Did something particularly unpleasant just hit the fan?
Today the Wall Street Journal has revealed the hugely worrying news that major social networking sites including Facebook, MySpace, Digg, LiveJournal, Hi5 and Xanga have all been caught sending users' names and personal information to their advertisers. It comes despite fervent protestations on each site's privacy documentation that they would never do such a thing.
Real names, ages, hometowns and occupations are all amongst the data shared meaning supposedly anonymous statistics now have specific faces that can be assigned to them. Traditionally when a user has clicked on an ad on the Internet their identity is protected and typically would only supply contextual data about where it was that ad was located.
The sites involved have acknowledged these flaws, but most now claim fixes are in place.
"We were recently made aware of one case where if a user takes a specific route on the site, advertisers may see that they clicked on their own profile and then clicked on an ad," said a Facebook spokesman. "We fixed this case as soon as we heard about it."
A MySpace spokesperson also admitted it was "currently implementing a methodology that will obfuscate the 'FriendID' in any URL that is passed along to advertisers."
And what of the advertisers who have received this data? Among the most high profile are Google's DoubleClick and Yahoo's Right Media. "Google doesn't seek in any way to make any use of any user names or IDs that their URLs may contain," said a Google spokesman.
"We prohibit clients from sending personally identifiably information to us," added Yahoo privacy head Anne Toth. "We have told them. 'We don't want it. You shouldn't be sending it to us.' If it happens to be there, we are not looking for it."
So who believes who...?
Update: Digg has issued the following clarification with regards to the WSJ story:
Although Digg said it masks a user's name when they click on an ad and scrambles data before sharing with outside advertising companies, the site does pass along user names to ad companies when a user visits a profile page. "It's the information about the page that you are visiting, not you as a visitor," said Chas Edwards, Digg's chief revenue officer.
Links: Wall Street Journal
(Terrifying) Image courtesy of The New York Times