This weekend the Wall Street Journal made a worrying discovery: all of the top ten Facebook apps have been transmitting user IDs to internet advertising and tracking companies, breaking Facebook’s privacy rules. While there is lots of anonymous data tracking on the internet, in this case some companies have been linking internet activity with specific Facebook user IDs.
The main culprit seem to be a data gathering firm Rapleaf, while apps by developer LOLapps were taken down over the weekend, although they are available again now. It’s not clear whether the linking of Facebook user ID and internet databases was intentional – Rapleaf says not – but it exposes a problem of trust with the Facebook model.
While it’s had it’s fair share of privacy controversy, I think Facebook itself is trustworthy. You can’t be such a big company and try and cheat people if you want to succeed. Like Google, mistakes will be made, but it is in their interests to act above board and maintain consumer trust.
Facebook’s problem is that it has become such a big platform that the huge number of companies that use it to offer apps may not always be trustworthy. The activity discovered by the Wall Street Journal looks like a mix of error and intention, but shows that Facebook needs to find a better way of policing the companies that use its platform.
This also highlights how users have to responsibly manage their Facebook privacy settings, and watch out for apps that require a high level of access to their accounts. My main issue with many Facebook apps is that they can only be used if you grant them an unreasonable level of access. Here’s an example I picked at random, Zynga’s Frontier Ville:
When you consider this is just a casual social game, you might ask yourself, ‘why does it require access to all my profile information?’ The answer has to be advertising. Under Facebook’s terms, that’s fine as long as the information is gathered anonymously, but you have to trust the developer will do that. In the light of the WSJ’s findings, that looks difficult.
These apps – which I admit I am not a fan of – are free to play, but with a high cost in terms of sharing personal data. Whether or not that’s too high a cost for you is down to choice, but I suspect most users play without being truly aware of what they have signed up for.