Facebook And Advertisers.
The Register has a slightly worrying story:
The dominant social network tells users it won’t share their details without consent, but according to the Wall Street Journal, it has handed over information that advertisers can use to look up individual profiles.
MySpace had a similar loophole, it’s reported. Both sites said they were making changes to stop the handover.
Advertisers were getting reports whenever users clicked on their ads, as is typical across the web. However, Facebook and MySpace’s reports contained the URL of the user’s profile page, which often included their real name or user name. Neither site had bothered to obscure the data, in breach of their own privacy policies.”
This is the WSJ piece:
“Across the Web, it’s common for advertisers to receive the address of the page from which a user clicked on an ad. Usually, they receive nothing more about the user than an unintelligible string of letters and numbers that can’t be traced back to an individual. With social networking sites, however, those addresses typically include user names that could direct advertisers back to a profile page full of personal information. In some cases, user names are people’s real names.
Most social networks haven’t bothered to obscure user names or ID numbers from their Web addresses, said Craig Wills, a professor of computer science at Worcester Polytechnic Institute, who has studied the issue.
The sites may have been breaching their own privacy policies as well as industry standards, which say sites shouldn’t share and advertisers shouldn’t collect personally identifiable information without users’ permission. Those policies have been put forward by advertising and Internet companies in arguments against the need for government regulation.”