Skip to main content

Report: Facebook Apps Breaching User Privacy

The Wall Street Journal is reporting that many Facebook applications are sharing users’ personal information in violation of the company’s privacy policy. According to Facebook’s terms of service, apps cannot transmit users’ personal IDs, the unique strings numbers assigned to every user, with which a simple Google search can determine the identity even of someone with the strictest privacy settings.

But many of Facebook’s 550,000 apps, including all ten of the top ten apps, are doing this anyway, covertly giving access to “people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies.”


The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photos.

The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

The applications transmitting Facebook IDs may have breached their own privacy policies, as well as industry standards, which say sites shouldn’t share and advertisers shouldn’t collect personally identifiable information without users’ permission. Zynga, for example, says in its privacy policy that it “does not provide any Personally Identifiable Information to third-party advertising companies.”

Facebook has said that it is looking into the matter and plans to “dramatically limit” the unauthorized transmission of users’ personal information.

Meanwhile, Yahoo is going to roll out a Facebook Connect rival called Y Connect in an attempt to drive traffic to Yahoo and log user activity.

Update: Many people hate this WSJ article and think it is dumb.

(WSJ via Search Engine Land)

Have a tip we should know? [email protected]

Filed Under:

Follow The Mary Sue: