This seems to be a regular feature in this blog — applications transmitting personal user information without the user knowing about it. The latest incursion to come to light involves Facebook.
The WSJ is reporting that many popular apps on Facebook have been transmitting Facebook IDs and, in some cases those of their friends, to advertising and Internet tracking companies. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with ‘everyone,’ including age, residence, occupation and photos. In other words, Facebook users who don’t use applications are still at risk of having their personal information shared with third parties if they’re Facebook “friends” with people who do.
Facebook joins a growing number of platforms that have been caught enabling the same thing — iPhone and Android are recent high-profile platforms.
In their defense, the platforms themselves are not guilty of this intrusion. It is the application developers who are building this capability into the application. In the case of Facebook, when the WSJ notified the company of these breaches, the apps were immediately removed, being in clear violation of Facebook’s own evolving privacy policies.
Nor is Facebook a benevolent victim watching out for the welfare of its users. Facebook itself is looking for ways to “monetize” the vast numbers of users on its platform. One way is to sell advertising. And the best way to sell advertising is to be able to profile target user segments. So Facebook itself will need to exploit personal information to optimize its own revenue. After all, it and other social network platforms are not altruistic organizations — they are for profit corporations looking to maximize revenue and profit. Balancing the for-profit goals of the corporation against user desire for privacy could be the ultimate challenge of social networks, and possibly their undoing. Assuming users care, which they don’t really seem to.
I think it will ultimately prove impossible to technically assure personal privacy, and undesirable from a business perspective. Users will compliantly participate at their own risk, with full knowledge that everything they post on a social network site, or indeed anywhere on the internet, no longer belongs to them. It is an asset corporations, like Facebook and its ecosystem, will exploit to turn a profit.
Increasingly, however, this is taking us beyond information users put up about themselves. The current generation of smart mobile devices are user and location aware. It is not a stretch to anticipate combining that information with other information about the user to get a more complete profile, along with an ongoing log of location specific activities (e.g. went into Starbucks location at Hollywood and Vine on October 18 at 10:37). This surveillance is possible right now.
The WSJ reports that at least one company in the Facebook case, RapLeaf, compiles and sells profiles of individuals based in part on their online activities. A number of applications were transmitting users’ Facebook ID numbers to RapLeaf. RapLeaf then linked those ID numbers to dossiers it had previously assembled on those individuals. RapLeaf embeds that information in a cookie and shares that information for ad targeting. However, while RapLeaf claims to strip out the user names, the WSJ found that it transmitted Facebook user IDs to a dozen other advertising and data firms, including Google Inc.’s Invite Media.
This surreptitious invasion of privacy by faceless corporations strikes at the heart of my Watching the Watchers mantra. Who is collecting and collating personal information and for what purposes. Inquiring minds want to know.