Facebook admits its third-party developers have mishandled private data
In what could be potentially damaging to a company already being criticized over its privacy issues, Facebook admitted late Sunday that it had knowledge of developers passing information called user IDs within applications. The user ID is a unique set of numbers that identify users on the site.
Facebook engineer Mike Vernal said in a blog post that in most cases the company believed developers were doing this unintentionally, but regardless it was a violation of the social networking site's privacy policy. Vernal did however say the press was overblowing the situation.
"Knowledge of a UID does not enable anyone to access private user information without explicit user consent," he claimed. "Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy."
The Wall Street Journal said that the issue may affect "tens of millions" of application users, even those who have their privacy settings as strict as is currently possible. Zynga's popular apps Farmville, Frontierville, and Texas Hold 'Em all have the issue, it found, among others.
In fact, all ten of the most popular applications on Facebook had the issue, so it may be likely that significant percentage of all apps were sharing the so-called user ID -- meaning that Facebook itself could share some culpability in not educating its developers on how to keep their apps sufficiently secure.
Making matters worse, it seems clear that the site doesn't quite know how to fix the issue just yet, causing consternation among its users. "The technical challenges here are greater," Vernal said. "We are talking with our key partners and the broader Web community about possible solutions."
That wasn't enough for some of the commenters to his blog post. "Everything on FB is trust first; act later, including new settings when rolling out platform enhancements," one wrote. "In other words, there's no enforcement of their policies, no consequences for violating them, just an excuse on their part. Gee thanks," another wrote on Facebook's claims that the breach was for the most part inadvertent.