This article is also available in:
Deutsch: Neuerliche Datenschutzprobleme bei Facebook Apps

Facebook continues to raise concerns related to the privacy of its users' personal data. According to an investigation made by Wall Street Journal (WSJ), Facebook applications such as FarmVille have been supplying identifying information of its users to several online advertising and tracking companies.

Already in May 2010 it was revealed that under certain circumstances, when a user was clicking on an ad, Facebook was transmitting its ID codes that were used to look up individual profiles, including the user's real name, age, hometown and other data. Although Facebook has interrupted the practice, it has now come Facebook applications were doing the same practice.

The practice affects millions of users including those who have placed their data under the strictest privacy settings. According to WSJ, at least ten of the most popular Facebook applications also transmitted personal information about the user's friends to external companies.

Two Facebook users from California, David Gould and Mike Robertson, have filed a federal lawsuit against the social network for allegedly sharing their real names and other private information with some advertisers, considering Facebook was thus in direct violation of the federal law that protects the privacy of electronic communications, the California computer-crime law as well as the company's own privacy policy.

"A Facebook user ID may be inadvertently shared by a user's Internet browser or by an application," stated a spokesman from Facebook on 16 October 2010, who added that the company would introduce new technology to address the problem.

According to the company, there is no basis for the law suit. As a Facebook user's ID is a public part of any Facebook profile, anyone can use this number to look up a person's name, by using a standard Web browser, even if that person has posted Facebook information as private. Facebook IDs reveal information that the users have set to share with everyone.

Most applications on Facebook are created by independent software developers and it is not yet clear whether their developers knew that their applications were transmitting Facebook ID numbers. The applications use a common Web standard, known as a "referer" which passes on the address of the last page viewed when a user clicks on a link. On Facebook and other social-networking sites, referers can expose a user's identity.

While the supporters of online tracking argue that this kind of surveillance is benign when being carried out anonymously, WSJ has found out that RapLeaf, a data-collection firm, had linked Facebook users' ID information obtained from applications to its own database of Internet users. The company is selling its database and has transmitted Facebook IDs to several other firms.

"We didn't do it on purpose," stated Joel Jewitt, vice president of business development for RapLeaf.

After being contacted by the WSJ, Facebook has changed its system so that the ID codes are no longer sent to other websites and has apparently also shut down some applications transmitting user IDs. Since 15 October, the users having tried to access certain applications have received an error message being reverted to Facebook's home screen. "We have taken immediate action to disable all applications that violate our terms," a Facebook spokesman said.

Facebook in Privacy Breach (18.10.2010)
http://online.wsj.com/article/SB10001424052702304772804575558484075236...

Facebook apps 'leaking details to advertisers' (18.10.2010)
http://www.guardian.co.uk/technology/2010/oct/18/facebook-apps-data-pr...

Facebook Faces Suit Over Earlier Breach (17.10.2010)
http://blogs.wsj.com/digits/2010/10/17/facebook-faces-suit-over-earlie...

EDRi-gram: Facebook under pressure for not observing its privacy principles (19.05.2010)
http://www.edri.org/edrigram/number8.10/privacy-google-article-29