Binghamton University students may be unknowingly releasing information about themselves to advertising companies through the social networking website Facebook.
A recent investigation by The Wall Street Journal has pressured the popular social network to admit that third-party applications such as Farmville were storing user account information, which ended up being aggregated by advertising companies.
The privacy vulnerability allowed account information to be transmitted even if it was set to the strictest privacy settings. The Journal reported that all of the top 10 most popular applications on Facebook transmitted user information to dozens of tracking companies. One tracking company, Rapleaf, was found to have compiled Facebook IDs called user identifiers or UIDs, paired them with other data about the user and then sold them to advertising companies.
Facebook is not the only site tracking companies looked to for user info. According to The Wall Street Journal report, Rapleaf was found to have matched UIDs with activity on other social media sites such as Flickr, Twitter, MySpace, Pandora, LinkedIn and Amazon. Users’ online activities may have been stored every time they used these popular sites.
‘Lots of stuff that goes on Facebook is very public,’ said Jim Wolf, director of Information Technology Services at BU. ‘I don’t think students appreciate the risk they put themselves in. [They’re] not cautious about the image they present about themselves. It’s not just Facebook that is a source of that info. Your Internet habits are mined.’
Some BU students understand the dangers of posting too much personal information online.
‘Facebook is not the only company who [transmits] information to the other companies,’ said Kenny Morgillo, a senior double-majoring in psychology and philosophy, politics and law. ‘It doesn’t bother me so much, because I keep my information in private on Facebook.’
According to The Journal’s investigation, when Facebook users connect to applications such as Farmville or Mafia Wars, they allow third-party developers access to their unique and public Facebook ID numbers along with the information from their profiles such as friends’ names and interests. Tracking companies download these IDs, which are meant to be anonymous, into a database and then link them with any information about students that is listed online in direct violation of Facebook privacy terms.
Zynga, the creator of Farmville and other games, was found by The Journal to violate Facebook privacy terms when it sold account information to advertising and tracking companies. Zynga would not return requests for comment.
Facebook released a statement to The Journal that the information released because of this breach of privacy was not used in any way.
‘Developers did not intend to pass on this information,’ wrote Mike Vernal, a Facebook developer, on his blog. ‘But did so because of the technical details of how browsers work.’
The Electronic Privacy Information Center, a public interest research center in Washington, D.C., has filed consumer complaints with the Federal Trade Commission against Facebook due to its increasingly lax privacy policy.
‘College students should be thoughtful about what they post,’ said EPIC Chief Executive Officer Marc Rotenberg. ‘And they should expect that Facebook will not violate their privacy by disclosing information the users did not choose to disclose. We object to the fact that Facebook changed the privacy settings of users. That was simply unfair.’
Some BU students think it is solely Facebook’s responsibility to protect user info.
‘[Facebook] has no right to take our information and distribute it among whoever wants it and whoever pays them,’ said Stephanie Naru, a freshman double-majoring in theater and English. ‘I would feel very violated and I refuse to use Facebook if I find out that it is happening to me. I do think that everyone should be mindful and aware that anything they put on the Internet can be found.’
Facebook may also be outing gays to advertisers, according to a study released by Microsoft and Max Planck researchers in mid-October. The study created six almost identical fake Facebook accounts and detailed straight and gay sexual preferences. Ads for straight and gay users varied greatly with profiles listing same-sex preferences receiving ads for gay bars and also neutral ads. If a listed gay user clicked on a neutral ad, their sexual preference would be known to the ad company because they clicked on an ad specifically targeted to gay users. This information is transferred to the ad provider even if a user’s sexual preference is under Facebook’s strictest privacy setting. Facebook has responded to allegations of the study by saying this practice is against its policies.
In response to The Journal’s investigation, Facebook has revamped its policy stating that no applications can transfer UIDs to advertising networks. They have agreed to encrypt UIDs and to suspend developers who were selling user info to data brokers. Rapleaf has agreed to delete all of its amassed UIDs and is no longer allowed to participate on Facebook’s channels.
As a new batch of BU students graduate this fall, Rotenberg warns students to delete any questionable photos and double-check privacy settings.
‘Images of beer-soaked T-shirts are probably not going to help in the job market,’ he said.
‘ Zeynep Gokce Ertem contributed to this report