importantly, the social giant plans to reduce the amount of personal information developers can access when you sign into an app or service using your Facebook account. According to Zuckerberg, "only your name, profile photo, and email address" will be shared -- currently, app developers can access public profile information like your name, age range, gender, locale and time zone without needing Facebook to review the app in question. And finally, Facebook will make an existing tool that allows users to revoke data access to apps they've greenlit in the past more prominent by placing it right at the top of people's news feeds.
While many probably preferred a quicker response from Facebook's leader, Zuckerberg has offered concrete steps to help prevent illicit data harvesting in the future. That said, the word "sorry" appears not once in the CEO's 935-word post; the closest Zuckerberg gets to an apology are references to "mistakes" the company has made. Also missing is any explanation as to why Facebook seemingly made no effort to contact any user whose data might have been illicitly obtained after the company figured out what happened. Given the public's response to the reporting of the Cambridge Analytica story, to say nothing of the anti-Facebook sentiments shared by industry heavyweights like WhatsApp co-founder Brian Acton, Zuckerberg's measured response -- while technically proficient -- seems unlikely to satisfy people considering bailing on Facebook entirely.