Developers sold Facebook user data
Facebook said in a posting on the developer blog last Friday that various programmers developing applications for the Facebook social network had apparently collected user IDs and sold them to a data broker. The questionable practice was discovered when examining the circumstances surrounding a hole which caused privacy issues due to inadvertent UID transfers.
Facebook reiterated its privacy policy which states that applications may not pass any personal user data, including user IDs, to advertisers or data brokers. When it emerged that in several cases user IDs had been shared inadvertently, Facebook reportedly adapted its policy. Facebook say it plans to provide developers with a mechanism for sharing anonymous application identifiers via the API.
When examining the circumstances of inadvertent UID transfers, Facebook says it discovered some instances where a data broker was paying developers for UIDs. According to Facebook, the "fewer than a dozen" conspicuous developers have been banned from accessing Facebook's communication channels for six months. Facebook also plans to subsequently audit these developers' data practices.
Facebook emphasised that no private user data was sold and that the transfer of the UIDs did not give access to any private data. However, the UIDs can be used to determine user names and collect public information from the affected users' pages for profile building. Facebook also said that data broker RapLeaf has agreed to delete any user IDs in its possession and to stay away from the Facebook platform in future.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
