Facebook Admits Unintended Privacy Breach

Facebook has confirmed that user details have been revealed to advertisers inappropriately. Unlike many previous privacy disputes on the site, this appears to be a genuine error.

The issue involves applications, the add-on games and tools that run on the site but are controlled by third-party companies. The most popular examples include games such as FarmVille and Mafia Wars.

Generally, when users install such an application, they grant specific permissions for the app's creators to access their accounts in some fashion; for example to automatically post on the user's page when they achieve a high score in a game.

Most Popular Facebook Apps Passing On Data

Facebook's rules specifically ban app companies from passing on any user data to other organizations, even with the user's permission. But the Wall Street Journal says many companies are doing so, including the makers of all ten of the most popular Facebook apps. (Source: wsj.com)

The data that's being passed on is the unique Facebook user ID. Although that's simply a number identifying the individual user, the way Facebook works means that even if a user has set their profile to private (accessible only to confirmed friends), the ID is enough to discover somebody's name.

While that's not necessarily a major concern (other than as a point of principle), with people who have publicly available details on their Facebook profile, it's a comparatively easy task to take the user ID and automatically gather information about age, gender, interests and other details that are extremely useful for advertisers trying to narrow down a specific audience.

Leaking Unintentional, says Report

The Journal says that the apps it looked at were sharing user IDs with at least 25 different advertising and data gathering companies in total. None of the app developers it questioned admitted to sharing such details deliberately.

One possible explanation is that there's a flaw in the system used to co-ordinate Facebook profiles and apps, either through a technical mistake or by a designer simply not realizing the user IDs being shared could become a contentious issue.

Facebook's Mike Vernal says the problem is related to "the technical details of how browsers work." He noted that "knowledge of a [Facebook ID] does not enable anyone to access private user information without explicit user consent." (Source: facebook.com)

Facebook previously changed its own system after complaints that companies advertising on Facebook were able to see the user IDs of people who clicked on the ads.