11 Comments

Summary:

Some of the most popular Facebook apps — including games such as Zynga’s FarmVille, which has almost 60 million users — are transmitting information about users to third parties, including companies that are building profiles for sale to advertisers, according to a news report.

privacy

Updated: Some of the most popular Facebook apps — including games such as Zynga’s FarmVille, which has almost 60 million monthly users — have been routinely transmitting information about Facebook users to third parties, including companies such as RapLeaf that are building profiles for sale to advertisers and marketers, according to a report in the Wall Street Journal. Facebook told the newspaper that it’s planning to introduce new systems that will make it harder for apps to send user data to other companies, something that is a breach of Facebook’s terms of use.

The information some apps allegedly transmit is the Facebook ID number that is unique to each user. According to the Journal, this number gets transmitted by some apps even when the user in question has their account set to “private.” Although user IDs by themselves don’t contain any personal data, if a user has a public Facebook profile, their ID number can be used to pull up whatever information they have there — name, address, date of birth, etc. The Journal said its investigation showed RapLeaf had cross-referenced ID numbers with an existing database of Internet users it sells to advertisers, and had also sent the user ID info to other companies, although RapLeaf said this was inadvertent.

Earlier this year, Facebook came under fire because in some cases user ID numbers were transmitted via a user’s web browser. Most modern browsers send what is called “referrer” information to websites, telling those sites where the user came from, and in the case of someone who clicked an ad on Facebook, that referrer sometimes contained their user ID. In May, the company changed the way the site records user info in the address of each page, so that the user ID doesn’t get sent by the browser, but Facebook is being sued as a result of this earlier data issue.

Altering the way apps function to protect user IDs will take more work, Facebook said. “This is an even more complicated technical challenge,” a spokesman told the Journal, “but one that we are committed to addressing.” Although user IDs aren’t really a privacy issue — since they only reveal information that a user has already said he or she wants to make public — some users are likely to feel uncomfortable knowing that their public profile info might be harvested by companies for marketing purposes. (Companies who received the information from RapLeaf said they didn’t collect it or use it, according to the Journal).

The Journal report said that several of the top 10 Facebook apps, including FarmVille and Texas Hold ‘Em Poker, were sending user IDs to advertisers — sending it in some cases to as many as 25 separate advertising and data-collection firms — and some apps were also sending user data about a player’s friends to those same companies, both of which are a breach of Facebook’s terms of service. A report last week said that a maker of Facebook games called LOLapps has been shut down completely by the social network after it was discovered to be transmitting user information to advertising agencies and marketers (Update: LOLapps says all of its games have been restored to Facebook now.)

What kind of action Facebook will take in terms of sanctioning Zynga or other companies that have been transmitting this kind of information, or blocking their ability to do so in the future, remains to be seen. The social network has come under so much fire from consumer advocates and government representatives — both in the U.S. and internationally — for the way it handles privacy that it is undoubtedly hyper-sensitive to such criticisms now, even if the user ID data being transmitted doesn’t contain any private information. We’ve asked Facebook and Zynga for comment and will update this post if and when we get a response.

Update: In an emailed statement, a Facebook spokesman said that “while knowledge of user ID does not permit access to anyone’s private information on Facebook, we plan to introduce new technical systems that will dramatically limit the sharing of User IDs.” The statement also said that “it is important to note that there is no evidence that any personal information was misused or even collected as a result of this issue. In fact, all of the companies questioned about this issue said publicly that they did not use the user IDs or did not use them to obtain personal info.”

Facebook has also posted about the issue on the Facebook blog. And RapLeaf has a response on its corporate blog as well, discussing the transmission of user IDs (which it says it has stopped doing) and whether there is actually any privacy risk involved.

Related content from GigaOM Pro (sub req’d):

Post and thumbnail photos courtesy of Flickr user Alan Cleaver

You’re subscribed! If you like, you can update your settings

  1. Facebook Apps Leaking User Info to Third Parties | Application Servers Directory Sunday, October 17, 2010

    [...] Read this article: Facebook Apps Leaking User Info to Third Parties [...]

  2. When I received my first facebook invitation I was surprised to see that included the list of people I have email recently from my a google account. Obviously facebook got the list of my emails from there because there were no connection between the person who invited me to facebook and the list of “people you might know” with facebook accounts. Fishy to say the least.

    1. Indeed,

      though it has become standard practice on almost all social apps and services.

  3. I don’t think this is that surprising is it? Techcrunch flagged the dark side of the social games business back in 2009 (http://techcrunch.com/2009/10/26/social-games-how-the-big-three-make-millions/), Zynga and the like have got to keep growing revenues and will no doubt resort to ever more dubious methods to do so. FB is no better and it’s (IMHO) is one of the biggest holes in ‘FB at the social layer concept’ they are pushing towards.

  4. Off with their heads!

    Or just stay off such sites. If you cannot contact someone by normal e-mail, then maybe you shouldn’t be sending those self-portraits sans clothes!

    1. Indeed off with their heads… till this outrage fit ends and we move on to the next bit of outrage.

      No wonder we keep finding ourselves into this situation where we can’t keep services like FB in check and honest. I think the whole process is meant to confuse and confound people and non-techies don’t care till it is too late.

  5. Facebook Apps Send User Info — Should You Care?: Tech News « Monday, October 18, 2010

    [...] Street Journal reported that a number of the social network’s most popular apps and games have been sending “personal information” to third parties, including companies that compile data on users for sale to advertisers and marketers. In the [...]

  6. KPI Dashboards Monday, October 18, 2010

    Another day, another story about Facebook having no regard for user privacy rights. Wouldn’t be surprised to learn that all of my personal information has been sold off to eastern block countries.

  7. EU Could Turn Google, Facebook Into Privacy Felons: Tech News « Wednesday, October 20, 2010

    [...] Facebook — which is facing a potential government inquiry in the U.S. related to the transmission of personal details via some of the apps that run on the network — has also faced scrutiny from a number of EU states, including [...]

  8. Social Media and Privacy: Get Serious or Get Regulated: Tech News « Thursday, October 28, 2010

    [...] the second time this year, Facebook is at the center of a privacy controversy. Many popular apps on Facebook, including social games from Zynga, have been transmitting Facebook [...]

  9. Privacy: How to Avoid the “Third Rail” of Online Services: Tech News « Friday, October 29, 2010

    [...] Journal about sites like Facebook and MySpace sending “personally identifiable information” to third-party service providers. The crux of the issue uncovered by the reports was that some Facebook apps — including popular [...]

Comments have been disabled for this post