Facebook admits app data privacy concerns

Facebook found itself fending off another privacy outcry, after it admitted that some of its most popular third-party games and applications breached its data protection rules.

The social networking site said it would make technical changes to its platform to improve data security, as it sought to play down concerns about how it handles its 500m users’ personal information.

Facebook admitted that some of the most popular games on its site, including FarmVille and Texas Hold ‘Em Poker, were passing on to advertisers a string of numbers and letters that act as each user’s identification on the site.

Zynga, maker of the two games, did not return requests for comment.

This information is essential to the operation of social games but could also be used to determine the real names of Facebook users. Depending on a user’s privacy settings, more personal details could be gleaned and combined with other data collected about their browsing habits.

“We are talking with our key partners and the broader web community about possible solutions” to this problem, Facebook said in a statement. “While knowledge of user ID does not permit access to anyone’s private information on Facebook, we plan to introduce new technical systems that will dramatically limit the sharing of user IDs.”

But Facebook denied that the data leak had caused harm to its users. “It is important to note that there is no evidence that any personal information was misused or even collected as a result of this issue.“

In a blog post, Mike Vernal, a Facebook engineer, said the “technical details of how [web] browsers work” was the cause of the problem, not Facebook or app developers.

“Press reports have exaggerated the implications of sharing a UID,” Mr Vernal added. “Knowledge of a UID does not enable anyone to access private user information without explicit user consent.”

The response follows a Wall Street Journal report that said the 10 most popular apps on the site were breaching Facebook’s rules by sending user IDs to advertising companies.

Earlier this month, Facebook added new controls over how apps handle personal information. In May, Facebook overhauled its general privacy controls to make them easier for users to understand after a barrage of criticism.

Privacy experts say this latest incident highlights the risks of installing applications made by companies whose motivations and business practices can be obscure.

“The privacy threat from applications is going to become more precarious,” said Simon Davies of Privacy International. “Companies like Facebook have made significant inroads into dealing with irresponsible or malicious developers but the fact is that these products are being rolled out every 45 seconds. It’s becoming almost impossible to keep track of the tidal wave of code from throughout the planet.”

Reaction to the news from the advertising world was mixed. One digital agency executive told the Financial Times that it was a “tempest in a teapot”, saying that people’s names were not particularly useful to advertisers.

Rachel Lawlan, planning director at AKQA, a digital agency, said the affair was unlikely to stem Facebook’s rapid growth.

“It’s an enormous, highly complex platform that has resulted in a near monopoly. Despite all sorts of technical loopholes, users have got to the point where there is a sense of lethargy about it.”

But Norm Johnston, global digital leader at Mindshare Worldwide, a WPP agency, said Facebook was “perpetually on the back foot” on privacy and the company should “take greater control of this issue or risk an eventual backlash with advertisers and agencies unwilling to be associated with such practices”.

Additional reporting by David Gelles and Mary Watkins