A recent Wall Street Journal investigation revealed that the 10 most popular Facebook applications compromised user identities even when they set strictest privacy settings.
It held popular applications such as the FarmVille, the Causes, the Mafia Wars, the Quiz Planet and Phrases, guilty of transmitting unique ids of users (WSJ: “identifiable information”) to third parties — mostly advertising and Internet tracking companies that profile Internet users,” often for targeted marketing.
Not only did this violate the United States laws but Facebook's privacy policy as well. Soon as the breach was brought to its notice, Facebook suspended several of the offending applications. It also sought to reassure its 500 million active users worldwide that none of the ids was used to glean personal information nor was any information misused.
The company said new technical systems would be introduced that would “dramatically limit” the sharing of user ids. In saying so, it, however, did not rule out further breaches.
“As part of our work to provide people with control over their information, we've learned that the design and operation of the Internet doesn't always provide the greatest control that is technically possible,” explained Kirthiga Reddy, Director, Online Operations and Head of Office Facebook India, in an email interview with this newspaper.
After all, policing an approximate 5,50,000 applications, which 70 per cent users access each month, is an uphill task. More than one million developers and entrepreneurs from over 180 countries work on Facebook's platforms.
Early May 2010, several social networking sites, including Facebook, were found to be (inadvertently) sharing user ids with advertisers each time they clicked on an ad. Facebook took remedial steps immediately after the infringement was brought to its notice.
Surprisingly, in both the cases, the compromised information was transmitted via ‘URL referrers.' Referrers communicate the address (URL) of the previous page whenever a user clicks a link. This helps third parties gather information on a particular user.
“This is an even more complicated technical challenge than the similar issue we successfully addressed last Spring, but one that we are committed to addressing,” Ms. Reddy stressed.
Facebook, according to her, has incorporated numerous defences to ensure a safer browsing experience for its users. Its arsenal includes complex automated systems that work behind the scenes to detect and flag Facebook accounts that show signs of anomalous activity.
These could include, for example, accounts that send out an abnormal number of messages in a short period of time, or those that propagate malicious links.
“Once we detect a phoney message, we delete all instances of that message across the site. We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely,” Ms. Reddy explained.
She, however, swore by the key rules of thumb: using up-to-date browsers, unique logins and passwords for every website, verifying the authenticity of the legitimate Facebook page from its URL and being wary of any message, post, or link that looks suspicious or requires an additional login. It would help users follow the ‘Facebook Security' page.
The company, which has grown “very quickly” in India with more than 15 million active users, is presently working on translating Marathi through its translation application. It is currently available in more than 70 languages.
