Facebook Admits To New Privacy Breach
Facebook has just got poked in the security department after some of its most popular apps have reportedly been transmitting user information
Fresh privacy concerns about Facebook have emerged after the Wall Street Journal revealed that some of the social network’s most popular apps have been transmitting personal information about users to advertising firms and Internet tracking organisations.
The damaging revelation could affect many of the 500 million people who currently use Facebook. The issue is even more damaging, because the WSJ investigation found that even users whose profiles have rigorous privacy settings, still have had their details exposed.
Facebook IDs
The problem stems for certain third party apps on Facebook. These apps have in effect being siphoning off user’s names (and in some cases their friends’ names), to dozens of advertising and Internet tracking companies. The actual information being transmitted is the unique ‘Facebook ID’ number assigned to every user on the site.
At least 25 advertising and data firms are thought to be have received Facebook ID numbers. These firms are known for building databases and profiles in order to track the online activities of people.
“The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure,” said the WSJ report.
The WSJ has found that all of the 10 most popular apps on Facebook are transmitting users’ IDs to outside companies. These include Zynga Game Network’s FarmVille, Texas HoldEm Poker and FrontierVille, as well as LOLapps Media with its Gift Creator, Quiz Creator, Colorful Butterflies and Best Friends Gifts apps.
Taking Action
On Sunday Facebook told the WSJ that it was taking steps to “dramatically limit” the exposure of users’ personal information.
“A Facebook user ID may be inadvertently shared by a user’s Internet browser or by an application,” the spokesman told the WSJ. The spokesman added that knowledge of an ID “does not permit access to anyone’s private information on Facebook,” and he announced that Facebook would introduce new technology to contain the problem.
“Our technical systems have always been complemented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information,” the Facebook official reportedly said.
‘We Take Privacy Seriously’
Meanwhile Facebook developer Mike Vernal blogged that the social network takes user privacy seriously.
“We are dedicated to protecting private user data while letting users enjoy rich experiences with their friends,” Vernal worte. “This more social web will only occur if users trust that they are in control of their information.”
“Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy,” he added. “In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.”
But he also said the implications of sharing a UID have been exaggerated.
“Knowledge of a UID does not enable anyone to access private user information without explicit user consent,” Vernal wrote. “Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy.”
Ongoing Issue
Despite this, the WSJ said that one of the recipient firms, RapLeaf, has linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. The WSJ also warned that RapLeaf had transmitted the Facebook IDs it obtained to a dozen other advertising and data firms.
Privacy concerns about Facebook is an ongoing issue. Matters were not helped in January of this year when Facebook founder Mark Zuckerberg said that privacy is no longer a social norm.
But the company has, of late, been taking steps to beef up its security credentials. Last week for example, Facebook added a one-time password feature, to address account security for Facebook users who are skittish about using their real password on public computers (in hotels, cafes or airports etc). Now they can get a one-time password sent to their mobile phones.
And last month Panda Security said that the dangers posed by social networking sites could be dangerous for SMBs. Its survey had revealed 33 percent of SMBs had experienced a malware or virus infection from social networks.
Yet the impact of Facebook continues to be felt around the world and it is even currently the subject of a movie.