Bad privacy press has been plaguing Facebook for some time. The bad news for Mark Zuckerberg this week was delivered in the form of a Wall Street Journal reportwhich claimed that some of the most popular third party apps on Facebook have been transmitting users’ personal data to advertising companies and data brokers in breach of Facebook’s developer policy.
The WSJ reported some of the most popular applications, including Farmville (which has a whopping 59 million users), Frontierville and Texas HoldEm Poker were making available the unique Facebook user identifications (UIDs) to 25 advertising and data companies, and some transferred information relating to users’ friends. This was even possible where the user had made the information in their profile private. The Facebook UIDs can be used to retrieve a Facebook user’s real name and any information on their profile to which access was not restricted by that user’s privacy settings.
A Facebook spokesperson said yesterday: “While initial press reports greatly exaggerated the implications of sharing a UID, we take this issue seriously. Our policy is already very clear that UIDs may not be shared with ad networks and data brokers, but we recognize that some developers were inadvertently sharing this information via the HTTP Referrer header.” Facebook is currently seeking the views of its developers on a proposed technical fixto encrypt the UIDs.
Datonomy thinks this is a rather unfortunate setback for Facebook, which has gone to great efforts in recent weeks to address privacy and user control. This was evident in the announcement made this month that Facebook has teamed up with Microsoft’s Bing search engine to bring a new social and personalised dimension to Bing, with both companies stressing that users’ privacy would not be compromised by the partnership. Facebook also introduced this month a new privacy dashboard to give users more visibility and control over how applications use their personal data. The dashboard allows users to see what permissions they have granted to an application and even the last date on which the application accessed their profile.