Facebook in yet another privacy leak furor

Mark Zuckerbeg (facebook.com)
By Richi Jennings. October 18, 2010.

I find it hard to believe that I'm typing these words. Zuckerberg's private-data-sucking social network has yet again been caught in a serious privacy faux-pas. Users' personal, identifiable information has been leaking to advertisers. But, amazingly, Facebook is actually unrepentant, blaming 3rd-party apps for violating its rules. In other words, it's failed to prevent 3rd-party apps from disclosing user identities. In IT Blogwatch, bloggers despair of Zuckerberg's commitment to user privacy.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention fractal father, RIP...

Emily Steel And Geoffrey A. Fowler cry "foul":

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. ... [It] renews questions about [Facebook's] ability to keep identifiable information ... secure. ... [Our] findings are the latest challenge for Facebook ... criticized in recent years for modifying its privacy rules to expose more of a user's information.


Three of the top 10 apps, including ... Zynga Game Network Inc.'s FarmVille ... have been transmitting personal information about a user's friends to outside companies. ... The information being transmitted is ... the unique "Facebook ID" number assigned to every user on the site. ... Anyone can use an ID number to look up a person's name ... even if that person has set all of his or her Facebook information to be private.

Sam Diaz sizes up the problem:

Farmville reportedly shared the names of users, as well as user’s friends ... [and] tens of millions of Facebook app users have been affected. ... Facebook needs to make sure that that platform is a safe place for the users. That means policing the platform.


It’s important to note that it was third-party apps, not Facebook itself, that were sharing the information ... app developers are prohibited from sharing user information ... even if the user agrees. ... [This] shows how Facebook has not been able to police that rule. ... It's an unfortunate setback for Facebook.

Astoundingly, Facebook's Mike Vernal offers no apology whatsoever:

Our policy is very clear ... developers cannot disclose user information. ... We take strong measures to enforce this policy, including suspending and disabling applications that violate it. ... In most cases, developers did not intend to pass ... the User ID (UID) ... but did so because of ... how browsers work.


Knowledge of a UID does not enable anyone to access private user information. ... Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented. ... We will have more details over the course of the next few days.

Alexia Tsotsis is not laughing:

These UID transferal issues were the primary reason Facebook took down apps run by the social gaming company LOLApps ... including its popular flagship “Critter Island.” Two days later ... all LOLApps games are ... back on the social site.


While Zynga heavy hitters like “Farmville” and “Texas Hold ‘Em” poker were also [identified] ... they did not experience similar service disruptions. LOLApps would not comment on whether it has actually corrected the issue.

Meanwhile, Max Read advises caution:

It's not just your apps, either—it's possible that your Facebook friends were sharing some of your information through the apps they were usin ... There's only one way to ensure protection against apps sharing your information: Turn them off entirely.


You can't actually stop your aunt from playing Farmville, unfortunately. But you can limit your exposure to your aunt's Farmville app.


And Finally...

A tribute to the late Dr. Benoît Mandelbrot, fractal father

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com.

You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon