-Updated 11-01-10- Facebook has completed its internal investigation into reports from The Wall Street Journal that Facebook applications were violating its user privacy. The WSJ says FB is sharing unique user IDs with advertising agencies and data collection companies. According to the firm’s blog, some developers were sharing Facebook UIDs with data brokers for a fee, “this violation of our policy is something we take seriously,” Facebook engineer Mike Vernal wrote in the corporate response.
The Social Networker is reportedly taking action against developers who violated the Facebook policies by “instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies” according to the corporate blog.
The blog also states that Facebook has struck a deal with Rapleaf (Which I wrote about here), the data-mining firm that has tied Facebook ID information collected by Facebook applications to a database of Internet users it sold. “Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.”
—
Last May Facebook was caught using “referrers” to send users’ ID information to advertising agencies every time the users click on ads. In response, the social networker changed some of the code that allowed this and issued a half-hearted apology. Now, the Wall Street Journal has found that third-party applications or “apps” on Facebook have been guilty of the same thing. The WSJ says the privacy breach affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.
“Apps” are pieces of software that let Facebook’s 500 million users play games or share common interests with one another. The company says 70% of users use apps each month. The WSJ found that all the 10 most popular apps on Facebook were transmitting users’ IDs to outside companies including:
- FarmVille,
- Phrases,
- Texas HoldEm,
- FrontierVille,
- Causes,
- Cafe World,
- Mafia Wars,
- QUiz Planet,
- Treasure Isle
- IHeart.
The WSJ says that Zynga Game Network Inc.’s (ZNGA) FarmVille, with 59 million users has also been transmitting personal information about a user’s friends to outside companies.
The information being transmitted includes the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation, and photos. The apps reviewed by the WSJ were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.
The Journal found that data-gathering firm, RapLeaf Inc., (Which I wrote about earlier) had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms including Google’s Invite Media, the Journal found. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf to the WSJ.
Facebook has again issued a statement that it will look into the matter and correct the code and has in the meantime disabled thousands of applications. According to the WSJ, the applications transmitting Facebook IDs may have breached their own privacy policies. Zynga, for example, says in its privacy policy that it “does not provide any Personally Identifiable Information to third-party advertising companies.” A Zynga spokeswoman told the WSJ, “Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information.”
rb-
Once again, Facebook has a user privacy breach on its hands. The social networker keeps promising to protect its customers’ personally identifiable information but never seems to get it right.
Perhaps the question Facebook users should be asking is does Facebook really want to protect their user’s privacy?
Related articles
- Facebook facial recognition tech ‘violates’ German privacy law (go.theregister.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.