Facebook is in the privacy hot seat again, but not because of invasive new features or a policy change. This time, several third-party Facebook apps, including popular games such as Farmville, were caught transmitting User IDs to advertisers and Internet tracking firms, according to a Wall Street Journal investigation.
Here’s what you should know about the latest Facebook privacy snafu:
The User ID is how Facebook identifies individual users. Knowing someone’s User ID means you can see the public parts of that person’s profile. A user with the tightest privacy settings can still be identified by name. Completely open profiles reveal a user’s age, occupation, interests, relationship status and friends.
What were third-party apps doing with this information?
At least 25 advertising and data firms were receiving User IDs. One firm, called RapLeaf, was incorporating User ID information into broader Internet user profiles, and selling them. Three of Facebook’s top 10 apps were sending information about users’ friends to outside companies.
How did this happen?
Web browsers use a standard called a “referrer,” which reveals your current URL when clicking a link. Because Facebook URLs include User IDs, they’re exposed through referrer. Because this flaw has more to do with Web browsers than Facebook itself, app developers might not have even realized they were transmitting this information.
So advertisers know Facebook user’s names. What’s the big deal?
The revelation is embarrassing to Facebook, whose policy says third-party apps may not share user information with outside companies. Facebook itself doesn’t share personal information with advertisers.
Still, some new media experts, notably Jeff Jarvis, believe the Journal’s report is overblown because User IDs reveal little about a person. “So you learn that ‘Jeff Jarvis’ uses Facebook,” Jarvis wrote on Twitter. “… The White Pages reveal I use the phone. So?”
How is Facebook responding?
Facebook temporarily suspended some of the apps that were transmitting this information, but it’s still working on permanent solutions. Facebook developer Mike Vernal said more details will be available in the next few days.
What can users do if they’re still worried?
Avoiding third-party Facebook apps is really the only option until Facebook comes up with a solution. In the meantime, be aware of Facebook’s newest privacy controls, including simplified settings, downloadable data and a dashboard for app settings.