Facebook battles another privacy firestorm
Report says Facebook apps are secretly transmitting personal user data to advertising and Web monitoring firms
Computerworld - Monday's news that Facebook finds itself in another privacy firestorm is the latest evidence for many users and industry watchers that Facebook isn't working hard enough to protect its users or their personal information.
The Wall Street Journal reported Monday that some of Facebook's most popular applications, such as FarmVille, Texas HoldEm Poker and FrontierVille, have been sending users' personal information to dozens of advertising and Internet monitoring companies.
The report, based on the Journal's own investigation, found that the issue affects tens of millions of users, even those who have set their privacy settings to the strictest levels.
The newspaper's investigation found that 10 of Facebook's most popular apps are leaking the unique "Facebook ID" numbers of users to the third-party companies. The ID numbers can be traced back to individual Facebook users.
The Journal also noted that the highly popular Farmville app, which has some 59 million users, also transmits information about the friends of affected users.
"This builds on an ongoing theme that Facebook can't be trusted, which could do the service serious damage over time," said Rob Enderle, principal analyst at Enderle Group. "We still haven't identified a service that people are likely to switch to, but every time [something like] this happens, the likelihood that one will emerge increases."
Facebook maintains that it takes user privacy very seriously.
"We are dedicated to protecting private user data while letting users enjoy rich experiences with their friends," wrote Mike Vernal, a Facebook engineer, in a blog post Monday.
"Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated [our] policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," Vernal said.
Vernal added that the media has "exaggerated" the implications of third parties' gaining access to Facebook user IDs. "We are talking with our key partners and the broader Web community about possible solutions," he said, adding that Facebook will provide more information this week.
Many users, though, were not placated.
"Nice. What a pile of crap!," wrote Oyaki Ahanaf, a Facebook user, in response to Vernal's blog post. "So we are expected to believe that these 'developers' had no idea whatsoever that UIDs were being passed to 3rd party advertisers???!!!"
User Aisha Khan wrote, "Each & every step that FB has taken has brought security & privacy back 2 steps." And user Josh Lowen responded to Vernal's blog by writing, "I don't believe you. I think you knew this was going on, and LET IT because you know that's how the companies are making money (and you need them to make money for you to make money.) Sheisters, the lot of you."
On Twitter, someone identified as "clarecoll" offered this comment: "It bothers me that if my FB friends play w/ Apps MY privacy is affected. I'm penalized for having stupid friends." And another Twitter user, BPalmTheGreat, submitted this tweet: "At what point do people get tired of all the facebook privacy violations?" And "ByteGeek" tweeted, "Facebook is exploiting your privacy again."
Dan Olds, an analyst at Gabriel Consulting Group, noted that Facebook has confronted one privacy issue after another this year. And the latest problem could cause more trouble for the social networking company than all the others, he added.
"An above-the-fold story in a major national newspaper with the headline 'Facebook in Privacy Breach' is a substantial blow," said Olds. "I've always thought that the real privacy weakness in Facebook, after they took care of setting up better controls, was related to third-party apps. I don't know if I'd call what happened a privacy breach, because a breach implies that there was some privacy mechanism that was somehow gotten around or penetrated. From what I can tell so far, these companies were just using all the information they had routine access to -- implying that FB never had mechanisms in place to limit the info that apps providers harvested.
Olds added that he's expecting a lot of people to dump many of their Facebook apps because of the latest privacy issue. But Enderle noted that those Facebook users addicted to finding virtual lost sheep and erecting barns on Farmville might not be compelled to leave despite the latest news.
As users mull their next steps, Facebook executives need to come up with a plan to deal with the site's latest problem, analysts said.
"Facebook has to take the responsibility for lax enforcement of its own guidelines," said Hadley Reynolds, an analyst at IDC. "Facebook now needs to make the protection of its users' information and that of their friends more than a matter of contractual ink between it and its partner network. It should re-engineer its APIs to force applications to tell individuals what information they will be collecting and explicitly request permission from individuals for that access."
Olds added that Facebook needs to come up with, and enforce, a stringent policy that requires app makers to disclose what information they're gathering and how they're using it. That disclosure also can't be in tiny print. It needs to be stated upfront and be easy to understand, he added.
"The whole incident is an example of why [CEO Steve] Jobs and Apple have taken a much more controlling approach to the apps that their partners create for the iPod, iPhone and iPad, and why that kind of control may be necessary not only to ensure quality but also to create an environment where users can trust the application providers to observe rigorous privacy protection standards," said Reynolds.
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, or subscribe to Sharon's RSS feed . Her e-mail address is email@example.com.
- Marketers are losing faith in Facebook
- Facebook may lure teen users back with virtual reality promise
- Facebook's Oculus VR buy is about more than gaming
- Facebook spends $2B on virtual reality firm, but analysts are skeptical
- Facebook launches redesign with a bit of the old, a bit of the new
- Facebook eyes solar-powered drone company
- Facebook coughs up $19B for WhatsApp's younger users
- Facebook buying WhatsApp for $16 billion
- Facebook's birthday present: A look back at your social life
- At 10, Facebook strives not to be your granny's social network
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Six Ways Your Small Business Can Save with Internet Phone Service Traditional phone systems present two main problems for businesses: limited features and high costs. As a result, small businesses are migrating to Internet...
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Web Apps White Papers | Webcasts