This was the link Emily. C. Steel’s browser took her to as she clicked an ad on her Myspace page. Clearly seen in the address is her user ID. Invasion of privacy! This is a faux pas that Facebook, MySpace and several other social-networking sites, have blithely ignored till now, continuing to send user data to advertisers. This, considering the fact that they strongly deny any such practice that gives out any information about the profile or other details about their users when they click on ads. Within hours of The Wall Street Journal’s accusation, Facebook rewrote the code that caused such information to be sent out.
Earlier, in August 2009, AT&T Labs and Worcester Polytechnic Institute had pointed out in a paper that 12 social networking sites, including Facebook, Twitter and MySpace, send out user information to outside companies. Nine months on, these sites still haven’t learned their lessons. Twitter – which doesn’t have ads on profile pages – also was found to pass Web addresses including user names of profiles being visited on Twitter.com when users clicked other links on the profiles. These enables these companies to reach the user’s profile and draw out a variety of data, depending on the level of information that has been made public. Although many companies have come under the scanner, Facebook has received particular flak because recently they have been urging users to make information public and also requires it users to use their real names. The usernames are tied to these addresses to ensure unique clicks, but essentially, these usernames should be masked and not identifiable. The spokespersons went into a frenzy and defended the companies’ privacy policy, trying to limit the damage.
A Facebook spokesman acknowledged it has been passing data to ad companies that could allow them to tell if a particular user was clicking an ad but it changed its software to eliminate the identifying code tied to the user from being transmitted. MySpace defended that unlike Facebook it is only sharing the ID name users create for the site, which is an information that users permit them to use as they do not force the usage of real names. However, a MySpace spokeswoman went of the defensive, adding that MySpace are “currently implementing a methodology that will obfuscate the ‘FriendID’ in any URL that is passed along to advertisers”. Chas Edwards, Digg’s chief revenue officer said that they have a system in place that mashes up the username in URLs, ” It’s the information about the page that you are visiting, not you as a visitor,” that is being send to advertisers.
Strangely and shockingly, the Twitter spokeswoman naively said that, “This is just how the Internet and browsers work.” She definitely made the wrong sounds, ‘tweet tweet’.
The advertising giants, Google Inc.’s DoubleClick and Yahoo’s Right Media, who were also accused by Wall Street Journal, moved the ball right back into the sites’ court. “Google doesn’t seek in any way to make any use of any user names or IDs that their URLs may contain,” a Google spokesman said in a statement. “We prohibit clients from sending personally identifiably information to us. We have told them. We don’t want it. You shouldn’t be sending it to us. If it happens to be there, we are not looking for it,” said Yahoo!. It’s a funny world…
At the same time, lawmakers are preparing legislation to govern websites’ tactics for collecting information about consumers, and the way that information is used to target ads. Let’s see what does the future hold for the privacy pirates.