Overnight, the Wall Street Journal reported what sounds like yet another breach of privacy at Facebook. The Journal cited MySpace as an offender, too.
What you need to know is that while the leaked info has indeed been leaked, no one has been found to have put it to use. Facebook has already fixed its offending code, which accidentally submitted user account information to advertising networks when users clicked on ads. MySpace will probably do the same soon.
Even then, as pundit Matthew Ingram put it, “On a scale of 1 to 10 privacy-wise, this is probably around a 1 or a 2.”
Here’s the 100-word version of the Journal’s story:
Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers’ names and other personal details, despite promises they don’t share such information without consent.
By Thursday morning Facebook had rewritten some of the offending computer code.
Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.
Most social networks, the Journal says, “haven’t bothered” to scrub usernames and account ID numbers from URLs. That matters because when you click a link from site A to site B in any Web browser, the browser sends the URL of the page you’re looking at on site A at as part of its request to site B.
It’s meant to help site B figure out where its traffic is coming from. But on some sites, this “referring URL” sent to site B may include your username or account number on site A. That’s what the Journal found Facebook and MySpace doing.
In theory, the specific Facebook and MySpace leaks identified by the Journal mean there’s risk that your Web-surfing history could be used by ad agencies.In practice, the Journal acknowledges, they didn’t find proof of anyone using the leaked account IDs for anything.
Instead of piling on this latest privacy angle against Facebook, technology news sites ReadWriteWeb and GigaOm have declared the Journal’s story overblown. Even if you factor in the tendency of bloggers to look for errors to correct at top newspapers, the critics are right this time.
Here’s the cheat sheet on the backlash:
- No companies have been accused of actually using this information.
- It’s not clear that there is any value to using it.
- The offending sites should be able to plug the leaks without much work.
What’s going on isn’t deceit, it’s social-network sloppiness that will probably be corrected thanks to the Journal’s report.