Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on May 21, 2010

MySpace, Facebook and a half dozen other companies just screwed up. Big time.


MySpace, Facebook and a half dozen other companies just screwed up.  Big time.

Update: Digg recently contacted us with a clarification of their position and policies. New information relating to Digg can be found at the bottom of the post.

This is, to put it very lightly, not good.  The Wall Street Journal is reporting that some of our largest fears have been realized.  All of those promises that sites such as MySpace and Facebook have made regarding the safety of our personal information has been proven to be nothing but cheap talk.

Bear in mind that we’re not talking 5 years ago.  We’re talking last week, and even still today.  Right now, as you click on advertising within a number of social network sites, the code behind them is sending your personal information (including your name and/or user ID) to the advertiser.

According to the article:

“Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.”

To be fair, it wasn’t only MySpace and Facebook on the screwing end of this deal.  Other sites including Digg, Xanga, Hi5 and LiveJournal were every bit as guilty.  The question is, though, whether or not the sites knew what they were doing.

It is possible, depending on the advertising code used, to send out that information without ever being aware of it.  Though we will also argue that any web developer worth his or her salt knows exactly how to interpret the code and what it was capable of doing.

According to one source, Facebook has known for some months, “AT&T Labs researcher Balachander Krishnamurthy and Worcester Polytechnic Institute professor Craig Wills previously identified the general problem of social networks leaking user information to advertisers, including leakage through the Referer headers detailed above. In August 2009, their On the Leakage of Personally Identifiable Information Via Online Social Networks was posted to the web and presented at the Workshop on Online Social Networks (WOSN).

So, all of this talk lately about Facebook’s privacy issues become a bit of a moot point, if we can’t even assure privacy by locking down our visible account settings.  None of it makes a bit of difference if I’m browsing MySpace for new music and my user information gets shot to any advertiser’s inbox.

Some sites don’t require users to give their real names when signing up, therefore they are making the argument that the user names aren’t private information.  However, in an age where Google is able to pull almost any bit of information that someone might want, a user name holds a lot of weight.

Search Engine Land had a great article that talked about the convergence between privacy and advertising.  An advertiser’s ultimate goal is to know you (according to your behavior) better than you know yourself.  With information such as this at their hands, advertisers can do a better job of targeting ads, but at what cost?

On the flip side, the Electronic Frontier Foundation is saying that social media networks should abide by a bill of rights for the users.  Interestingly, however, the bill doesn’t expressly target advertising on the sites.  For so long, we’ve all been annoyed by Internet advertising, but likely never before to this extent.  Back when tracking cookies were the worst things we had seen, we’re not sure if anyone ever dreamed we’d reach this point.

Given how brutal the fight over social media privacy has been, this is an absolutely unforgivable move on the part of some sites.  Regardless of whether we’re just advertising money to them, some places apparently need to learn that “taking care of the customer” doesn’t involve a blatant screwing.

Thanks to Danny Sullivan and Techmeme for the tip heads up.

Update From Digg

Digg just reached out to us presenting a clarification on their procedures for dealing with user data. According to Chas Edwards, the Publisher & Chief Revenue Officer at Digg, the company does share user data, but only after it has been encrypted, and only for analytics purposes. This encryption makes it completely untraceable to any specific user account, and provides no identifying personal information.

Digg does not share any user data or personal information with advertisers, even after a person clicks on an advertisement.

In short, Omniture gets a sanitized data log of user actions that has been stripped of any personal information, and advertisers do not even get that. While some Digg users might object to that, it is decidedly less offensive than what we had originally be told.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with