In 2014, a researcher named Alexander Kogan created a personality quiz that 270,000 Facebook users would go on to install. From those downloads alone, he was able to harvest the personal information of up to 87 million people, according to Facebook’s most recent estimate. He then passed that data along to Trump-affiliated political firm Cambridge Analytica, which would use it to target voters in the 2016 presidential election. Now Facebook has finally released a tool that lets you know whether you were affected.
Beginning at noon EDT on Monday, some Facebook users will see one of two messages at the top of their News feed. Both use the header Protecting Your Information, with one focusing on Cambridge Analytica and the other providing more general guidance about controlling which apps and websites currently have access to your data. If it’s slow showing up, you can also check directly right here.
It appears that only those who were friends with someone who used Kogan’s app—called “This Is Your Digital Life”—will see the Cambridge Analytica warning. If you click through, you’ll see the types of data that Cambridge Analytica could have had about you, which ranges from simple demographics to the contents of your inbox.
“We have banned the website ‘This Is Your Digital Life,’ which one of your friends used Facebook to log into,” the message reads. “You can learn more about what happened and how you can remove other apps and websites any time if you no longer want them to have access to your Facebook information.”
Those who weren’t affected will instead get a direct link to Facebook’s Apps and Websites privacy settings, where they can see which apps have access to their data, and the option to remove them.
Even Facebook users who weren’t impacted by Cambridge Analytica should go ahead and click forward to the Apps and Websites page, a setting that Facebook has inexplicably kept separate from its Privacy options for years.
If you do find apps there that you want to remove—it’s amazing how many you can pile up over the years—keep in mind that they can still hold onto your data after you give them the boot. To be totally free and clear, you have to contact them directly, through their Facebook page or website, and ask them to clear out whatever they have on hand. And if you installed the app before Facebook tightened its restrictions on developers in 2014, there’s a chance they accessed all of your friends’ data from then as well.
As for Cambridge Analytica, the company says it deleted all of the data as soon as Facebook informed them about it. But sources have since told WIRED that a small number of people there could access the data set as recently as last year. And British news station Channel 4 reported recently that the Cambridge Analytica data was still in circulation in Colorado.
The disclosure comes ahead of CEO Mark Zuckerberg’s scheduled Congressional testimony this week, and is joined by other hurry-up efforts to shore up the company’s privacy bona fides, including no longer letting people search for friends by phone number, and announcing an “unsend” feature in Messenger that will be implemented over the next few months.
Still, Facebook has a long way to go before it can regain user trust. Even this effort at transparency came years after the offending incident, and involved a slow rollout of disclosures: In its initial disclosure, Facebook only cited the 270,000 people who downloaded the app, then let the widely reported estimate of 50 million users stand, only burying its own, official 87 million number at the bottom of an announcement about API changes.
And while knowing that Cambridge Analytica may have siphoned your data certainly lets you know more about how your data traveled, it’s also far too late to do anything about it.
This story has been updated to include a direct link to find out if Cambridge Analytica could have accessed your data.