Privacy, Security, Facebook Apps

Like to play Facebook games? Glad I never indulged. Oops… what about those Causes?

I’m sure you’ll find this article …. quite revealing.

Amplify’d from

Why Facebook Apps Story Is Problem For Entire Web

October 19, 2010

Over the weekend, the Wall Street Journal, in its continuing series of excellent articles about online privacy, released a controversial story about Facebook apps transmitting identification information to outside advertisers — in clear violation of Facebook policies.  In response, a number of other media outfits have collectively shrugged their shoulders, maintaining that sending this information happens all the time and no one should be particularly concerned.  Did the Journal overreact?  Or are others missing the point?

The Journal reported that all of the top ten apps on Facebook (e.g., Farmville, Causes, Mafia Wars, etc.) were inadvertently sending along a user’s Facebook ID to the advertising partners that delivered ads while users interacted with the apps
The allegation here is not that the apps were sending along private info from your Facebook profile.  It’s that those apps’ advertisers could easily query Facebook for your real name identity based on the Facebook ID. 
linked to a unique cookie named “G5reR64ewge32” or the like.  Heretofore, linking those “anonymous” (really pseudonymous) profiles to real name identity has been a Rubicon that the advertising industry has been reluctant to cross.
last May, it was shown that Facebook had been inadvertently sending out real name IDs in referring urls to its own advertisers; Facebook quickly fixed the problem then, but should have considered whether there were other opportunities for identifying urls to leak off the site.

We hope that Facebook and its apps developers work quickly to stem this latest leak of identifying info.  As some bloggers have posited, it could be as easy as sticking a solitary character into referring urls.

Referring urls may be normal, but they do not have to include IDs that can be linked to other identifying information.
Alternatively (or better yet, in addition), browsers could be configured to stop sending along referring IDs with every HTTP request.  (CDT will be issuing a report next month comparing the various browser’s privacy controls, including controls over blocking transmission of referring urls.)  For years, the browser makers have had the ability to fix this issue (and similar ones) across the entire web, not just Facebook, and the time is long overdue for strong default privacy settings to be built directly into every browser.Read more at