The latest in the Wall Street Journal’s series on online privacy targets Facebook and Facebook app makers like Zynga.Until now, the WSJ series has mostly been hysterical screaming about things most people know and don’t care about. At first glance, however, these latest findings sound more serious.
According to the WSJ, Facebook apps are freely handing out users’ private info to advertisers, including names–even for Facebook accounts that are set to be fully private:
Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.
The issue affects tens of millions of Facebook app users, including people who set their profiles to be completely private. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.
The WSJ’s Emily Steel and Geoffrey Fowler go on to finger Zynga as a prime offender, with games like FarmVille, Texas Holdem, and FrontierVille handing out info to advertisers.
The info being shared is each users’ “Facebook ID,” which can be used to determine the person’s name (in every case) and any information they have shared with other users (when the account isn’t fully private). The apps the WSJ tracked shared this information with at least 25 third-party advertising and data companies. At least one of these companies, Rapleaf, then matched this data with data in its own database and sold it.
Since the WSJ notified Facebook of the results of its investigation, Facebook has shut down some of the smaller apps that were passing on user IDs (but not Zynga). An unidentified Facebook spokesperson also says Facebook is trying to figure out ways to make sure this doesn’t keep happening.
Zynga, for its part, appears to be suggesting that the sharing of info was inadvertent: “A Zynga spokeswoman said, ‘Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information.'”
If you don’t have a WSJ subscription, click on the first term in this Google search >
UPDATE: Some observers, including Jeff Jarvis, immediately ridiculed these findings, saying that the Wall Street Journal was just once again “declaring war on the Internet” by describing common online practices that are no different than what goes on in the offline world. And that may be the case. But these latest findings, we suspect, will still freak people out. And Facebook’s reaction, at least, wasn’t “Oh, relax, everyone does this,” but that it would try to figure out how to stop it.
(Jeff also asked whether we thought this was a “conspiracy” between Facebook, Zynga, et al, or just an “error.” We definitely don’t think it’s a conspiracy. We don’t even really think it is an “error.” We suspect it’s just the WSJ shining a light on something that has been happening under the radar without anyone paying attention to it. We suspect that some people will now begin paying attention to it, which could lead to some changes.)