Facebook tackles latest privacy slip with encryption

However, some wonder whether encrypting user IDs is enough for Facebook to save face among privacy advocates and users

Facebook yesterday said it will use encryption to deal with its latest privacy problem, but the question remains as to whether that move is enough for the social network to save face.

Earlier this week, the Wall Street Journal reported that some of Facebook's most popular applications, including FarmVille and FrontierVille, have been sending users' personal information to dozens of advertising and Internet monitoring companies. The Wall Street Journal, which broke the story, noted that the issue affects tens of millions of users, even those who have set their privacy settings to the strictest levels.

It was just the latest privacy firestorm to hit Facebook, which has been besieged by such problems over in the last several months.

And now Facebook said it plans to solve the latest problem by encrypting the user IDs that are being transmitted to third-party Web sites.

"Over the past few days, we have been investigating a technical solution to the issue of sharing Facebook User IDs (UIDs)," said Mike Vernal, a Facebook engineer, in a blog post yesterday. "To address this inadvertent sharing of UIDs, we plan to start encrypting the parameters that we pass to iframe-based applications."

It would be great if Facebook took steps to keep user information from being transmitted off Facebook's site, but encryption is better than no solution at all, said Ezra Gottheil, an analyst with Technology Business Research.

"Yes, they should stop the transmission, but they won't. They will continue to meet specific objections and fix specific problems, but the company is built on selling user information," said Gottheil. "Most [users] don't want to get down in the weeds on this stuff. They hear 'problem,' they pay some attention. They hear 'encryption,' they go back to what they were doing."

Zeus Kerravala, an analyst with the Yankee Group, questions why Facebook didn't encrypt user IDs long ago.

"The thing you have to ask yourself is why Facebook didn't do this up front," he added. "Security isn't really in the DNA of social networking today. Why did it have to take an embarrassing situation to have them do something basic like encrypt user IDs?"

Gottheil, though, did note that Facebook could gain a little traction because they tackled the latest problem so quickly. "The company has apparently learned to respond quickly to privacy concerns," he said. "When done quickly, it actually enhances their reputation, at least the first few times."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, or subscribe to Sharon's RSS feed . Her e-mail address is sgaudin@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon