Posted on October 19, 2010 by Kevin Murphy — Leave a Comment
The Wall Street Journal reported yesterday that Facebook was passing user IDs to application developers and providers, enabling them access to private data. Part of me wants to say no big deal — and this probably wouldn’t be a big deal if this data wasn’t being abused by some application providers and developers.
What the issue is:
When you use a Facebook application, Facebook passes a URL string to the application. That URL string includes a personal ID. Facebook IDs look something like http://www.facebook.com/profile.php?id=100001687909681. In the last few days, Facebook has taken steps to hide the IDs. What is happening is the applications are collecting referring URL data, a common practice in any digital marketing campaign. Whether or not these applications knew it or used it, the personal IDs were often included in these referring URL strings.
Most applications and companies providing applications ignore this information, but a few used it to mine Facebook profiles and sell data to other companies. At present, Facebook is making some changes to the structure of these URLs. But, as an application user, you should still be wary. Some tips:
- Consider what the value is of the application to you versus the risk.
- Know who the application developers or hosts are and know what their business is. If they are online advertising or data mining companies, they are probably collecting some form of data.
- Don’t log into every application you run across.
- Be cautious about the information you include in your Facebook profile. Even if you have a very private profile, your friends’ accounts could always get hacked.
If you’re a developer or provider of Facebook applications or use Facebook for identity management, you need to be transparent and careful how you use the system.
- Explain to the user why logging in to Facebook from your site provides value.
- Be transparent about what data is collected and how it is used.
- Just because a user agrees to allow you access to their information, doesn’t mean you should abuse it or transfer that agreement to a 3rd party.
Facebook’s privacy practices are not necessarily bad or out-of-line with the industry as a whole. But, as the most prominent network, it has a higher standard and needs to set the bar for all others. As users, we need to understand that there is risk. As marketers who use the Facebook platform, we must adhere to higher standards as well and respect the trust that both Facebook and its customers have placed in us.