Update: Digg recently contacted us with a clarification of their position and policies. New information relating to Digg can be found at the bottom of the post.
This is, to put it very lightly, not good. The Wall Street Journal is reporting that some of our largest fears have been realized. All of those promises that sites such as MySpace and Facebook have made regarding the safety of our personal information has been proven to be nothing but cheap talk.
Bear in mind that we’re not talking 5 years ago. We’re talking last week, and even still today. Right now, as you click on advertising within a number of social network sites, the code behind them is sending your personal information (including your name and/or user ID) to the advertiser.
According to the article:
“Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.”
To be fair, it wasn’t only MySpace and Facebook on the screwing end of this deal. Other sites including Digg, Xanga, Hi5 and LiveJournal were every bit as guilty. The question is, though, whether or not the sites knew what they were doing.
It is possible, depending on the advertising code used, to send out that information without ever being aware of it. Though we will also argue that any web developer worth his or her salt knows exactly how to interpret the code and what it was capable of doing.
According to one source, Facebook has known for some months, “AT&T Labs researcher Balachander Krishnamurthy and Worcester Polytechnic Institute professor Craig Wills previously identified the general problem of social networks leaking user information to advertisers, including leakage through the Referer headers detailed above. In August 2009, their On the Leakage of Personally Identifiable Information Via Online Social Networks was posted to the web and presented at the Workshop on Online Social Networks (WOSN).
So, all of this talk lately about Facebook’s privacy issues become a bit of a moot point, if we can’t even assure privacy by locking down our visible account settings. None of it makes a bit of difference if I’m browsing MySpace for new music and my user information gets shot to any advertiser’s inbox.
Some sites don’t require users to give their real names when signing up, therefore they are making the argument that the user names aren’t private information. However, in an age where Google is able to pull almost any bit of information that someone might want, a user name holds a lot of weight.
Search Engine Land had a great article that talked about the convergence between privacy and advertising. An advertiser’s ultimate goal is to know you (according to your behavior) better than you know yourself. With information such as this at their hands, advertisers can do a better job of targeting ads, but at what cost?
On the flip side, the Electronic Frontier Foundation is saying that social media networks should abide by a bill of rights for the users. Interestingly, however, the bill doesn’t expressly target advertising on the sites. For so long, we’ve all been annoyed by Internet advertising, but likely never before to this extent. Back when tracking cookies were the worst things we had seen, we’re not sure if anyone ever dreamed we’d reach this point.
Given how brutal the fight over social media privacy has been, this is an absolutely unforgivable move on the part of some sites. Regardless of whether we’re just advertising money to them, some places apparently need to learn that “taking care of the customer” doesn’t involve a blatant screwing.
Thanks to Danny Sullivan and Techmeme for the tip heads up.
Update From Digg
Digg just reached out to us presenting a clarification on their procedures for dealing with user data. According to Chas Edwards, the Publisher & Chief Revenue Officer at Digg, the company does share user data, but only after it has been encrypted, and only for analytics purposes. This encryption makes it completely untraceable to any specific user account, and provides no identifying personal information.
Digg does not share any user data or personal information with advertisers, even after a person clicks on an advertisement.
In short, Omniture gets a sanitized data log of user actions that has been stripped of any personal information, and advertisers do not even get that. While some Digg users might object to that, it is decidedly less offensive than what we had originally be told.
Who’s really that surprised, though. These guys have been playing hard and fast with our information for way too long.
Is it just me…or is it a little odd to read this post, and then be asked to log into Facebook to comment? And to see the LIKE button? So we’re to be concerned about being screwed / exploited…but then use these very same services?
This is no different then my mom getting direct mail marketing flyers because she’s a woman in her 50′s. Get over it.
People need to accept responsibility for themselves. If you sign up for a site that brags about how easy it is to share your life, then you are agreeing to do so as well. Again… get over it.
direct flyers don’t know who all your friends are, what school you went to, how many siblings you have, what your music tastes are, what you did last night, your birthday etc…
Sure they do
If a company knows your gender, age and zip code they basically know everything about you: If you live in the United States, there’s an 87% chance that you don’t share all three of these attributes with any other U.S. resident:
Source:
http://www.eff.org/deeplinks/2009/09/what-information-personally-identifiable
Nice touch too… Using my gravatar account to display my avatar image. How did you get that? I know… because you used my email address to to query their web service – the one i agreed to use for this purpose.
Once again, get over it.
I think the first question we need to ask is, “who is creating the code behind the ads?” The second question, “who is policing the code?”
If the code is coming from the advertiser, there is the villain. If the code is developed in house at FB, MS, etc then, yes, they are to blame. I know you are going to say FB and the other providers should be checking what is passing through to their sites, but that is not typically the case (automated testing of the code should be in place, but that is not always fool proof).
It’s been a few years since I’ve been involved in web development including related advertising, but when I was, the ads were being streamed from an external source. There was no review of the code behide those ads under our roof; our focus was on OUR product.
Bend over.
Pick up your own damn soap man.
Its the perfect way for advertiser’s to gain more info on targeting their ideal audience, only problem is that its not exactly honest
Google's introduction of a prominent opt-out "in its publicity program based on interest is a good step. But to reconcile the conflicting emotions of consumers, publishers and advertisers think there is a long way to go
Storm in a tea cup. Don’t like it, don’t sign up for it.
Why the hell do people need to put so much info in their profile anyway?
I sort of agree, we all knew they were using our info for targeted ads. Maybe we didn’t know quite to what extent? Or we all pretended we didn’t want to know but now it’s been pushed into our faces and we need to face up to it.
Fact is – It’s a basic tradeoff, we’re giving away our information in return for the services we like.
Sorry folks, just admit to yourself that the info that is out there is MEANT to be public knowledge – so what if you sent a personal message though one of these, he or she could just cut and paste it to another to relay the info. Not that anyone would, but they could – fb’s purpose is to interlink similar people.
They have built these sites for some dough! But the point is common users were duped all this time in thinking that their info. was safe! This is blasphemous!
Jesus, who really cares.
People really click on advertisements on Facebook? I see them on the side, they’re obviously the advertisements we’ve been conditioned to ignore. I guess people who just get on the internet fall for it.
This was already anticipated. Why does all the hell breaks out only now. It’s gradually been there and now it’s all a deluge.
Who clicks on advertising? And also, print media has been selling our information to marketers (from kitchy catalog people to credit card “legit scammers” like Capital One) for ages – this is nothing new. If you don’t want your info out there, don’t surrender it – and don’t click on online ads. Just scare tactics from a desperate WSJ.
what sort of codes are we talking? Are the ads actually transmitting personal account information to the ad networks? storm in a tea cup indeed.
Dude that is like way cool.
Lou
http://www.complete-anonymity.at.tc
very hot topic atm…. i read a great article the other day talking about how facebook doesnt care what we think about these “screw ups” bc we are no longer the target market or the consumer, we are the product. So as long as people are paying the big bucks for our information, we can kick and scream all day and it wont make a bit of diffference… unless people quit using facebook or become the guardians of the information and selling of information themselves. blah blah as always, good stuff brad!
I guess it’s a given, but I really don’t like being deceived: if these sites claim they are not sharing information, and then they go ahead and do it anyways, that’s lying, and I’m sick of being lied to.
The most widespread lie in the world is “I have read and accept the Terms of Service”… Here’s a snippet from Facebook’s Privacy Policy:
To serve personalized advertising to you. We don’t share your information with advertisers without your consent. (An example of consent would be if you asked us to provide your shipping address to an advertiser to receive a free sample.) We allow advertisers to choose the characteristics of users who will see their advertisements and we may use any of the non-personally identifiable attributes we have collected (including information you may have decided not to show to other users, such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for those advertisements. For example, we might use your interest in soccer to show you ads for soccer equipment, but we do not tell the soccer equipment company who you are. You can see the criteria advertisers may select by visiting our advertising page. Even though we do not share your information with advertisers without your consent, when you click on or otherwise interact with an advertisement there is a possibility that the advertiser may place a cookie in your browser and note that it meets the criteria they selected.
Anytime you click on any link on the internet, whether it is an ad or just a random link, the site you go to via the link can access a referral address that shows them where you just came from (i.e. the URL), so this applies to THE ENTIRE INTERNET, including this website. Anyone can hack Google Analytics to do this. All that WSJ are saying in this article is that when you click on a link in a social networking page (i.e. facebook.com/joe.schmoe) the advertiser knows which page it was. Facebook happened to have attached some sort of parameter to the end (facebook.com/joe.schmoe?visitor=sarah.schmoe) because they’re somewhat evil and are probably tracking which profiles you go to. Seriously, get over it, or stop using the internet. BTW, every time you Google something, the site you go to knows which keywords you typed in to get there, so don’t search with identifiable keywords if this all concerns you (i.e. googling “I am Joe Schmoe and I have crabs”).
basdsda
I have an idea, don’t click on ads.
“Right now, as you click on advertising within a number of social network sites, the code behind them is sending your personal information (including your name and/or user ID) to the advertiser.”
Firefox + AdBlock + NoScript = No issue.
When approaching your car, you may at a glance look at a vehicle next to yours. Your mind may take note of the belongings whether or not you try. Or even care. Yes it’s out in public so people may see a glimpse of what kind of person you are and what you like. But most people don’t do this: Collect information on what Make, Model, Color of your vehicle, what is in the front seat, see whats hanging on the rear view mirror, or even look at the key lock to see if your either careful to not scratch the vehicle or you just push the key in without care. Does this make you feel comfortable? How would you react to a person paying close attention to your likes and habits so that they may send crap in your mail? All they got to do is follow you home and wala, they know where you live. Maybe you should just stop driving all together then? Yes this is a more critical scenario then say someone flashing some advertisements in your face. But really.. every type of person you meet on the street, can also be found in the net.
Does that mean anti-social networks will be popping up soon? Holly molly, I’m getting in on it.
canonfreaks.com
I think any business/website worth a lick of integrity would be removing the Facebook “like” or “share” button from their site. #My2Cents
Is it just me, or is it really not that big a deal? Ok they got my username, everyone can see that. It’s not like they’re getting my credit card info or ss#.
This article just seemed like the guy was trying to blow the issue up.
I still don’t see how that’s everything about me. Male-21-93535. There it is. I have it up in public sight on both my facebook and myspace, and have had it there for years. I still think the whole thing is being blown way outta proportion. Sounds to me like people have just been waiting to accuse these sites of violating our privacy. They’re storing already public info! Oh no!
Of course I could be mistaken and this could be a huge deal, but this is just my personal opinion.
Obvious question but why not just either not volunteer personal info to these sites or why not just give fake info? 99% of my Facebook profile is fake. They have my name but really, what difference does that make.
Had a feeling something like this would happen
you click on ads? i cant even see 99% of them, blocked by default on purpose. also hilarious article is also linking to post on twitter/facebooks etc
1) Don’t EVER click on ads. EVER. (Get AdBlock).
2) Don’t EVER use the real year of your birth… use one decades away (mine is pre-WWII).
3) Use a dummy hotmail account for anything you need to sign up for.
4) Use dummy/obscured information on the Info wall in Facebook. Better yet, use nothing at all. Almost nobody is going to use that information to find you. It is strictly there for data-mining.
You forgot the most important tip! At all times wear aluminum foil on our head!!!