By EMILY STEEL And JESSICA E. VASCELLARO

Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers' names and other personal details, despite promises they don't share such information without consent.

Experience WSJ professional

Editors' Deep Dive: Google, Facebook Struggle With Privacy

• THE ECONOMIST

  Opinion: No Need for Extreme Measures

• eWEEK

  Why Privacy Troubles Will Burn Google

• TR Daily

  Data Protection Group Faults Facebook on Privacy

Access thousands of business sources not available on the free web. Learn More

The practice, which most of the companies defended, sent user names or ID numbers tied to personal profiles being viewed when users clicked on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code.

Advertising companies were given information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person's real name, age, hometown and occupation.

Several large advertising companies identified by the Journal as receiving the data, including Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven't made use of it.

Across the Web, it's common for advertisers to receive the address of the page from which a user clicked on an ad. Usually, they receive nothing more about the user than an unintelligible string of letters and numbers that can't be traced back to an individual. With social networking sites, however, those addresses typically include user names that could direct advertisers back to a profile page full of personal information.

Most social networks haven't bothered to obscure user names or ID numbers from their Web addresses, said Craig Wills, a professor of computer science at Worcester Polytechnic Institute, who has studied the issue.

The sites may have been breaching their own privacy policies as well as industry standards, which say sites shouldn't share and advertisers shouldn't collect personally identifiable information without users' permission. Those policies have been put forward by advertising and Internet companies in arguments against the need for government regulation.

The problem comes as social networking sites—and in particular Facebook—face increasing scrutiny over their privacy practices from consumers, privacy advocates and lawmakers.

At the same time, lawmakers are preparing legislation to govern websites' tactics for collecting information about consumers, and the way that information is used to target ads.

In addition to Facebook and MySpace, LiveJournal, Hi5, Xanga and Digg also sent advertising companies the user name or ID number of the page being visited when a user clicked on an ad. (MySpace is owned by News Corp., which also owns The Wall Street Journal.) Twitter also was found to pass Web addresses including user names of a profile being visited on Twitter.com.

For most social networking sites, the data identified the profile being viewed but not necessarily the person who clicked on the ad or link. But Facebook went further than other sites, in some cases signaling which user name was clicking on the ad as well as the user name of the page being viewed. By seeing what ads a user clicked on, an advertiser could tell something about a user's interests.

Journal Community

• Vote: How would you grade Facebook's handling of user's privacy?

Ben Edelman, an assistant professor at Harvard Business School who studies Internet advertising, reviewed the code on the seven sites at the request of the Journal.

"If you are looking at your profile page and you click on an ad, you are telling that advertiser who you are," he said of how Facebook operated before the fix. Mr. Edelman said he had sent a letter on Thursday to the Federal Trade Commission asking them to investigate Facebook's practices specifically.

The sharing of users' personally identifiable data was first flagged in a paper by researchers at AT&T Labs and Worcester Polytechnic Institute last August. The paper, which drew little attention at the time, evaluated practices at 12 social networking sites including Facebook, Twitter and MySpace and found multiple ways that outside companies could access user data.

The researchers said in an interview they had contacted the sites, which some sites confirmed. But nine months later, the issue still exists.

The issue is particularly significant for Facebook on two fronts: the company has been pushing users to make more of their personal information public and the site requires users to use their actual names when registering on the site.

A Facebook spokesman acknowledged it has been passing data to ad companies that could allow them to tell if a particular user was clicking an ad. After being contacted by the Journal, Facebook said it changed its software to eliminate the identifying code tied to the user from being transmitted.

"We were recently made aware of one case where if a user takes a specific route on the site, advertisers may see that they clicked on their own profile and then clicked on an ad," a Facebook spokesman said. "We fixed this case as soon as we heard about it."

Facebook said its practices are now consistent with how advertising works across the Web. "This may include the user ID of the page but not the person who clicked on the ad," the company spokesman said. "We don't consider this personally identifiable information and our policy does not allow advertisers to collect user information without the user's consent."

The company said it also has been testing changing the formatting for the text it shares with advertisers so that it doesn't pass through any user names or IDs.

MySpace, Hi5, Digg, Xanga and Live Journal said they don't consider their user names or ID numbers to be personally identifiable, because unlike Facebook, consumers are not required to submit their real names when signing up for an account. They also said since they are passing along the user name of the page the ad is on, not for the person clicking on the ad, there is nothing advertisers can do with the data beyond seeing on what page their ad appeared.

MySpace said in a statement it is only sharing the ID name users create for the site, which permits access only to the information that a user makes publicly available on the site.

Nevertheless, a MySpace spokeswoman said the site is "currently implementing a methodology that will obfuscate the 'FriendID' in any URL that is passed along to advertisers."

A Twitter spokeswoman said passing along the Web address happens when people click a link from any Web page. "This is just how the Internet and browsers work," she said.

Although Digg said it masks a user's name when they click on an ad and scrambles data before sharing with outside advertising companies, the site does pass along user names to ad companies when a user visits a profile page. "It's the information about the page that you are visiting, not you as a visitor," said Chas Edwards, Digg's chief revenue officer.

The advertising companies say they don't control the information a website chooses to send them. "Google doesn't seek in any way to make any use of any user names or IDs that their URLs may contain," a Google spokesman said in a statement.

"We prohibit clients from sending personally identifiably information to us," said Anne Toth, Yahoo's vice president of global policy and head of privacy. "We have told them. 'We don't want it. You shouldn't be sending it to us. If it happens to be there, we are not looking for it."

Write to Emily Steel at emily.steel@wsj.com and Jessica E. Vascellaro at jessica.vascellaro@wsj.com

And the real data behind the smoking gun.

Find More Stories

18 May 2010

Poisoned bait

Be first to comment

Mark Pesce

Every Tuesday morning I send out a message over Twitter: "Off to my regular in Potts Point. Back in a few hours. Play nice!" For the 6,600 people who follow me it's a tip of the hat and a wave of the hand before I go (somewhat) offline.

For others, though, it could be an invitation to come and play in my now-empty flat. It isn't hard, with a few Google searches, to learn my Sydney address, even my telephone number. It's information that's escaped into the wild, copied and recopied until it evades all attempts to bring it under control. (Some say information wants to be free. I say it simply wants to be copied. That's right - information is horny.)

The more information someone has about you, the more they can put that information to work - for good or ill. Your doctor may want to know a lot about your diet and exercise habits to help you lower your cholesterol or blood pressure. Someone less well-intentioned might use that same information to know exactly when you're most likely to be tempted by a coupon for a tasty cake or an extra-large serve of chips. We are creatures of habit, of weakness, of neurosis, and each of these presents an opening to attack. Throughout history we've been protected by our obscurity; the vast majority of individuals simply aren't notable enough to have their habits, weaknesses or neuroses widely known. This used to be a reason why people hired private detectives. No more. Anyone with a web browser can know more about you than all but your very closest friends and family.

In a shocking example of how this plays out in the real world, last week Sydney teenager Nona Belomesoff was lured to her own death using information gleaned from her Facebook profile, and a connection made through that profile. Miss Belomesoff was approached by a person purporting to represent an animal welfare group, prospectively offering her a position - if she were willing to join him on an expedition to rescue some injured animals. That expedition ended with Miss Belomesoff's body lying in a creek bed.

When someone tries to get us to reveal our financial information online - through a faked website, or an email purporting to offer us a big cash prize for our bank details - we call that 'phishing'. This is a new thing, 'human phishing', where the details shared on a social profile have been used to hone an attack on a person. Miss Belomesoff loved animals, taking an animal studies course at TAFE, and likely shared this information on her profile and through her network of friends. Recent privacy changes in Facebook make it very difficult to hide your likes and interests.

Facebook believes that this makes it easier to find others who share your interests, and does. But it also opens a door that lets every con man and every sociopath ride the royal road into your trust. We implicitly trust those whose interests align with our own, it's a natural affinity which is equally endearing and dangerous. Someone could approach any of us, professing a similar set of interests, and glide right past any of the sensible safeguards which would have us thinking, "Hey, just a minute…!"

Just as we receive emails from Nigerian '419' scammers, promising us millions of dollars in uncollected wills/lottery winnings/resource revenues should we only provide a few simple details, we can now expect a new era of attacks, carefully designed to pierce our cynical armor, infecting us where we are least defended. This is the shadow side of the sharing explosion we're all participating in. The danger of the future isn't that someone will find those snaps of you doing jello shots off an exotic dancer's tummy during that trip to Las Vegas. The danger is that someone will approach you, with a friendly handshake and knowing grin, someone in simpatico with you, until, the damage done, he vanishes. That's what happened to Nona Belomesoff.

What can we do? Social networks are too powerful and too useful to withdraw from them. Instead, we must turn that power inward, on itself. When someone approaches you to make contact, take a good look at their own social network. If they don't have a social network, turn and run. If they do, look at where their network intersects with yours. Again, if it doesn't intersect at all, turn and run. If the intersection is small, regard them with some suspicion - and do your homework. If the intersection is larger, then use your network: ask questions about this person. Are they trustworthy? Do they really share your interests? Be innocent as a dove, but smart as a serpent. Learn everything you can. The same capability that scammers and psychopaths use to get close to us can - and must - be put to work to protect us. Otherwise, our social future will look more like a city of the paranoid, than a strong, shared and safe playground.

Mark Pesce is one of the pioneers in Virtual Reality and works as a writer, researcher and teacher.

• Email
• Share
  • x
  • 

    del.icio.us

  • 

    Digg

  • 

    Kwoff

  • 

    StumbleUpon

  • 

    Twitter

  • 

    Facebook

  • 

    Reddit

• Print

Please, if you use Facebook, read this.

ON its Web site, Facebook says it’s “giving people the power to share and make the world more open and connected.”

But the online world outside of Facebook is already a very open and connected place, thank you very much. Densely interlinked Web pages, blogs, news articles and Tweets are all visible to anyone and everyone. Instead of contributing to this interconnected, open Web world, the growing popularity of Facebook is draining it of attention, energy and posts that are in public view.

Every link found on the open Web, inviting a user to click and go somewhere else, is in essence a recommendation from the person who authored the page, posted it or broadcast it in a Tweet. It says, “I’ve taken the trouble to insert this link because I believe it will be worth your while to take a look.”

These recommendations are visible to search engines, which do far more than just tally how many recommendations point to this or that item. The engines trace backward to who linked to the recommender, then who linked to the recommender of the recommender, and so on. It’s a lot of computation to derive educated guesses about which recommendations are likely to lead to the best-informed sources of information and then placed at the top of a search results page.

No “friending” is needed to gain access; no company is in sole possession of the interconnections.

The size of the open Web — built without Facebook’s help — is hard to appreciate. In 2008, Google announced that its search engine had “crawled,” that is, collected and indexed material from, one trillion unique URLs, or Web addresses.

“The beauty of the Web is that it is open, and anyone can crawl it,” says Matt Cutts, a software engineer at Google.

But Facebook does not permit Google to reach most categories of information placed on the site, says Mr. Cutts, adding, “Google can only know what it can crawl.”

Susan Herring, professor of information science at Indiana University, sees it this way: “What the statistics point to is a rise in Facebook, a decline in blogging, and before that, a decline in personal Web pages. The trend is clear, she said — Facebook is displacing these other forms of online publication.

Barry Schnitt, a Facebook spokesman, said his company provides Google with access to public profiles of members and status updates for public Facebook pages, formerly called “fan pages.” He said it also has announced plans to work with Microsoft on its Bing search engine, allowing Bing to publish the status updates of individual members whose privacy settings permit display to “everyone.”

The Facebook model of organizing the world’s information involves a mix of personally sensitive information, impersonal information that is potentially widely useful, and information whose sensitivity and usefulness falls in between. It’s a tangle created by Facebook’s origins as the host of unambiguously nonpublic messaging among college students.

The company’s desire now to help out “the world” — an aim that wasn’t mentioned on its “About” page two years ago — has led it to inflict an unending succession of privacy policy changes on its members.

People often talk about the two leading social networking sites in a way that sounds like they’re a single entity: FacebookandTwitter. But the two are fundamentally different. Facebook began with a closed, friends-only model, and today has moved to a private-public hybrid, resetting members’ default privacy settings. By contrast, most Twitter users elect to use the service to address the general public.

Facebook has redefined the way its users go about obtaining information.

“Information is becoming less of a destination that we seek online,” says Anthony J. Rotolo, assistant professor of practice in the School of Information Studies at Syracuse University. “Instead we are expecting it to come to us in a social stream.”

In the Facebook stream, friends, not search engines, are the trusted sources.

“Just because someone belongs to your social network, it doesn’t make them a good source,” Professor Rotolo says. “But there’s a natural inclination to assume that a person possesses reliable information because it’s person-to-person.”

This is what Professor Herring calls a “recommender model” of getting information. And she sees it as replacing the search-engine model. She points to the recent introduction of the Facebook “Like” button at Web sites, which allows Facebook to note recommendations of those sites among one’s friends. The record of who clicks that “Like” button, however, is not part of the open Web; it’s Facebook’s. The public visibility of users’ Likes on Facebook depends on their privacy settings.

DEFENDERS of the Facebook information stream argue that it doesn’t displace the open Web, but that it merely adds a new layer of information to it. Yet there is a cost: more time spent dispensing recommendations among friends on Facebook means less for similar contributions elsewhere. Members now spend more than 500 billion minutes a month on Facebook, a company fact sheet says.

The links on the trillion Web addresses found by Google, and within the billions of Tweets that have followed, form an incomparably vast, truly worldwide, web of recommendations, supplied by fellow humans.

In this sense, the open Web has a strong claim to being more “social” than does Facebook.

Randall Stross is an author based in Silicon Valley and a professor of business at San Jose State University. E-mail: stross@nytimes.com.

I used to work for Randal Stross at SFState! Here he is with some keen insight on Facebook and the open web...