Your Facebook privacy questions answered

As you have no doubt read Facebook is in the middle of another privacy scare. According to an article by Emily Steel and Geoffrey Fowler in the Wall Street Journal Facebook and several app developers have released the private information for millions of Facebook users which are now available to online advertising agencies. The WSJ goes as far as saying that the ten most popular Facebook apps, including FarmVille and Texas Hold ’em, have leaked users’ information.

We won’t repeat the WSJ article, there are plenty of reports on it on Google news, but we will answer some of the most common questions Facebook users are asking.

First things first, was there a privacy leak?
Yes, this is not just scaremongering but some of the stories in the press have been exaggerated. Writing on the company blog Facebook admitted on Sunday that the personal information for many of its users was leaked. Facebook engineer Mike Vernal wrote, “Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated [Facebook’s privacy policy]. ”

What personal information was shared?
In his blog post Vernal says that no information was shared, he says that the press has exaggerated the risks of sharing User IDs and that such access does not give developers or advertisers access to personal information. While this is true the Journal points out that Facebook user ids can allow companies and individuals to view Facebook pages that people have specifically requested be removed from search engines.

This information could then be used by online advertising agencies to build profiles of millions of Facebook users.

How was the information released?
The security flaw used the common “referrer” online tracking state. When you click a link the address you used can be captured by web developers as your “referrer”. This system is common place and is used on almost every website that you visit online (including this one through Google Analytics) (Read our Privacy Policy here to see how we use this data). For example, your referrer to this page was;

Was this an organised scam?
No, the WSJ article did not go as far to say if this was a scam designed to access individuals’ information, the article says “It’s not clear if developers of many of the apps transmitting Facebook ID numbers even knew that their apps were doing so.” In all likelihood this security breach came about as a result of poor programming or ignorance rather than as part of some plan.

Was Facebook itself involved?
No, Facebook was not involved in the leak although Kevin Bankston, lawyer with the Electronic Frontier Foundation made the good point to the Canadian based Globe and Mail that “If The Wall Street Journal can catch these leaks, why didn’t Facebook?”

What is Facebook doing about this?
Facebook has suspended many of the apps that have released this information and is in the process of reviewing its security procedures with the others. Several members of the US Congress have written to Facebook to demand an explanation while data protection and privacy commissioners across the world are investigating the issue.

Was my personal information shared?
There is no way of knowing if your own personal information was shared with these ad agencies but as a precaution you should always review your Facebook security status.

Got more questions? Ask us in the comments or on twitter, @thesociable or Facebook, and we will try to answer them.