Security

Facebook Privacy Fail: Apps Leak Private Info, Report

Even if you use the strictest privacy settings on Facebook, many applications can pass on information that personally identifies you and your friends to advertisers, says a Wall Street Journal investigation.

Your name, and in some cases your friends' names are provided to dozens of advertising and Internet tracking companies, according to the WSJ report, by simply using Facebook applications or games. It is estimated tens of millions of Facebook app users are affected, despite many using the strictest Facebook privacy settings.

The apps reported to share this personal information without your knowledge are the usual culprits. Among those named is Zynga, the developers of FarmVille (with 59 million users), TexasHoldEm Poker, FrontierVille, Mafia Wars and Café World, as well the Phrases app, Causes, Quiz Planet and Treasure Isle.

The WSJ reported:

"The most expansive use of Facebook user information uncovered by the Journal involved RapLeaf. The San Francisco company compiles and sells profiles of individuals based in part on their online activities."

According to the Journal report RapLeaf was harvesting Facebook IDs from leaky Facebook apps such as LOLapps and Family Tree and "then linked those ID numbers to dossiers it had previously assembled on those individuals."

Facebook promptly replied to the allegations on Monday, saying "in most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work. We have experience addressing this sort of issue previously, although the technical challenges here are greater. We are talking with our key partners and the broader Web community about possible solutions."

Is Facebook Doing Enough?

Facebook has over 500 millions users worldwide and has been at the center of several privacy debates this year. The social network released in early October some new features that give users greater control over how their data is used and shared. The changes were meant to address privacy gaffes from May, when it was blasted by consumer protection groups because of shoddy privacy policies.

Yet ten days after Facebook addressed earlier privacy concerns, the company admits to new privacy and security problems regarding some applications, and puts a brave face on saying it is "dedicated to protecting private user data while letting users enjoy rich experiences with their friends."

What's worse is that this is only the latest revelation after reports that Facebook retains your phone details when using the service from a smartphone, and that even if you're not on Facebook, the social network still knows of you through aggregated information.

- Follow Daniel Ionescu and Today @ PCWorld on Twitter

Subscribe to the Security Watch Newsletter

Comments