The privacy rules on Facebook aren?t as tight as they would have users believe. The Wall street Journal revealed that some of it?s most popular apps siphon off personal information internet tracking out fits and ad firms.
According to WSJ, 25 companies have received identifiable details about users from their Facebook apps. Which effectively breaks the terms laid down by the site. The breach affects a huge number of Facebook app users. Even those with the most rigorous privacy setting on their profiles have had their details exposed. The 10 most popular apps, such as Texas HoldEm Poker and Farmville, have been transmitting users? IDs to external firms. Farmville was also found to be transmitting the personal details of users? friends.
Facebook, said to have around 500 million users, told WSJ that new tech was being brought in to deal the breach. RapLeaf Inc, was found to have linked the IDs it had taken from Facebook to it?s own database if internet users, that it then sells on to other companies. The company insisted that this wasn?t an intentional action. Joel Jewitt, the company?s biz development veep, told WSJ, ?We didn?t do it on purpose.?
Facebook have released the Following statement:
As part of our work to provide people with control over their information, we’ve learned that the design and operation of the Internet doesn’t always provide the greatest control that is technically possible.
"For example, in the Spring, it was brought to our attention that Facebook user IDs may be inadvertently included in the URL referrer sent to advertisers.
Here, WSJ has uncovered the same issue on Facebook Platform, where a Facebook user ID may be inadvertently shared by a user’s internet browser or by an application delivering content to a user.
While knowledge of user ID does not permit access to anyone’s private information on Facebook, we plan to introduce new technical systems that will dramatically limit the sharing of User ID’s [sic].
This is an even more complicated technical challenge than the similar issue we successfully addressed last spring, but one that we are committed to addressing. Our technical systems have always been complemented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information.
It is important to note that there is no evidence that any personal information was misused or even collected as a result of this issue. In fact, all of the companies questioned about this issue said publicly that they did not use the user IDs or did not use them to obtain personal info.
It makes you wonder if Facebook new about this breach all along, but just hadn?t bothered to fix it yet. It?s also of note that Facebook has tried to distance itself from the implication that the data could have been used by the companies that received the data. A separate statement was issues to it?s third-party developers. It partly wags the finger at them, but also asserts that the press have exaggerated things.
The end result is that the company is trying to down play the breach, but has kind of contradicted this by admitting that it needs to fix its technology to prevent a similar thing from happening in the future.