Surprise! Your Facebook data is for sale

And not just to advertisers -- some app developers are selling Facebook's user info to data brokers. Where will it end?

Facebook's privacy problems are like a centipede with footwear issues. "Other" shoes keep dropping, and there seems to be no end of them.

Lately Facebook's problems have been fueled by Wall Street Journal reporters peeking under the sheets to see what kind of shenanigans Facebook has been up to. That's how we learned Facebook apps have been inadvertently sharing user identities with advertisers, and the personal profiles culled from Facebook data by companies like Rapleaf can get very specific -- including names, locations, politics, and religious beliefs.

[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or war tale from the trenches. Send your story to offtherecord@infoworld.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]

Imagine our surprise, then, when we turned to the InterWebs this morning and discovered that not only were Facebook apps sharing user identities (UIDs) inadvertently, but that some were also doing it advertently -- which is to say deliberately, on purpose, for money. Worse, app makers were selling user information to data brokers, which is a little like Charlie Sheen offering up his most intimate secrets to Perez Hilton. It won't stay in one place for long.

Once again, Facebook turned to blogger Mike Vernal to reveal the news. Vernal might be the most boring blogger on the planet; he's certainly one of the most obtuse, which is probably why they gave him the job. It takes him six paragraphs to get to the meat of the matter:

As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs. While we determined that no private user data was sold and confirmed that transfer of these UIDs did not give access to any private data, this violation of our policy is something we take seriously. As such, we are taking action against these developers by instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies. This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform.

We have also reached an agreement with Rapleaf, the data broker who came forward to work with us on this situation. Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.

OK, a handful of app developers sold user identities to data brokers -- not good, but not the end of the world. If data brokers really wanted to, they could cull these same IDs manually by trolling through Facebook and collecting them. (Of course it's a lot faster and easier to simply buy them.)

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies