Facebook: The privacy saga continuesYet again, the spotlight is on Facebook. While the famed social networking site has garnered attention in the past for pushing the privacy envelope, this time, Facebook is on the defensive after revelation that some of its third-party software applications, or “apps,” leaked personally identifiable information about millions of its users.

Last week, the Wall Street Journal broke the news after discovering that Facebook’s most popular apps had been leaking the names of users, and sometimes their friends, to advertisers and Internet tracking companies. While Facebook’s Privacy Policy requires apps to agree to terms that restrict their use of Facebook users’ data, the results of the investigation underscore the disclaimer in Facebook’s policy that says, “We do not guarantee that they [third party applications] will follow our rules.” In this case, the Wall Street Journal found that apps were inadvertently releasing Facebook User IDs (UIDs) to outside companies, which could potentially profit from use of the information connected to these UIDs.

Depending on a user’s privacy settings, UIDs could reveal the age, occupation, and photos posted on the user’s profile. Privacy settings are a critical means by which Facebook users can control how they share information with other users, third party websites, and the public. Thus, this newest leak raises serious questions about Facebook’s ability to honor its principles, including users’ ownership and control of information, while growing at the meteoric pace that has marked the site from its inception.

Fallout from the Wall Street Journal story includes federal lawsuits against Facebook in Rhode Island and California, as well as Congressional inquiries from members of the House Bipartisan Privacy Caucus to Facebook’s larger-than-life CEO, Mark Zuckerberg.

Facebook quickly responded to news of the leak through its Developer Blog, announcing its intent to find a uniform solution to the “underlying technical issue of inadvertent sharing.” While acknowledging that certain apps had indeed breached its Privacy Policy, Facebook’s blog post sought to minimize the implications of the disclosure. The company explained that the breach derived from how certain applications interact with the Facebook platform. Specifically, once a user authorizes these applications, the URL of the application could reveal the UID of the user through the HTTP Referrer header. To address the issue, Facebook will begin encrypting the parameters of its platform to prevent application URLs from inadvertently revealing the UIDs of users to third-party advertisers and other outside entities. Facebook also stated that it plans to work with the broader Web community to solve the Internet-wide problem of HTTP header sharing. Given Facebook’s worldwide influence, this intent is promising news for all Internet users.

While Facebook is working on the technical solution to the inadvertent leak of UIDs, it invites users and the developer community to share feedback about its encryption proposal. Additionally, the site will offer users a means to stay informed about contemplated changes to its Privacy Policy and other governance documents through its Facebook Site Governance page. Becoming a “fan” of this page automatically notifies users of proposed changes to the site and enables users to comment on these proposals. Given the tension between users’ desire for privacy controls and Facebook’s purpose as an information-sharing forum, at least users can have some say in how the site inevitably evolves.

– Kathryn Brown

Image Source

Comments are closed.