Who clicks on banner ads?
Seriously.
Two California men have filed a federal lawsuit accusing Facebook of sharing their real names and other sensitive information with advertisers in violation of the social network's own privacy policy. The personally identifiable information was relayed in referrer headers that were sent over three months to advertisers when …
"It goes on to theorize that a gay user struggling to come out of the closet could be inadvertently outted by such a scheme."
I suppose that would be by aggregating data from a lot of that user's clicks, and building a "gay-like" pattern. Let me shine a different light on this: we could aggregate the same amount of data and compare it with paedo or terrorists patterns surely... Bam! instant paedorrist finder! That's so obvious, I'm sure that "they" thought about it, and are perhaps even already doing it right now. Come to think of it, that lawsuit sounds rather suspicious, these guys wouldn't happen to have something to hide, would they? Ummmh, California you say? Lottsa dirty old chaps down there, they don't call it "America's flaccid penis" for nothing. Suspiciouser and suspiciouserer...
Mine's the one with the torch in the pocket, thanks. Yeah, the pitchfork's mine too.
ANY web server will get a referral address, unless you are specifically using something like a double meta refresh to blank the referral.
ANY link you click on within facebook, or *any* other website will do this.
The funny thing is, the only ads that will blank a referral are the ones not allowed on FaceBook, which are run through a double meta refresh by the ad poster to hide the traffic source from the affiliate program.
is a Firefox plugin that allows the forging of the referrer. One can set the referrer to anything that one wishes. Including setting the referrer to the site one is connecting to.
I presume that this would negate such nefarious activity. If anyone can show this would not work in such a situation please let me know.
"Isn't the issue that Facebook themselves are making the referral and embellishing the information"...
From http://www.benedelman.org/news/052010-1.html#leak, it is quite clear that the resulting web traffic is an HTTP GET request for the advertiser's page, with the linking page URL (heavily decorated with facebook username etc as normal) duplicated verbatim in the "Referer:" field.
Sniffed traffic also demonstrates that this particular ad URL contains an identifier which may be instance-unique.
As such, this isn't FB sharing your details per se (except that, as Synja rightly says, they could be doing more to suppress its subsequent transmission) - it's the browser doing it. I for one am not surprised they didn't comment.
You could try not putting it on the internet. Just a thought.
IANAL but I'm going to guess this fails, because if you read through the complaint, they explicitly say that in order to get all the juicy inphos, the advertiser would have to visit (or scrape) your FB page.
So in fact, technically, FB didn't share your PII, _you_ did. And if you had the privacy settings set correctly, any old Tom, Dick or Harriet wouldn't be able to get access to your PII, now would they ?
Not commenting viz the rights/wrongs.
They didn't share it by giving it out, but they did expose PII in the sense you can be identified from the string. The string IS PII in that it ""can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual." Which would seem to be against FBs stated policies.
http://snipurl.com/1b52iv
"The string IS PII in that it ""can be used to uniquely identify, contact, or locate a single person"
Is not the case, m'lord, that in fact the referral string can only be used by m'clients global meat tracking network to uniquely identify, contact, or locate a single 'face book ' page ?
About the only disadvantage to suing FB and MZ is that when you win, you get money you don't want to touch as you are not sure where it's been. Some Lawyers, apparently have used their diplomas to make gloves - problem solved.
The Plaintiff and the Defendant deserve each other as far as I can see.
And, add it as a note, every day, or at your first and just before your last presence of the day in facebook...
(But, no guarantees that fb won't scrub it from your profile.):
"ARE YOU A GOVERNMENT AGENT OR CONTRACTOR OR OTHER PROXY OPERATING TO MONITOR MY PROFILE OR FACILITATE ANYONE ELSE OR A SITE ROBOT TO MONITOR MY PROFILE? IF YOU ARE, LEAVE MY PROFILE OR I WILL OUT YOU AND SUE YOU WHEN I DETERMINE YOU ARE. TAKE THIS AS A STANDING THREAT IF YOU RESPECT YOUR BODY...
Moreover:
IF YOU ARE A COMMERCIAL ENTITY ROBOT OR HUMAN OPERATIVE WHO SIDLED UP TO ME TO GAIN ACCESS TO ME, MY FRIENDS, OR MY COMMENTS OR THEIR COMMENTS, ***YOU ARE NO LONGER WELCOME TO THIS PROFILE! LEAVE ***
FURTHERMORE YOU ARE ORDERED TO C......EASE AND DECIST USING MY PROFILE FOR COMMERCIAL GAIN UNLESS YOU INCLUDE ME IN THE MONETARYGAINS"
Seriously - I once had a Face Ache account.... complete with settings of total privacy - that allowed NO ONE but NO ONE at all, to access my data (email address) or to contact me via that account.
I mean I had to revise this a bit here and there because of Face Anus's privates policy......
All was fine for a few years, until I started to get "Hey cool dude, saw your Face Anus Account come to my Sluts Are Us website"...... using the email address I had in my Face Anus account....
Then I thought - "Yeah fuck Face Book" and I deleted my account - only to find that "Deletion" only equals "suspension from active service" until reactivated - if I should ever choose to sign up again.
Facebook is shitware run by arseholes. Untrustworthy arsreholes at that.