Blog Post

Facebook Apps Send User Info — Should You Care?

Facebook has been caught in another privacy-related dust-up, after the Wall Street Journal (s nws) reported that a number of the social network’s most popular apps and games have been sending “personal information” to third parties, including companies that compile data on users for sale to advertisers and marketers. In the context of Facebook’s ongoing issues with privacy, it seems like a fairly major problem, and the tone of the WSJ piece suggests it’s a major breach of privacy by the social network — but is it really?

The information that the Journal is referring to in its report is the user ID that each member of Facebook gets when they join. According to the newspaper, all of the top 10 apps on the social network — including FarmVille and other popular games — were transmitting user IDs of Facebook members to advertising networks and other third parties, and in some cases, those apps were sending the ID numbers of a user’s friends as well. (The ad networks and other companies who received this information told the Journal they didn’t collect or make use of these numbers, or any user profile info related to them.)

So ad networks and other companies may have been getting your user ID. Should you care? As Facebook has pointed out in statements to the media and in a blog post on its developer blog, the user ID does not contain any private information, and even if someone plugged that ID into Facebook, all they would get is whatever public information you include in your Facebook profile (you can use the social network’s privacy settings to control what information — if any — gets sent by the apps that you use). In most cases, that’s your name and possibly your date of birth and where you live, as well as a list of your friends.

[inline-pro-content] It’s easy enough to find the ID of a Facebook user, because Facebook provides it to developers through its open graph protocol; just go to and replace “user-id” with someone’s Facebook user name. There are also a number of tools that will show you exactly what information the social network is sharing about you, including one that gives you an overall “privacy score”. Even before the latest Journal report, Facebook had already taken steps to reduce the likelihood that a user’s ID number would be passed on via their browser (although it still faces a lawsuit as a result of this issue).

The reality is that passing on user ID numbers and even public profile information isn’t really a “privacy breach,” because the only data that advertisers or anyone else can get through this process is information that users have chosen to make public already. As some Facebook defenders such as new-media guru Jeff Jarvis have noted, many companies — including media outlets such as the Wall Street Journal — sell information about their subscribers to a variety of third parties, who, in turn, sell it to marketing firms and advertising agencies. Is it fair to hold Facebook accountable for the behavior of third parties when we don’t hold others accountable in the same way? Some would argue it’s not.

After all the negative attention Facebook has gotten over the past year from advocacy groups and governments because of changes to its privacy settings, it’s not surprising that the company — and its critics — would be sensitive to any suggestion that personal information was being misused. But maybe we should save our outrage for cases that involve real breaches of privacy, rather than seeing potential scandals in every dark corner.

Related content from GigaOM Pro (sub req’d):

Post and thumbnail photos courtesy of Flickr user Andrew Bardwell

9 Responses to “Facebook Apps Send User Info — Should You Care?”

  1. Its not quite true that nothing was leaked. User IDs are useless by themselves (and already available by other means) but up until now it’s been impossible to obtain user IDs in the context of another site’s tracking cookies. Any one of the firms that obtained information from RapLeaf could have used it to match up anonymous tracking cookies with real names.

    I wrote an explanation of the problem on my blog at
    Feel free to read and let me know if I missed something

  2. This is the problem with centralized organizations that produce TOS that are basically, one sided agreements.

    This exchange, is really NEVER in the interests of users, only owners/ investors. After all, without this voluntary exchange, FB is nothing.

    In the hunt for large returns, FB has succumbed to the issue that will force its future demise-being an (enterprise-serving) social platform.

  3. I’m with Mitch here as well. It’s really surprising to hear so many people underplaying what’s going on here. Here’s how I look at it:

    – dotRights, EFF and others have previously criticized Facebook for not allowing people to keep information like name and friendslists private.

    – Users’ names and friends lists with advertisers and companies like Rapleaf without their knowledge. How to square this with Facebook’s repeated claims that they don’t share your personal information with advertisers?

    – all of the top 10 apps on Facebook have been violating their policies on this issue. Facebook’s response: “you shouldn’t do that”. in other words, there’s no enforcement of their policies and no consequences


  4. You can take this information from a user using an app parlay it into knowing more about the person if you bring it up in the browser. To me, that is wrong!

    There is a reason why this info was sent to advertisers to begin with. They are making money from the data somehow.

    • Agreed Mitch.

      What Facebook could do is actually be more clear about what is does with data and why it does what it does. Otherwise this whole thing is also going to a “hairball” which will keep coming up in one form or the other.

      Frankly, upon reading the WSJ article, it was clear that services such as Rapleap are more dangerous and dirty than Facebook or one of the larger social media nets.

      Rapleaf to me looks like a credit bureau without any checks and balances. That is the real story and WSJ misses it, because Facebook makes better headline.

      • I agree with you. Considering the number of websites that require users to register with real names, firm like RapLeaf can obtain this information anyway.

        Do you know if any of the major advertising networks match up cookies to real names?