Rapleaf says it has fixed privacy issue with Facebook

The data mining company says it no longer passes a unique identifier back to online advertising networks

A company that compiles profiles of Internet users for targeted advertising said it is no longer passing user identifiers used by Facebook and MySpace to advertising networks due to privacy concerns.

Rapleaf, a company based in San Francisco, acknowledged the issue, which was highlighted in a recent Wall Street Journal series of stories concerning data collection and online privacy.

[ For more on the activities of data mining companies like Rapleaf, read Robert X. Cringely's "Online advertisers are selling you out." | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. ]

"We realize that even with the best of intentions, we sometimes make mistakes, especially in an industry with technology advances moving so quickly," wrote Rapleaf CEO Auren Hoffman in a blog post on Sunday. "The aggregation of data has big potential upsides and downsides. The bar for data aggregation companies like Rapleaf is very high."

Facebook, MySpace and other online services employ user identifiers, which can appear as a number in the URL of a person's profile. The Wall Street Journal found that many popular Facebook applications such as Farmville were transmitting those user identifiers back to advertisers.

That happened because the applications were looking at the referrer URL, a Web standard that lets a Web site know where a person was previously browsing. Referrers are useful for a variety of reasons, including letting website owners know how people found their site.

But passing referrer URLs on to advertisers is considered risky for privacy. Rapleaf's Hoffman wrote that his company had transmitted the referrers for Facebook and MySpace to "to ad networks in a small minority of cases."

"While dozens of companies made the same mistake Rapleaf did, we were the first company to fix it," Hoffman wrote.

Rapleaf is a data aggregation company that scans the Web for e-mail addresses and links that with publicly available information, including census data, voter registration records and social networking profiles. It creates profile for people, then takes steps to make those profiles anonymous.

Rapleaf then partners with websites to use its system. When people log in to a website that uses Rapleaf, their e-mail addresses are looked up in the Rapleaf database to see if a profile exists. A cookie -- or a small file containing information about a person's interests -- is placed on their browser. That cookie is then examined by advertising networks in order to serve ads based on those interests.

Rapleaf maintains there is no personally identifiable information and nothing stored about a user's browsing behavior.

Copyright © 2010 IDG Communications, Inc.