Facebook’s new privacy breach

Many
of the most popular applications, or “apps,” on the social-networking
site Facebook Inc. have been transmitting identifying information—in effect,
providing access to people’s names and, in some cases, their friends’ names—to
dozens of advertising and Internet tracking companies, a Wall Street Journal
investigation has found.

The
issue affects tens of millions of Facebook app users, including people who set
their profiles to Facebook’s strictest privacy settings. The practice breaks
Facebook’s rules, and renews questions about its ability to keep identifiable
information about its users’ activities secure.

The
problem has ties to the growing field of companies that build detailed
databases on people in order to track them online—a practice the Journal has
been examining in its What They Know series. It’s unclear how long the breach
was in place.

A
Facebook spokesman said it is taking steps to “dramatically limit”
the exposure of users’ personal information.

“A
Facebook user ID may be inadvertently shared by a user’s Internet browser or by
an application,” the spokesman said. Knowledge of an ID “does not
permit access to anyone’s private information on Facebook,” he said, adding
that the company would introduce new technology to contain the problem
identified by the Journal.

“Our
technical systems have always been complemented by strong policy enforcement,
and we will continue to rely on both to keep people in control of their
information,” the Facebook official said.

The
apps, ranked by research company Inside Network Inc. (based on monthly users),
include Zynga Game Network Inc.’s FarmVille, with 59 million users, and Texas
HoldEm Poker and FrontierVille. Three of the top 10 apps, including FarmVille,
also have been transmitting personal information about a user’s friends to
outside companies.

Most apps aren’t made by Facebook, but by independent
software developers. Several apps became unavailable to Facebook users after
the Journal informed Facebook that the apps were transmitting personal
information; the specific reason for their unavailability remains unclear.

Comments are closed.