The latest Facebook privacy fiasco shows that the world's largest online social hub is having a hard time putting this thorny issue behind it, even as it continues to attract users.
The Wall Street Journal reported that several popular Facebook applications had been transmitting users' personal information to dozens of advertising and internet tracking companies.
Facebook said it was working to fix the problem and was quick to point out that the leaks were not intentional but a consequence of basic web mechanisms.
"In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," said Mike Vernal, a Facebook engineer.
In a statement, Facebook said there was "no evidence that any personal information was misused or even collected as a result of this issue".
Even so, some privacy advocates said it was problematic that the information was leaked at all, regardless of what happened to it. Facebook needs its users to trust it with their data because if they don't, they won't use the site to share as much as they do now.
"Facebook has been assuring users for a very long time that their personal information will not be available to advertisers," said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Centre.
At issue are user IDs, the unique identifier tied to every person on Facebook. These IDs can be used to find users' names, gender and any information they've made visible to "everyone" on the internet through their privacy settings.
"It's their entire friends' lists, their likes, their biographical information," Rotenberg said. "Facebook gets access to it and now it's leaking out to advertisers."
The Journal said these IDs could be included in the "referrers" that websites sent to other sites to tell them where the user came from. Normally, these wouldn't tell the sites who these users were. But that becomes possible when the referrers include a person's network ID.
In one case, these IDs were then embedded in a "cookie", which tracks users as they navigate the web, by an online data collection company, the Journal said. That meant that Facebook users' names and browsing habits could be linked.
The company, RapLeaf, said this did not happen intentionally and it has since fixed the problem.
"As of last week, no Facebook IDs are being transmitted to ad networks in conjunction with the use of any Rapleaf service," the company said Monday.
More than 500 million Facebook users share varying amounts of private information online, and over the years the company has come under fire from privacy advocates for pushing people to reveal more about themselves to everyone on the internet.
At the same time, the company also allows users to set up privacy settings for nearly everything they share on the site.
There are some exceptions, though. Users' names, profile photo and gender - if they specify it - are always public. For other details, Facebook gives users controls so that they can hide friends lists, photos, work information and email addresses.
Facebook said the knowledge of a user's ID did not give anyone access to that user's private information. But that wasn't the problem, said Peter Eckersley, senior staff technologist for the digital rights group Electronic Frontier Foundation.
"The problem is that ad companies can know who you are at all," he said.
Eckersley said the "referrer" problem isn't new, nor is it necessarily limited to Facebook. The Journal did not mention other social networks such as MySpace, which is owned by News Corp, as is the Journal.
"We urgently need investigations to determine how many other social networks may be suffering from this type of data leak," he said.
Some, such as media critic Jeff Jarvis, have called the Journal report an overreaction since the user information was already available publicly.
"The White Pages reveal I use the phone. So?" Jarvis wrote on Twitter.
Facebook dogged by data leaks
AdvertisementAdvertise with NZME.