Posted by: Clarinette | October 19, 2010

Facebook and the app gap

Update 25/10/2010:

RapLeaf, Facebook, Data Mining, and Privacy‘ + Good advices to follow to protect your privacy.

Update 22/10/2010:
Thanks to Allan Pratt for pointing to
Could Facebook Go the Way of MySpace?

MySpace, Apps Leak User Data ‘ Myspace? who’s Myspace? Does anyone still goe to MySpace?

Nik Mokey is asking : ‘Internet privacy: have Facebook and others gone too far?‘ When too much will be too much? and yes, ‘Why are we still using Facebook, again?’ Some good questions. Of course, simply leaving Facebook is neither the solution as no one would be their to monitor.

From the Washington Post: ‘Facebook begins user ID encryptions for apps developers after privacy criticism

Hunton and Williams LLP blog on: ‘FTC to Focus on Self-Regulation by Behavioral Advertising Industry’
(follow updates on pearltrees)

‘Members of the US congress confronted Zuckerberg with a series of privacy questions about the sites apps’ Says TechWorld
Google Engineer Builds Facebook Disconnect‘ . Alexis Totsis from TechCrunch says he tried Google engineer Brian Kennish’s app: ‘Facebook Disconnect will “presumably” prevent the sending of data back to Facebook across the one million sites that use the Facebook Connect service. So far the ones I’ve tested it on (ehem, Huffington Post) seem to be kosher as I no longer see Facebook integration.

The CDT, Center of Democracy and Technology asks: ‘Why Facebook Apps Story Is Problem For Entire Web‘ ? WSJ points to a controversial case of linking behavioral profiles to personally identifiable information. Is this new? Apparently an accidental transmission of users ID as ‘from Facebook’s point of view, this was more of a security issue than a privacy issue‘.
How all this works? Harian Yu tells us more about the technical details On Facebook Apps Leaking User Identities :
The content loaded by in the iframe contains the game alongside third party advertisements. When your browser goes to fetch the advertisement, it automatically forwards to the third party advertiser “referer” information—that is, the URL of the current page that’s loading the ad. For FarmVille, the URL referer that’s sent will look something like:…fb_sig_user=%5BUser’s Facebook ID]…

The remedy : ‘could be as easy as sticking a solitary character into referring urls.

for the CDT, ‘industry practices and legal rules need to catch up, quickly, with clear and enforceable standards. That is why CDT supports comprehensive baseline federal privacy legislation, with adequate rule making authority for the FTC. That is also why we support strong FTC enforcement using its existing authority.

And yes, surely ‘browsers could be configured to stop sending along referring IDs with every HTTP request.

Harian Yu suggests that : ‘application developers like Zynga can simply stop including the user’s Facebook ID in the HTTP GET arguments, or they can place a “#” mark before the sensitive information in the URL so browsers don’t transmit this information automatically to third parties.
For more security, a proxy could be implemented to avoid real Facebook IDs to be transmitted.

The ‘FTC To Recommend Self-Regulation, Not New Laws, Says Commission Member

Are these enough and how will they fit with the EU position on behavioral dvertising?
Was the story started by WSJ ?

Facebook passing personal information to third parties seems to be a new discovery. Am I the only one to be surprised, surely not.
Happy to see the ‘Facebook app breach gets the attention of Congress

ACLU of N. Calif: Facebook App Privacy Breach Shows Facebook Needs to Do More

ACLU had wrote a Facebook Quiz in June 2009 to help you understand what happens. Along with other privacy advocates, they wrote an open letter to Facebook to improve its privacy controls and address the issue. Facebook’s response was more denying any liability, refusing to act.

TRUSTe responds to Facebook privacy problems…‘ : ‘While TRUSTe certifies the privacy practices of, we do not certify the privacy practices of third party applications on the site like those referenced in the WSJ’s article.’ This not the impression that it gives when the logo appears everywhere on the website.
More on Facebook and the ‘app gap’ on my pearltrees (click each pearl to access the link).

Gizmodo se referrant a l’article du WSJ titre: ‘Farmville envoie bien des informations sur vous aux publicitaires

Diffusions de données personnelles : les joueurs poursuivent Zynga’. ‘Zynga affirme de son côté que ces transactions ont été réalisées à son insu, le cabinet Edelson McGuire (déjà à l’origine de poursuites contre Facebook pour violation des principes de respect de la vie privée) annonce aujourd’hui engager des poursuites collectives (class action) contre Zynga devant les juridictions de San Francisco.

Facebook User Sues FarmVille Maker, Zynga, for Violating the Privacy Rights of Millions of Americans
WSJ announces two lawsuits, one in California and the other in Rhode Island against Facebook and Zynga, ‘alleging that they violated federal law by sending identifying information about their users to advertisers and Internet tracking companies.‘Facebook and Zynga Face Lawsuits over Privacy Breach’


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: