The Wall Street Journal has caught Facebook in flagrante again This time, WSJ reports, in a front-page expose that the most popular applications, or “apps,” on world’s No. 1 social-networking site have been selling users’ information—including access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies.
The abuse affects tens of millions of Facebook users – including those who set their profiles to the strictest privacy settings.
ALL of the 10 most popular apps that Facebook’s 500m users play or use to share common interests have been selling user’s information to outside companies. Three of these companies, including Farmville with 59m users, have also been selling personal information about a user’s friends, which means whether you personally used these games or applications becomes irrelevant – if you have a friend who played, your information was likely grabbed and sold as well.
Though the practice of reselling consumer information breaches Facebook’s rules, policy enforcement is clearly lacking when it is the Wall Street Journal, not internal proactive monitoring, that discovers the abuse of consumer information. Confronted with the WSJ expose, a Facebook spokesman said on Sunday that “it is taking steps to “dramatically limit” the exposure of users’ personal information.” But that comes well after the horse left the barn. To understand just how rapidly that information is sold and resold, see the screenshot taken from a WSJ article at the bottom of this blog.
This expose comes on top of a law suit over Facebook’s own now-discontinued practice of sending users’ data to advertisers without users’ knowledge – a case also brought to light by the WSJ last May. Facebook had been sending Facebook ID codes to advertisers under some circumstances when users clicked on an ad. The codes could then be used by the advertisers to look up individual profiles, which could include a person’s real name, age, hometown, or other details. Facebook has since discontinued the practice.
Attention, Facebook execs: remember MySpace! It used to be considered unstoppable, but as soon as the company became synonymous with sexual predators and scams, the vast majority of users left the site – and what’s left? A shadow.
Consumers, know your strength. Online Companies don’t make money primarily by selling advertising — they make money selling access to YOU, and information about YOU, to advertisers. You and your information are top commodities in the online world.
Think about it: other than its servers and code, what is Facebook’s value? It’s the 500m users they have to attract advertisers and advertising dollars. If Facebook’s users left the site, what would Facebook have left? Just a bunch of servers and code.
The lesson is that if you don’t like the way you’re treated, and you choose en masse to migrate, internet empires topple.
Consumers hold the ultimate power in a model that makes you the commodity, but you don’t yet know it, or how you can wield that power.
How can the Internet become more responsible regarding consumer privacy? Three things that haven’t happened need to happen:
- Consumers need to understand how and why their information is being used – and when it is being exploited. Until prominent disclosure of each company’s policy regarding user information is mandatory, the question of what is being disclosed will run underneath the collective consumer consciousness.
- A watchdog organization needs to be established, to which consumers can turn to see how various companies treat their data, their privacy and their safety. The WSJ article series lays a strong foundation for this, but it’s a one-off effort, not the sustained oversight needed. The Safe Internet Alliance has proposed taking on, or helping to create, this role, but it is still far from accomplishing that goal or getting stakeholder buy-in. In the absence of self-regulatory or a consumer watch organization, this role will need to fall to a government body like the FTC.
- Consumers need to find a way to collaborate better. It’s a united we stand, divided we fall scenario where any one user doesn’t make a difference to a company wielding 500m users; but 5 million organized users – or 100m users – demanding change can make even the largest company quail. I’m confident that at least 100m users would stand together in outrage over what’s happened to their data, and the data of their friends. They just need a rallying point.
I am not opposed to online advertising — it’s what funds our ‘free’ use of internet services. What does concern me is knowing which companies are tracking me and how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do so.
We consumers played a role in the creation of this ad-driven internet model. The dot.com bubble burst of 2000 happened because internet companies built their content and services assuming we would subscribe to use their services and thereby make their companies profitable. But we didn’t want to pay for subscriptions — we wanted everything to be free. Somehow we forgot that free doesn’t pay the bills, let alone turn a profit.
We forced internet companies to either go bankrupt, or find a new revenue model that would extract money from those willing to pay, and that happened to be the advertisers. What internet companies quickly learned was that the more targeted ads could be, the more advertisers were willing to pay them for access to their users.
It doesn’t take a leap to understand how we’ve come to a place were you and your data are commodities, and where the environment makes ‘shoplifting’ your data (taking it without your knowledge or permission) very enticing.
Which brings us back to the start of this story: how Facebook’s top applications providers have taken up the practice of stealth exploitation of your data; how Facebook’s previously indulged in stealth exploitation of your data; how your your Facebook privacy settings have changed time after time under your feet (leaving your data information exposed); and how thousands of other websites follow the same practices. Not to mention the dozens of data aggregator and advertising sites who snap up your data knowing full well you did not give your permission for it to be sold or bought.
To learn more, see my blog posts Know Which Companies Track You For Behavioral Advertising?, and Ad Stalking – When Ads Follow You Online, and the WSJ series What They Know that outlines how companies track and share your information. I recommend you search the WSJ list to look at the behavior of any sites you use.
Already this morning I’ve received a flurry of calls and emails from consumers asking what they should do. My advice? Stop using these applications, demand your information be removed from their sites, then let Facebook, your Attorney General and the FTC know of your outrage.
Since contacting Facebook can be difficult to accomplish, here is the phone number to Facebook’s customer service: 650-543-4800 and Fax: 650-543-4801
Click here to find your Attorney General and how to contact them
Click here to file a complaint with the FTC.