By David Kirkpatrick
The Daily Beast
The big news about a Facebook security “breach” was little more than hype, reports The Daily Beast’s David Kirkpatrick, author of The Facebook Effect, who discovers what really happened to your data.
Millions of Facebook users faced a panic yesterday, following The Wall Street Journal’s blaring front-page headline, “Facebook in Privacy Breach,” which more than 1,000 news organizations picked up on. The only people keeping their cool, it seemed: the experts and partners tracking Facebook.
“I honestly don’t think this is a ‘breach’ by Facebook,” shrugged Michael Lazerow, CEO of Buddy Media, which offers software and services to help brands manage Facebook pages. “It’s a conversation about where we are in today’s society around Web privacy.” The technology press was similarly skeptical. “Is this a real problem?” asked Michael Arrington of TechCrunch, probably the world’s most influential tech blogger. “No.”
Arrington summarized the landscape the supposed breach takes place in: “If you do stuff online, people are tracking it and putting it into a database and trying to sell you stuff based on that. There’s not much you can do about it except not be online.” On GigaOm, another influential technology news site, writer Mathew Ingram concluded, “Maybe we should save our outrage for cases that involve real breaches of privacy, rather than seeing potential scandals in every dark corner.”
In effect, the news was that some major applications on Facebook were allowing advertisers and other partners to acquire Facebook data thatcould allow those companies to learn users’ names. That’s it. Names themselves on Facebook are accessible and public information, under the service’s rules. The reason this is a problem, apparently, is that the applications themselves and their marketing partners universally have policies claiming they do not traffic in personally identifiable information. So the crime was not so much a breach as it was a case of hypocrisy and a violation of the stated policies of some of Facebook’s application partners.
The primary activity for many of these companies is aggregating behavioral data outside Facebook by observing users’ browsers with the technology called cookies, and applying the resulting conclusions to display ads that users will, they hope, find relevant. Since the applications let some of these companies gain access to the unique numbers that identify specific users on Facebook, that means that, in theory, they could use the number to correlate it with the publicly available name of that person. Then they could put a name to that pile of data they already have.
But even the article noted that in fact it found no evidence that any companies were actually doing that. And many of the application providers—for example the largest of them all, Zynga, maker if Farmville, Mafia Wars, etc.—reported genuine surprise to the Journal’s reporters that they even possessed this information, and said they would rather not have it. Plus, the Journal reported that once Facebook learned these applications were in violation of its rules, it took action.
Yet, the Journal’s treatment made this mini-story a huge one.
“I don’t see from a logic standpoint how information available to anyone in the world with an Internet connection can even be ‘breached,’” says company spokesman Barry Schnitt.
The article nonetheless had some concrete impact. Facebook even briefly shut down some applications based on information it learned during the Journal’s reporting process. And spokesman Schnitt confirms that the company plans soon to take further measures to more reliably insure that applications could not violate the service’s rules in this way. There will be lots more to say about Facebook privacy, but this highly technical problem is not a big one to worry about.
David Kirkpatrick writes about technology for the Daily Beast. A former Fortune reporter, he is the author of The Facebook Effect: The Inside Story of the Company that is Connecting the World.
See Related: FACEBOOK – MARK ZUCKERBERG ARCHIVE
SENTINEL FOUNDER PAT MURPHY