Windows 7: Report: Facebook caught sharing secret data with advert

The privacy issues that have been hounding Facebook may be coming to a head. A report in the Wall Street Journal indicates that the Facebook, along with MySpace, Digg, and a handful of other social-networking sites, have been sharing users' personal data with advertisers without users' knowledge or consent.

The data shared includes names, user IDs, and other information sufficient to enable ad companies such as the Google-owned DoubleClick to identify distinct user profiles. Some of the sites in question, including MySpace and Facebook, stopped sharing the data after the Journal asked them about it. The surreptitious data sharing was first noticed (PDF) by researchers from Worcester Polytechnic Institute and AT&T Labs in August 2009, who brought it up with the sites in question. It wasn't until WSJ contacted them that changes were made.

Not surprisingly, Facebook appears to have gone farther than the other sites when it comes to sharing data. When Facebook's users clicked on ads appearing on a profile page, the site would at times provide data such as the username behind the click, as well as the user whose profile page from which the click came. "If you are looking at your profile page and you click on an ad, you are telling that advertiser who you are," Harvard Business School professor Ben Edelman told the Journal. Advertisers contacted by the paper said that they were unaware of the additional data and did not make use of it.

Facebook has tweaked its privacy policy throughout its history, with the most recent moves to open up more user information to the public drawing heavy criticism and FTC complaints. Users have also had a tough time navigating the site's often-Byzantine privacy controls, which has led to a trickle of user defections. With these latest revelations about Facebook ignoring industry standards, not to mention its own privacy policies, that trickle may turn into a torrent.

If you thought people were overreacting to the privacy issues with Facebook, think again. No less an outfit than The Wall Street Journal is reporting that Facebook, MySpace, and others were caught releasing user data to advertisers.

Facebook was giving away enough info that advertisers could identify your individual account and see which ads you'd clicked on. The companies receiving this data included major ad networks like Google-owned DoubleClick and Yahoo!-owned Right Media.

I write this all in the past tense, because Facebook has agreed to stop leaking this data in the wake of the Journal's report. As for the data that's already leaked, DoubleClick and Right Media have both said they didn't know they could access the data in question, and hadn't been using it.

Part of the problem is that Facebook and MySpace don't do anything to obscure your name or ID number in your profile URL, so that information is passed through to advertisers when you click. Closing that loophole seems like a simple (and important) security fix.

see which ads you'd clicked on