New Facebook Privacy Leak: Secret Info Being Shared With Advertisers

The millions of people on the fence about leaving Facebook may be encouraged to leave by the latest shoe to drop in the Facebook privacy fiasco.

The Wall Street Journal reports Facebook, Myspace, and other social networks have been sending personal and identifiable information about users to advertisers without the user’s consent.

Who Has Been Getting This Private Data?

The mega-advertisers like Google’s DoubleClick and Yahoo’s Right Media appear to have gotten the largest chunk of private info.

What Information Has Been Shared?

These companies (and others) recieved usernames or ID numbers. This means that companies could see exactly who clicked on their ad, not just their general location or other less identifying information.

Whether you think this is a trivial matter or something much larger, let’s take a look at what it means:

  • This information could be used to research personal info like someone’s age, location, job, home, family’s name, and pretty much anything you can find online.
  • Advertisers could theoretically ‘friend’ each of the people who clicked their ads and then talk to them (without paying Facebook) on their news feeds, or worse, through spamming them.
  • Facebook agreed to never share this amount of private info with advertisers. This small ‘leak’ could lead to class-action lawsuits and the eventual exodus from Facebook. (Time to start building Diaspora, that secure network NYU!)

Are They Fixing The Problem?

The WSJ goes on to report that since raising questions about the practice with Facebook and MySpace, both companies have since rewritten at least some of the code that allowed transmission of identifiable data. Beyond those two companies, LiveJournal, Hi5, Xanga and Digg made the list of sites identified as sending identifiable information back to advertisers when a user clicked on individual ads.

This problem is, as always, demonstrated in a spot-on way by xkcd:

The Journal found that Facebook went farther than most in sharing identifiable data, by sending the username of the person clicking the ad as well as the username of the profile they were viewing at the time. This news could hardly come at a worse time for Facebook, a company that currently faces a privacy backlash potent enough to make the cover of Time Magazine this month.

According to Mashable, outside of Facebook, the other companies named in the article maintain the data they send to advertisers contains the user ID of the profile a user is visiting when they click on an ad, and not the user ID of the visitor themselves. Both Google and Yahoo made strong statements refuting the idea that they would ever make use of any such personally identifiable data. Yahoo VP of global policy Anne Toth said of the allegations, “We prohibit clients from sending personally identifiable information to us. We have told them. ‘We don’t want it. You shouldn’t be sending it to us. If it happens to be there, we are not looking for it.’”

Do People Care?

In this day and age, privacy is dead (in the words of Mark Zuckerberg.) So what is the typical reaction to this privacy leak issue? We think this other cartoon illustrates exactly how the majority of users will react:

Online privacy is a big issue these days. Companies like have an array of tools and services to help you monitor, protect or repair your online presence.