Disturbing privacy advocates, The Wall Street Journal reported Thursday that social networking
sites are sharing information with advertisers that can be used to
identify individuals. Facebook, MySpace, and
others have been sending code to advertising firms that can lead them
back to user profile pages full of personal information. Putting it in
simpler terms, Harvard Business School professor Ben Edelman told the
Journal, "If you are looking at your profile page and you click on an ad,
you are telling that advertiser who you are."
Facebook says it fixed the loophole after speaking with the Journal. As many have pointed out, the privacy breach likely violated the company's own terms and conditions, which promises not to share users' personal data with third parties without explicit consent. Here's the reaction.
- Why This Matters Zeljka Zorz at Help Net Security explains the potential threat. "The problem with the advertising agencies being given this information is that they could use it to mine other personal data from the profiles of those users, if they shared it with the network and if the privacy settings are set to minimum."
- This Is Inexcusable, fumes Sarah Jacobsson at Computer World. "The real problem is, of course, that social networking sites have the ability to obscure user names and profile ID numbers from advertisers--but they simply haven't. While many of the sites only reveal information about the last page viewed (which may not be the user's profile and may therefore not reveal anything about that person), Facebook was a more serious offender as it sent information on both what profile was being viewed and who was doing the viewing."
- How to Protect Yourself "There's a simple solution, don't click on ads when visiting social networks," writes James Johnson at the Blog Herald. "A boycott of Facebook and MySpace ad clicking is a simple method that if followed by more users may cause them to think twice before violating their own privacy policies."
- Why Social Networks Need to Be Extra Careful Sarah Jacobsson explains. "This is common practice all over the web, and, in most cases, is no issue--advertisers receive information on the last page viewed, which cannot be traced back to the user. In the case of social networking sites, the information on the last page viewed often reveals user names or profile ID numbers that could potentially be used to look up the individuals."
- Sadly, Users Won't Care, writes Nicholas Carlson at Business Insider. "This is bad behavior from Facebook, but we doubt it'll get punished for it. Right or wrong, we don't think Facebook users care about these kinds of issues enough to quit Facebook over them."
- This Is Not a Scandal, insists Marshall Kirkpatrick at Read Write Web. "The tone of the article implies that some major scandal has been broken wide open. ... I think if it had been put like this, the WSJ story would have been more more clear: Facebook used to, in some cases, send referring URLs with logged-in user IDs inside the URL when a user clicked on an ad. The Journal alerted them to that situation and they now obfuscate those URLs. That's good. Potential privacy situation dealt with."