Network News

X My Profile
View More Activity

Facebook, MySpace leaked user data to advertisers

As I was making my way home yesterday afternoon (a journey that stretched well into the morning hours, but that's not important right now), the Wall Street Journal was posting a report about yet another privacy misstep by social-media Web sites.

WSJ writers Emily Steel and Jessica E. Vascellaro reported that Facebook, MySpace and other social networks had been passing along identifying information about their users to companies that had bought advertisements on their pages. I wasn't completely surprised to read that Facebook had gone further than most of these companies, exposing its users' identities in two ways when they clicked on ads placed on Facebook profile pages.

The Journal asked Harvard Business School researcher and professor Ben Edelman to look into the issue; he then posted his analysis on his site, which you should read in addition to the Journal's story.

Here's what's going on, as I understand it. On one level, it's routine practice and a core part of the Web's standards for browsers to tell Web servers what page provided the link the user just clicked on. This "referrer" header helps Web authors identify pages with incorrect links, greet visitors coming from a particular site with a special message ("Hello, Slashdot users! Sorry our site is running slow") and provide other helpful services.

It's fair to argue that a social hub should be expected to work like any other site.

But on Facebook, page addresses aren't innocent strings of text. They contain either a username you've picked or a user ID specific to you. Further, Facebook's privacy policy is unusually specific on this point. Under its fifth section, "How We Use Your Information," it declares: "We don't share your information with advertisers without your consent."

And that doesn't even get to a second problem Edelman documents--that Facebook, in some circumstances, also passed along the username of somebody who clicked on an ad on a Facebook profile. That went well beyond traditional referrer functions.

Facebook told the Journal that it's fixed that issue and is looking at fixing the referrer issue, too (although its blog remains silent on these points).

Since I can't remember the last time I clicked on a Facebook ad--sorry, most are just not that interesting to me--I am not terribly concerned about this issue. Like some other users, I think it's just another reason to be careful and calculating in your use of Facebook, to assume that anything sufficiently interesting there may become public in one way or another and to keep measuring Facebook's benefits against its costs.

I'm far more annoyed about how Facebook's management seems to be blinded by self-love to its own problems. When I took part in an interview on WAMU's "Kojo Nnamdi Show" on Tuesday with Wired writer Ryan Singel and Facebook public-policy director Tim Sparapani, Sparapani talked as if there was nothing wrong, then defended Facebook's sweeping changes by suggesting that without it we wouldn't have Web pages customized for their users.

I should have jumped all over that implausible assertion, but Search Engine Land editor Danny Sullivan did the job for me in a blog post that afternoon. He did, however, neglect to mention one useful way sites can customize themselves for visitors--the referrer standard that's gotten Facebook in its latest mess. Oh, sweet irony ...

By Rob Pegoraro  |  May 21, 2010; 5:00 PM ET
Categories:  Privacy , Social media  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Google plays Pac-Man
Next: Facebook founder Zuckerberg's not-quite-apology


Thanks for the good work.

Posted by: WorstSeat | May 23, 2010 9:27 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company