Social networking sites such as Facebook and MySpace as well as link-sharing site Digg, have been caught sharing users' personal data with advertisers without the users' consent.
According to a report in the Wall Street Journal: "Advertising companies were given information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person's real name, age, hometown and occupation."
Web sites commonly share click data with advertisers, usually to simply prove what views or clicks a given on-line advert may have generated. This data is not ordinarily useful in determining much about the user other than where in the world they are.
But because social networking sites are stuffed full of personal information much of this has been passed on to advertisers such as Google's DoubleClick and Yahoo's Right Media.
Bot theses services told the Journal that they were not aware such such data was in their possession. The newspaper seems to have believed them.
Across the Web, it's common for advertisers to receive the address of the page from which
The data shared includes names, user IDs, and other information which would enable enable ad companies to identify individual user profiles.
The Journal's artcile comes on the back of this report (pdf) by researchers at AT&T Labs – and Worcester Polytechnic Institute in Massachusetts, which defines Personally identifiable information (PII) as "information which can be used to distinguish or trace an individual's identity either alone or when combined with other information that is linkable to a speci c individual."
The report concludes "The results of our study clearly show that the indirect leakage of PII via OSN (Online Social Networks) identi fiers to third-party aggregation servers is happening.
"OSNs in our study consistently demonstrate leakage of user identi er information to one or more third-parties via Request-URIs, Referer headers and cookies.
"In addition, two of the OSNs directly leak pieces of PII to third parties with one of the OSNs leaking zipcode and email information about users that may not be even publicly available within the OSN itself. We also observe that this leakage extends to external OSN applications, which not only have access to user pro le information, but leak a user's OSN identifier er to other third parties."
A Facebook spokesman admitted passing data to ad companies that could allow them identify individuals. But after being contacted by the Journal, Facebook said it "changed its software to eliminate the identifying code tied to the user from being transmitted," the report said.
In a statement to the Journal, a spokesman said: "Google doesn't seek in any way to make any use of any user names or IDs that their URLs may contain."
Similarly, Yahoo's head of privacy. Anne Toth, said: "We prohibit clients from sending personally identifiably information to us
"We have told them. 'We don't want it. You shouldn't be sending it to us. If it happens to be there, we are not looking for it."
A recent poll found that 60 per cent of Facebook users have considered quitting the service over privacy concerns. This will likely help them make up their minds.
No comments:
Post a Comment