Facebook has been caught in another privacy-related dust-up, after the Wall Street Journal reported that a number of the social network’s most popular apps and games have been sending “personal information” to third parties, including companies that compile data on users for sale to advertisers and marketers. In the context of Facebook’s ongoing issues with privacy, it seems like a fairly major problem, and the tone of the WSJ piece suggests that it is a major breach of privacy by the social network — but is it really?
The information that the Journal is referring to in its report is the user ID that each member of Facebook gets when they join. According to the newspaper, all of the top 10 apps on the social network — including FarmVille and other popular games — were transmitting user IDs of Facebook members to advertising networks and other third parties, and in some cases those apps were sending the ID numbers of a user’s friends as well (the ad networks and other companies who received this information told the Journal that they did not collect or make use of these numbers, or any user profile info related to them).
So ad networks and other companies may have been getting your user ID. Should you care? As Facebook has pointed out in statements to the media and in a blog post on its developer blog, the user ID does not contain any private information, and even if someone plugged that ID into Facebook, all they would get is whatever public information you include in your Facebook profile (you can use the social network’s privacy settings to control what information — if any — gets sent by the apps that you use). In most cases, that’s your name and possibly your date of birth and where you live, as well as a list of your friends.
It’s easy enough to find the ID of a Facebook user, because Facebook provides it to developers through its open graph protocol — just go to http://graph.facebook.com/user-id and replace “user-id” with someone’s Facebook user name. There are also a number of tools that will show you exactly what information the social network is sharing about you, including one that gives you an overall “privacy score”. Even before the latest Journal report, Facebook had already taken steps to reduce the likelihood that a user’s ID number would be passed on via their browser (although it still faces a lawsuit as a result of this issue).
The reality is that passing on user ID numbers and even public profile information isn’t really a “privacy breach,” because the only data that advertisers or anyone else can get through this process is information that users have chosen to make public already. As some Facebook defenders such as new-media guru Jeff Jarvis have noted, many companies — including media outlets such as the Wall Street Journal — sell information about their subscribers to a variety of third parties, who in turn sell it to marketing firms and advertising agencies. Is it fair to hold Facebook accountable for the behavior of third parties when we don’t hold others accountable in the same way? Some would argue it is not.
After all of the negative attention Facebook has gotten over the past year from advocacy groups and governments because of changes to its privacy settings, it’s not surprising that the company — and its critics — would be sensitive to any suggestion that personal information was being misused. But maybe we should save our outrage for cases that involve real breaches of privacy, rather than seeing potential scandals in every dark corner.