Social networking giant, Facebook, has admitted that some applications (or "apps") hosted on its site have been transmitting user-identifying information to online advertising and internet-tracking companies. The admission follows an investigation by the Wall Street Journal ("WSJ"), conducted as part of their "What They Know" Series, documenting the various uses of Internet-tracking technology.
The issue centres around Facebook apps - pieces of software, usually developed by independent developers, which allow Facebook users to play games and interact with other users. Facebook has around 500 million users, of which, Facebook states, 70% use apps every month. The potential scale of the privacy breach thus becomes apparent.
Industry standards assert that advertisers should not collect identifiable information without user permission. Moreover, Facebook's own house rules strictly prohibit app developers from transferring data about its users to external internet-tracking companies. However, it appears that these principles have not been strictly adhered to.
The WSJ investigation discovered that many apps on Facebook were transmitting data capable of identifying users, including the most popular apps, such as FarmVille, Mafia Wars and Texas Hold'em. Every Facebook user is assigned a user identity ("UID") - a unique number identifying that particular user. It was these UIDs that the WSJ discovered were being transmitted.
All UIDs are readily searchable, so even users who have set their profiles to the strictest privacy settings may still be affected by this breach. While user names belonging to the collected data can be ascertained through UIDs, those with less stringent privacy settings may be further affected. All information set as "public" on a user's profile may be accessed and compiled with all other collected data and transmitted to internet-tracking companies.
There is a growing market for Internet user data, with many companies specialising in compiling databases and selling this information for commercial purposes, including, for example, targeted advertising. It may be unsettling for some to discover that their identity may have been revealed to these companies.
Admittedly, the WSJ study noted that it was unclear whether the app developers intended or even knew that their apps were transmitting identifiable user data - a sentiment also echoed by Facebook representatives. The apps used what is known as a "referer" (sic.), which forwards the address of the last page viewed by a user when they click on an Internet link. While this technology is commonplace, worryingly, on social networking sites, these referers can reveal a user's identity.
Some of the apps involved became unavailable over the weekend, with developers no doubt attempting to address this issue.
The findings of the WSJ amount to what is only the latest in a string of challenges faced by Facebook in recent years in relation to user privacy. However, Facebook note that this issue is more of a complicated technical challenge than most it has addressed to date, but one which they are nonetheless committed to addressing. In addition, the nature of this problem means that developers and Facebook will both have to work together to seek a solution to this issue, in which so many have a stake.
This breach is another example of the dichotomy that increasingly appears to exist between privacy rights and advancing technology - a strained relationship for which there is no "easy fix".
The Wall Street Journal's "What They Know" Series can be accessed here: http://blogs.wsj.com/wtk/