Facebook Apps Found Sharing User IDs

  /     /     /  
Publicated : 22/11/2024   Category : security


Facebook Apps Found Sharing User IDs


The social networking site says media reports exaggerate the privacy risks.



All of the ten most popular apps on Facebook have been found sharing Facebook members user ID numbers (UIDs) with outside companies and three of the top ten Facebook apps, including Farmville, shared information about users friends, too.
The privacy breach was discovered as a result of
an investigation by the
Wall Street Journal
, which published its findings on Monday.
The issue affects tens of millions of Facebook users, even those who have the strictest possible privacy settings. According to the
Wall Street Journal
s report, the apps reviewed were found to be sending Facebook UIDs to at least 25 data collection and advertising firms.
In
a post
to its developer blog on Sunday evening, Facebook downplayed the privacy impact, even as it promised to take action.
Press reports have exaggerated the implications of sharing a UID, wrote Facebook engineer Mike Vernal. Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy.
Vernal said that in most cases, Facebook developers did not intend to pass UIDs to third-parties, but did so because of the way Web browsers have traditionally worked.
Disciplinary action against Facebook developers so far has been mild. The company
blocked access to games made by Lolapps
on Friday, but restored access shortly thereafter.
The issue has to do with Referer URL data, which a Web browser will generally transmit to a Web server when a user requests a Web page. The Referer URL (yes, its misspelled) shows the URL of the Web page that referred the user, by way of a Web link, to the page being requested. This can reveal potentially sensitive information about the user, depending upon the content of the referring Web site.
Because UID numbers can be used to determine a Facebook users name and possibly other information, this presents a potential privacy risk.
RapLeaf, one of the advertising data companies named in the
Wall Street Journal
report, said it had looked into the problem, which it characterized as inadvertent, and addressed it.
When we discovered that Facebook IDs were being passed to ad networks by applications that we work with, we immediately researched the cause and implemented a solution to cease the transmissions, the company said in
a blog post
.
Among the Facebook users commenting on Facebooks insistence that UID transmission was mostly accidental, some expressed skepticism. Each and every step that Facebook has taken has brought security and privacy back two steps, wrote Michael Callaghan in a comment on Facebooks developer blog.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Facebook Apps Found Sharing User IDs