By Richi Jennings
. October 18, 2010. I find it hard to believe that I'm typing these words. Zuckerberg's private-data-sucking social network has yet again been caught in a serious privacy faux-pas. Users' personal, identifiable information has been leaking to advertisers. But, amazingly, Facebook is actually unrepentant, blaming 3rd-party apps for violating its rules. In other words, it's failed to prevent 3rd-party apps from disclosing user identities. In IT Blogwatch, bloggers despair of Zuckerberg's commitment to user privacy.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention fractal father, RIP... Emily Steel And Geoffrey A. Fowler cry "foul":
The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. ... [It] renews questions about [Facebook's] ability to keep identifiable information ... secure. ... [Our] findings are the latest challenge for Facebook ... criticized in recent years for modifying its privacy rules to expose more of a user's information. Sam Diaz sizes up the problem:
Three of the top 10 apps, including ... Zynga Game Network Inc.'s FarmVille ... have been transmitting personal information about a user's friends to outside companies. ... The information being transmitted is ... the unique "Facebook ID" number assigned to every user on the site. ... Anyone can use an ID number to look up a person's name ... even if that person has set all of his or her Facebook information to be private.
Farmville reportedly shared the names of users, as well as users friends ... [and] tens of millions of Facebook app users have been affected. ... Facebook needs to make sure that that platform is a safe place for the users. That means policing the platform. Astoundingly, Facebook's Mike Vernal offers no apology whatsoever:
Its important to note that it was third-party apps, not Facebook itself, that were sharing the information ... app developers are prohibited from sharing user information ... even if the user agrees. ... [This] shows how Facebook has not been able to police that rule. ... It's an unfortunate setback for Facebook.
Our policy is very clear ... developers cannot disclose user information. ... We take strong measures to enforce this policy, including suspending and disabling applications that violate it. ... In most cases, developers did not intend to pass ... the User ID (UID) ... but did so because of ... how browsers work. Alexia Tsotsis is not laughing:
Knowledge of a UID does not enable anyone to access private user information. ... Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented. ... We will have more details over the course of the next few days.
These UID transferal issues were the primary reason Facebook took down apps run by the social gaming company LOLApps ... including its popular flagship Critter Island. Two days later ... all LOLApps games are ... back on the social site. Meanwhile, Max Read advises caution:
While Zynga heavy hitters like Farmville and Texas Hold Em poker were also [identified] ... they did not experience similar service disruptions. LOLApps would not comment on whether it has actually corrected the issue.
It's not just your apps, eitherit's possible that your Facebook friends were sharing some of your information through the apps they were usin ... There's only one way to ensure protection against apps sharing your information: Turn them off entirely. And Finally...A tribute to the late Dr. Benoît Mandelbrot, fractal father
You can't actually stop your aunt from playing Farmville, unfortunately. But you can limit your exposure to your aunt's Farmville app.
Don't miss out on IT Blogwatch:
You can also read Richi's full profile and disclosure of his industry affiliations.
| || ||Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: email@example.com. |