NEW YORK — The latest Facebook privacy fiasco shows that the world’s largest online social hub is having a hard time putting this thorny issue behind it even as it continues to attract users and become indispensable to many of them.
The Wall Street Journal reported Monday that several popular Facebook applications have been transmitting users’ personal identifying information to dozens of advertising and Internet-tracking companies. Facebook said it is working to fix the problem and was quick to point out that the leaks were not intentional but a consequence of basic Web mechanisms.
“In most cases, developers did not intend to pass this information but did so because of the technical details of how browsers work,” said Mike Vernal, a Facebook engineer, in a blog post Monday.
In a statement, Facebook said there is “no evidence that any personal information was misused or even collected as a result of this issue.”
Even so, some privacy advocates said it is problematic that the information was leaked at all, regardless of what happened to it. Facebook needs its users to trust it with their data because if they don’t, they won’t use the site to share as much as they do now.
“Facebook has been assuring users for a very long time that their personal information will not be available to advertisers,” said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center.
At issue are user IDs, the unique identifier tied to every person on Facebook. These IDs can be used to find users’ names, gender and any information they have made visible to “everyone” on the Internet through their privacy settings.
“It’s their entire friends lists, their likes, their biographical information,” Rotenberg said. “Facebook gets access to it, and now it’s leaking out to advertisers.”
The Journal said these IDs could be included in the “referers” that websites send to other sites to tell them where the user came from. Normally, these wouldn’t tell the sites who these users are. But that becomes possible when the referers include a person’s social-network ID.
In one case, these IDs were then embedded in a “cookie,” which tracks users as they navigate the Web, by an online-data-collection company, The Journal said. That meant users’ names and browsing habits could be linked.
