Facebook Confirms Privacy Issue With Some Appplications
Facebook on Monday confirmed that it is looking into how third-party applications treat its users' information after the revelation that some applications and games were sending that data to advertisers.
A Wall Street Journal investigation found that the ten most popular apps were sending user identification numbers to advertising companies. Specifically, the newspaper accused such games as FarmVille and Texas Hold 'Em Poker of sharing with advertisers a string of numbers and letters used to identify users, making it possible for advertisers to glean quite a bit about the users in combination with the other information they collect on them.
Facebook specifically prohibits applications makers from transferring data about users to outside advertising and data companies, even if a user agrees. Facebook's engineer Mike Vernal wrote at the company's blog:
"Our policy is very clear about protecting user data, ensuring that no one can access private user information without explicit user consent. Further, developers cannot disclose user information to ad networks and data brokers. We take strong measures to enforce this policy, including suspending and disabling applications that violate it," he wrote.
"Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," he added.
Vernal claims that press reports have exaggerated the implications of sharing a UID. "Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy," he said.
He added that Facebook has experience addressing this sort of issue, although this time the technical challenges are greater. Facebook is currently talking with its key partners and the broader Web community about possible solutions and will have more details over the course of the next few days.
Facebook specifically prohibits applications makers from transferring data about users to outside advertising and data companies, even if a user agrees. Facebook's engineer Mike Vernal wrote at the company's blog:
"Our policy is very clear about protecting user data, ensuring that no one can access private user information without explicit user consent. Further, developers cannot disclose user information to ad networks and data brokers. We take strong measures to enforce this policy, including suspending and disabling applications that violate it," he wrote.
"Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," he added.
Vernal claims that press reports have exaggerated the implications of sharing a UID. "Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy," he said.
He added that Facebook has experience addressing this sort of issue, although this time the technical challenges are greater. Facebook is currently talking with its key partners and the broader Web community about possible solutions and will have more details over the course of the next few days.