Facebook: Another Privacy Scandal

Oct. 19, 2010 — -- Facebook has acknowledged a problem with its site that reveals your name and the names of your Facebook friends to some advertisers, and potentially tracks the websites you visit online.

The Wall Street Journal tore apart the code in Facebook to determine what identifying user information was being forwarded to third-party applications such as Farmville, Mafia Wars and some of the quizzes you take. These are all add-on apps on which a user has to click to access Facebook, not features such as photos or videos.

The Journal found that in 25 instances the third-party app companies were taking in users' Facebook identification numbers. The number then tied into a user's profile and could identify the person by name, no matter how secure his or her privacy settings were.

The companies tracking you could then build a clear profile of your habits. If they used other Internet tracking technology to keep a record of the websites you visit and then married that to your name, this would be a clear violation of Facebook's policies, which has consumer groups up in arms.

"In general, what's going to happen here is targeting of ads," said Kurt Opsahl, senior staff attorney at the Electronic Frontier Foundation, a nonprofit, nonpartisan organization working to protect fundamental civil liberties. "The advertiser will be able to know a little bit more about you and target ads based on that knowledge.

"But the real question comes, where does it stop? If it goes to one company who then transfers it to another company, does that third company then transfer it further on? You lose control of where the information goes.

"And, on some level, if this information goes out beyond the advertising networks and becomes available to other, perhaps more nefarious users, they could use that information for identity theft or for targeting phishing attacks or targeting virus attacks," he said.

What You Can Do

Many others worry about the data being used to profile individuals for future business scenarios, pointing out that the information could be sold to people screening you for a potential job, insurance companies determining if you can get health care or even a bank wondering if you are a good risk for a loan.

It is not difficult to imagine a future scenario built around this kind of data profiling.

Facebook has acknowledged the mistake, saying it was not its intention to provide the tracking tool. The company said it has taken steps to mitigate the problem.

"Developers cannot disclose user information to ad networks and data brokers," according to a statement on its Developer blog. "We take strong measures to enforce this policy, including suspending and disabling applications that violate it."

In the meantime, however, here's what you need to know or do differently.

1. Social networking sites are not charity organizations; they are advertising to you, they are collecting data, and while Facebook says this was a mistake, be aware that information breaches happen online.

2. If you have a Facebook account, it is well worth the time to lock down the privacy settings. It may seem complicated, but we have clear instructions on what the privacy settings mean HERE.

3. Some of the worst offenders in this particular breach were from applications within Facebook; the invitations where you have to accept terms of service from a third party. If privacy is paramount to you, we suggest declining the invitations unless you have time to research who they are and what they are doing with your information.

The bottom line is that you should think carefully about your use of social networks, lock down your privacy and try to make peace with the reality that you have a lot less privacy than before.