Watch CBSN Live

Facebook Leak Sent User Data to Advertisers


Facebook's privacy policy promises, in no uncertain terms, that it doesn't "share your information with advertisers without your consent." Only "non-personally identifiable" data, it says, are shared. But the social-networking site confirmed late Thursday that it has, at least in some circumstances, sent the user name of a Facebook member to its advertising partners. That can be used to glean a person's name, interests, and list of friends.

A Facebook spokesman told CNET that the apparent privacy leak has been fixed.

News of this data sharing, which appeared in the Wall Street Journal on Thursday evening, could prove embarrassing to the social-networking site, which is already on the defensive after Washington politicians have been calling for regulatory action on privacy grounds and over a dozen advocacy groups have charged that Facebook engages in "unfair and deceptive" business practices.

Facebook's admission also may conflict with its previous statements. In a blog post last month, a company official wrote: "We don't share your information with advertisers unless you tell us to...Any assertion to the contrary is false. Period."

"We were recently made aware of one case where if a user takes a specific route on the site, advertisers may see that they clicked on their own profile and then clicked on an ad," the Facebook spokesman said on Thursday. "We fixed this case as soon as we heard about it. In addition, we have been working on ways to no longer include user IDs in Referer: URLs."

Deleting your Facebook account (FAQ)

Browsers typically send a Web site, in what's called a Referer: field, the location of the page you last visited. This lets Web operators know where their visitors are coming from, and it's viewed as a perfectly normal and commonplace practice.

The rub: if you're logged into Facebook, the Referer: field can reveal your user name to advertisers. Ben Edelman, an assistant professor at Harvard Business School who has a background in Internet advertising, described the problem in a new essay that says: "When a user views her own profile, or a page linked from her own profile, the "?ref=profile" tag is added to the URL--exactly confirming the identity of the profile owner."

Read the rest of this article at CNET

View CBS News In
CBS News App Open
Chrome Safari Continue