Facebook is in the privacy hot seat again, but not because of invasive new features or a policy change. This time, several third-party Facebook apps, including popular games such as Farmville, were caught transmitting User IDs to advertisers and Internet tracking firms, according to a Wall Street Journal investigation.
Here’s what you should know about the latest Facebook privacy snafu:
What’s a User ID and what information does it provide?
The User ID is how Facebook identifies individual users. Knowing someone’s User ID means you can see the public parts of that person’s profile. A user with the tightest privacy settings can still be identified by name. Completely open profiles reveal a user’s age, occupation, interests, relationship status and friends.
What were third-party apps doing with this information?
At least 25 advertising and data firms were receiving User IDs. One firm, called RapLeaf, was incorporating User ID information into broader Internet user profiles, and selling them. Three of Facebook’s top 10 apps were sending information about users’ friends to outside companies.
How did this happen?
Web browsers use a standard called a “referrer,” which reveals your current URL when clicking a link. Because Facebook URLs include User IDs, they’re exposed through referrer. Because this flaw has more to do with Web browsers than Facebook itself, app developers might not have even realized they were transmitting this information.
So advertisers know Facebook user’s names. What’s the big deal?
The revelation is embarrassing to Facebook, whose policy says third-party apps may not share user information with outside companies. Facebook itself doesn’t share personal information with advertisers.
Facebook temporarily suspended some of the apps that were transmitting this information, but it’s still working on permanent solutions. Facebook developer Mike Vernal said more details will be available in the next few days.