Last night the Wall Street Journal published about a new Facebook “privacy loophole” that resulted in user information being shared with advertisers. The information that was often shared by Facebook was the username of the person who clicked on the ad as detailed by Ben Edelman. While Facebook has become the subject of security attacks in recent weeks and has come under fire for legitimate concerns, your username has always been for sale, and not by Facebook.
A number of companies in the “social media” space are in the business of selling your data to third parties. Interestingly enough, many of these companies already have the profile data of the majority of Facebook users. That information has been systematically collected through applications as well as public resources found through Google. Trust me, the advertiser who could have theoretically collected your username through ads (even though they probably didn’t realize this was possible), would have paid more for your data by purchasing Facebook ads than going direct to third-party data sales companies.
The irony of the recent Facebook privacy debacle is that Facebook is actually attempting to give users more control, while third-parties are simultaneously stripping users of it. Yes, Facebook has overstepped their boundaries with the new “Instant Personalization” program in my own opinion, however most of your data has been accessible as long as you’ve been on the site.
Most likely that information was shared through third-party applications, but even if you chose not to use those applications, new data sales companies will create profiles of you based on the data you placed across multiple social networks. While we could dive into more details about the business of data sales the main point is this: having your Facebook username shared with advertisers is the tip of the iceberg.
The best way to protect your information is to avoid posting online anything you don’t want public. While I support users’ right to privacy, it’s best to assume your data is already available to other parties the moment you put it online. While I think we’re in the midst of a greater debate over the future of user privacy on the web thanks to the latest Facebook changes, the users already had control the moment they put their information into the ether.
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
I remember once looking at the google analytics for my blog, to which I had placed an ad on Facebook.
Google analytics lists "referring pages", and there were a few referenced from peoples' facebook.com/USERNAME pages. I wasn't sure if those people were looking at a friend's profile, or if it was them.
Strangely, about a week later, those links reverted to generic Facebook.com referrals, as if Google had caught and swept up the privacy mess for them.
Comment by Derek pangallo — May 21, 2010 @ 10:23 pm
Really? I'm so tired of Facebook and they're invasion of Privacy!
Comment by Nikolas Mitchell — May 21, 2010 @ 10:53 pm
Nick,
Are you saying “Don’t hate the player, hate the game”?
Will M
Comment by Will M — May 22, 2010 @ 1:12 am
that "analysis" by Ben Edelman is laughable.. it sounds like a kindergartner used a proxy sniffer and then wrote a report on it.
I won't even go into the ways he's wrong. I have too much planned for today.
Comment by Luka Kladaric — May 22, 2010 @ 3:36 am
I honestly still fail to see the big deal. Read the fine print. Everyone freaked out about the instant personalization program, but all the website they're sharing info with has access to is the info that any stranger can find by having your name show up in a search.
And so what if advertisers have your name? As far as I'm concerned, anything you put publicly on the internet is fair game and it's your own fault if it gets misused. When people look up my profile they see my name and my picture and that's it. If you don't want anything to be used by advertisers and websites, don't make any of it public.
People are freaking out because they never read the fine print and because they didn't listen to all the internet safety ads and classes in school. Just go fix up your privacy settings and be done with it.
Comment by Lauren — May 22, 2010 @ 3:50 am
I think you are completely missing the point here. Being able to associate identifying data with an advertising click *is* a big deal – especially when Facebook explicitly states they do not pass that information along. This isn't an issue of "zOMG! my data is in the publics!" This is an issue of unwittingly passing personally identifying information along to advertisers while expressing an interest in a specific ad.
Comment by Graham Blake — May 22, 2010 @ 11:01 am
"The irony of the recent Facebook privacy debacle is that Facebook is actually attempting to give users more control, while third-parties are simultaneously stripping users of it".
Outright LIE. Facebook is NOT attempting to give users more control. FB is attempting to make it LOOK as thought they are giving more control; while they may have given more control over some things, they have taken away all control over many aspects. (What gets posted to news feeds, whether fan pages can be seen, etc.) Sure, users have more control over the options that are left, but many layers of privacy have been stripped away by simply taking away the option to control it. How soon some of us forget.
Comment by Not using FB Connect — May 22, 2010 @ 1:38 pm
Yes connect Facebook account
Comment by Manoj Baruah — May 22, 2010 @ 3:18 pm
It's all over, I'm quitting Facebook and now the trend begins. Once Facebook was a fun company to work at and play games and ride scooters in the office but those days are long gone.
Every company lucky enough to scale goes through this hardship, it's called success. With success is failure and it's due to becoming too big, which equals scrutiny and haters.
It doesn't even matter if this is my opinion and that there are still 399,999,999 other users still using the site. This wave of negative PR is what allows companies to officially "peak". Zuckerberg has a problem and it's letting go. Someone will be the next Facebook soon and my advice to all the other people who work at Facebook is sell your shares if you can and get out before it gets worse.
Ode to MySpace.. Facebook is next.. And now we as consumers who are use to "change", time to sea out the next thing to waste our time on!
now go outside and enjoy planet earth! I heard "walking" is a fun thing you do with your legs and if you're lucky you can meet a new person and have a conversation using you lips.. What are lips? They are part of your mouth on your face used for talking, not typing..
Comment by Over — May 23, 2010 @ 5:08 am
I just don't understand the scrutiny that fb is under about sharing data. Data sharing has been going on for years. Consider when you get a call from a telemarketer or a piece of direct mail. Your data has been shared whether you like it or not. Your name, number, address, credit scores, etc. And in most cases without permission. If your information is going to be out on a public platform and you have concerns, then the only way to avoid this is by taking it down. Even then your data is not gauranteed to be private.
Comment by ej — May 23, 2010 @ 6:10 am
Luka: I stand by my report. Certainly this isn't overly complicated — but it's no more complicated than it needs to be.
To the initial post: Facebook specifically promised not to share this information. Then Facebook shared it anyway. That's proper cause for concern. You may be right that there are other data breaches that are just as serious, or even more serious, but that in no way excuses this breach.
Finally, to the suggestion that Facebook's privacy controls in some way mitigate the problem I found: I emphatically disagree. There was and is no setting by which users can prevent the nonconsensual data sharing I presented in my article.
Ben Edelman
Comment by Ben Edelman — May 23, 2010 @ 9:21 am
? Iphone test
Comment by Felipe Echeverri — May 23, 2010 @ 12:20 pm
More defense of facebook, is time mocking the victims and playing the ‘everyone does it so it’s ok’ card. Nick, I used to really respect your analysis and reporting, but the past few days have taken an ugly turn. Unsubscribe, thanks for the fish.
Comment by Todd Sieling — May 23, 2010 @ 12:43 pm
how to open my facebook account…?i love fb…
Comment by meltz navarro — July 12, 2010 @ 8:47 pm