Privacy on Facebook is once again a hot topic as FarmVille and many other popular games and apps have been caught sending identifying user information to online advertisers and trackers.
The Wall Street Journal says that "tens of millions" of Facebook users have been affected by the breach, in which applications transmit user ID numbers to outside companies. It's not known how long this has been happening but a Facebook rep said on Sunday that the company is now working to plug the holes.
Calling it an "even more complicated technical challenge" than the one addressed by the company last spring, he said, "Our technical systems have always been complemented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information." He also noted that having access to user IDs "does not permit access to anyone's private information on Facebook."
But each unique user ID is a publicly available part of every Facebook profile, so having the number provides access to a name at the very least; what other information is available depends on the individual's privacy settings. The numbers were being sent to at least 25 advertising and data collection firms, at least one of which, RapLeaf, was attaching the information to its own database, which it offers for sale. RapLeaf said it strips names out of the cookies it creates and shares for targeted ads, but it also transmits the user IDs it collects to a dozen other companies, giving them the ability to collect Facebook user names and other associated data.
Facebook claimed on its developer blog that most of the applications involved in the breach were transmitting information unintentionally "because of the technical details of how browsers work," and said that "press reports have exaggerated the implications of sharing a UID." Nonetheless, it suspended several apps over the weekend for violating privacy policies, although curiously (or perhaps not), FarmVille, with an estimated 59 million users, was left alone despite sending information about those users and their friends to other companies.
"Zynga has a strict policy of not passing personally identifiable information to any third parties," a Zynga rep said. "We look forward to working with Facebook to refine how web technologies work to keep people in control of their information."