TOPICS > Nation

Popular Facebook Apps Lack Privacy Protection, Report Finds

October 18, 2010 at 12:00 AM EDT
Loading the player...
New privacy breaches have been uncovered for users of the social network Facebook and many of its most popular applications. Geoffrey Fowler of the Wall Street Journal discusses some of his newspaper's findings with Jeffrey Brown.
LISTEN SEE PODCASTS

TRANSCRIPT

JEFFREY BROWN: Now, what is the app for privacy? We look at some new concerns for Facebook users.

For more than 500 million people, social networking giant Facebook is the go-to place for sharing their latest likes and dislikes, photos, dating status, and a zillion other pieces of information. But how private is all that data?

Once again, Facebook is facing that question, this time in a Wall Street Journal investigation that found that some personal information has been transmitted to dozens of advertising and Internet-tracking companies.

According to The Journal, the issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. Apps, shorthand for applications, are software programs that consumers can access to play games, share common interests with others and much more.

According to The Journal, 10 of the most popular apps on Facebook were involved in the privacy breach.

ACTOR: People want to go on the Internet and check out their friends, so why not build a Web site that offers that?

JEFFREY BROWN: Facebook, now the subject of a hit fictionalized film, “The Social Network,” has grown phenomenally since its birth in a Harvard dorm room only a few years ago.

Several times even in recent months, the company has announced new privacy controls, amid a barrage of complaints over a lack of protections. Responding to the Journal report today, Facebook issued a statement saying in part: “Our policy is very clear about protecting user data, ensuring that no one can access private user information without explicit user consent. Further, developers cannot disclose user information to ad networks and data brokers. We take strong measures to enforce this policy, including suspending and disabling applications that violate it.”

Geoffrey Fowler is the co-author of the report in today’s Wall Street Journal. He joins us from San Francisco. Geoffrey, as I understand it, this centers mostly on the so-called user I.D. Now, explain what that is and what you found.

GEOFFREY FOWLER, The Wall Street Journal: Well, at the core of this is a promise that Facebook makes to all of its 500 million users that it will not pass personally identifiable information about us and what we do on the site along to advertisers, marketers and data firms.

What we found is that users who were using these apps — and we checked many of the most popular ones — they were having their user I.D., which is a piece of information that can be used to look up the real name of anybody on Facebook, that user I.D. was being sent along to a lot of different advertising and data companies.

JEFFREY BROWN: And what does that user I.D., what information goes with that?

GEOFFREY FOWLER: With that is your real name, your gender, the country that you’re based in, and then anything else that you have set to public, to everybody, that you want to share on Facebook.

So we should be really clear here. We didn’t find that Facebook was allowing advertising companies to access any of your private information, that is, information that you have set to share with only a close circle of friends.

What we found was something different. We found that they were giving, potentially, advertisers and data companies a window into your activities on Facebook through these apps that they could then tie to your real name.

JEFFREY BROWN: And just to continue, so we’re clear on what it is you found and sort of what kinds of questions it raises, is the sharing of information inadvertent at this point? I mean, what’s known about that? And — and do we know if it was used in any way?

GEOFFREY FOWLER: At this point Facebook says in their responses to us that it appears that most if not all of these cases were inadvertent.

However, in our reporting, we found at least one company that was taking this user I.D.-information from apps and linking its to its own database of Internet users, and also selling those Facebook user~ I.D.s and passing them along to advertising companies.

Now, advertising companies, online companies tell us that this violates best practice on the Internet and that they don’t want this kind of information, and this is not — they have no intention to use it. However, this is a case that shows it can actually happen.

JEFFREY BROWN: Well, explain for those not so familiar with the world of apps, applications, what is it that consumers think they’re doing when they download or start to use an app?

GEOFFREY FOWLER: Well, what apps do is they let you play games or maybe build a family tree or somehow interact with other users on the site.

So, you tend to think while you’re doing it that, oh, it’s just limited to the set of people that are — that you’re playing the game with or that you are building your family tree with.

However, there’s a lot of advertisers out there that are trying to also send messages inside these apps, and there’s a lot of people that would like to know who you are and what you’re doing on the site.

JEFFREY BROWN: So, this whole thing — I mean, just to broaden the context here, this, of course, fits into a much larger debate about the Internet, right, about consumers out there and marketers and privacy?

GEOFFREY FOWLER: That’s true. It is a larger debate. I mean, there are many aspects of our offline lives which marketers want to follow, from the cards we swipe at the supermarket to get discounts, to all this — the mail we get at home from credit card companies.

However, online, what The Journal has been shining a light on this year is some of these breeches and holes that exist to allow this information that’s been collected about us to be put into the hands potentially of marketers or data companies or other people.

JEFFREY BROWN: Now, you started to tell us about Facebook’s response. Tell us a little bit more because as we said in our introduction here, this has been going on, particularly this year, but especially in the last few months, been a number of cases and a number of responses from the company.

GEOFFREY FOWLER: Right. Well, let’s take them one at a time. In terms of the specific user I.D. leakage that we pointed out in apps, Facebook said that they were going to take steps to address that. Part of the problem they said — and we have heard the same from app developers — seems to be embedded in some of the basic ways that the Internet and Web browsers work, that they just automatically pass along certain kinds of information.

So, Facebook says it can take steps to address some of that. It would be technically challenging, but they are going to be working on it. But, more broadly, in recent months, Facebook has been making a lot of changes, particularly to the way that users can control what they’re doing on the apps.

This follows an investigation by the Canadian privacy commissioner last year in which they identified these third-party apps as kind of a hole through which users may not realize how much information third-party organizations and companies could be gathering about them.

So, after that investigation, Facebook made considerable changes to the way that it restricts what information apps can collect. And before you — or whenever you install an app now on Facebook, it tells you very specifically which bits of information that app wants to access.

And then earlier this month, Facebook went a step further, and they set up a control panel that every user has, which tells you exactly which apps you have installed and which pieces of information it’s been accessing and when.

JEFFREY BROWN: Well, and as you’re following all this — and, of course, this market especially for applications just continues to explode — what do you see in terms of consumer attitudes?

And as you’re talking to experts out there, what is the message to consumers?

GEOFFREY FOWLER: That’s another great debate. I have certainly heard from a lot of Facebook user today’s who are concerned about this. That said, despite all of the discussions and problems that Facebook has faced with privacy over the past half-a-year, their number of users continues to go up. And the amount of time that people spend on the site continues to go up.

So there’s also a debate out here in Silicon Valley over how much this is an issue that the regulators and media are concerned with vs. everyday people. Certainly, Facebook is — is giving folks a lot of utility. They enjoy spending time on the site. They get a lot out of it.

The question becomes, you know, at what point will some of these concerns about privacy start to cut back on what people are getting out of the site?

JEFFREY BROWN: All right, Geoffrey Fowler of The Wall Street Journal, thanks very much.

GEOFFREY FOWLER: Thank you.