Facebook moves to fix privacy loophole after WSJ review
Social networking site Facebook said Thursday that it is fixing a privacy loophole that allowed advertisers to access user identification and potentially other information. The privacy lapse comes amid growing concern from lawmakers and regulators over how social networking sites and Internet companies are treating user data.
The change was first reported on The Wall Street Journal's Web site Thursday evening. The Journal reported that Facebook and other social networking sites such as MySpace had passed along to advertisers the user IDs of subscribers who had clicked on advertisements.
Facebook said that it does not share user information without user consent. But it said it did share some data that may include the user ID of the page but not the person who clicked on the ad.
“We don’t consider this personally identifiable information,” the company said in a statement. (Disclosure: Washington Post Co. Chairman Donald E. Graham sits on Facebook's board of directors.)
Facebook said that under one scenario, if a user took a specific route on the site, advertisers could see that the user clicked on his own profile and then clicked on an ad.
Here’s part of the Journal story:
The practice, which most of the companies defended, sent user names or ID numbers tied to personal profiles being viewed when users clicked on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code. Advertising companies were given information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person's real name, age, hometown and occupation. Several large advertising companies identified by the Journal as receiving the data, including Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven't made use of it. Across the Web, it's common for advertisers to receive the address of the page from which a user clicked on an ad. Usually, they receive nothing more about the user than an unintelligible string of letters and numbers that can't be traced back to an individual. With social networking sites, however, those addresses typically include user names that could direct advertisers back to a profile page full of personal information.
May 21, 2010; 8:16 AM ET
Categories: Facebook | Tags: facebook
Save & Share: Previous: FCC wireless report shows less market competition, spurs debate over FCC response
Next: FTC approves Google merger with AdMob thanks to Apple competition
Posted by: fyashf8uda9 | May 21, 2010 9:16 AM | Report abuse
Posted by: Gary12 | May 21, 2010 10:17 AM | Report abuse
Posted by: Bitter_Bill | May 21, 2010 10:37 AM | Report abuse
Posted by: Zino | May 21, 2010 11:01 AM | Report abuse
Posted by: las100 | May 21, 2010 12:40 PM | Report abuse
The comments to this entry are closed.