Facebook Punishes Devs Who Shared User IDs

← Back to Stories (view on slashdot.org)

Facebook Punishes Devs Who Shared User IDs

Posted by Soulskill on Monday November 1, 2010 @07:38AM from the barn-doors-and-horses dept.

A couple weeks ago, we discussed news that some Facebook application developers were selling or accidentally sharing user IDs to advertisers and data brokers in violation of Facebook's privacy terms. Now, the company writes that they've updated the policy to dictate how UIDs can be handled within applications, and also punished the offending developers by blocking access to the site's communication channels for a period of six months. Quoting: "While we determined that no private user data was sold and confirmed that transfer of these UIDs did not give access to any private data, this violation of our policy is something we take seriously. As such, we are taking action against these developers by instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies. This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform. We have also reached an agreement with Rapleaf, the data broker who came forward to work with us on this situation. Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward."

54 of 71 comments (clear)

Min score:

Reason:

Sort:

Hurray! by Anonymous Coward · 2010-11-01 07:41 · Score: 1, Funny

Zoidberg can use Facebook again!
1. Re:Hurray! by davester666 · 2010-11-01 17:31 · Score: 1
  
  It just means these companies didn't kick some of the money they made over to Facebook, like all the bigger guys did.
  
  --
  Sleep your way to a whiter smile...date a dentist!
Rapeleaf by Anonymous Coward · 2010-11-01 07:43 · Score: 1, Funny

Gotta get a better name.
1. Re:Rapeleaf by asills · 2010-11-01 08:04 · Score: 1
  
  I'm glad I'm not the only one who sees that.
  
  --
  -- What did Spock find in Kirk's toilet? The captain's log.
Translation by errxn · 2010-11-01 07:45 · Score: 5, Insightful

Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.
Translation: If Rapleaf wants to see the sun rise tomorrow, they will do *exactly* as we say.
Sincerely, Facebook's Legal Team.

--
In Soviet Russia, Chuck Norris will still kick your ass.
1. Re:Translation by thePowerOfGrayskull · 2010-11-01 08:29 · Score: 1
  
  Further translation:
  
  This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform.
  
  This is great press, but really doesn't affect anybody except for a handful of people so we can do it without concern for repercussions.
2. Re:Translation by Anonymous Coward · 2010-11-01 08:51 · Score: 1, Insightful
  
  Bah... No impact.
  At which point Rapleaf immediately declares bankruptcy and a new corporation called RapTwig comes into being. RapTwig being a new entity CAN conduct any business they wish...
3. Re:Translation by Pharmboy · 2010-11-01 08:57 · Score: 5, Insightful
  
  Or to further translate:
  This isn't being done by companies that pouring money into Facebook like Zynga.
  If Zynga has been the offending party, do you *really* think they would kick Zynga off for 6 months, and cut their revenue by 90%? I don't think so. The only reason they are being "tough" on "these companies" is that "these companies" don't contribute in any significant way to their bottom line.
  
  --
  Tequila: It's not just for breakfast anymore!
4. Re:Translation by sortadan · 2010-11-01 09:54 · Score: 1
  
  Wasn't Farmville one of the ones that WAS accused of sharing the userID? wsj story
5. Re:Translation by masterwit · 2010-11-01 10:12 · Score: 1
  
  That is the exact thing I was wondering...
  I remember a Slashdot story a while back that dealt with this too.
  Good point sortadan.
  
  --
  We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
6. Re:Translation by Pharmboy · 2010-11-01 12:07 · Score: 1
  
  whom FB didn't get a chance to bill for it.
  We have a winner! It is all about the money. Neither Facebook, nor any other website, truly gives a rats ass about your privacy, only the marketability of what you provide to them. Make no mistake, any website, ANY, would sell your mother to the devil for a dollar. Even Google. Hell, ESPECIALLY GOOGLE.
  
  --
  Tequila: It's not just for breakfast anymore!
Re:Right ... by Anonymous Coward · 2010-11-01 07:49 · Score: 2, Insightful

Because only Facebook is allowed to profit from the data that they collect. Isn't it obvious? These other developers were cutting into the profit stream and that is against the terms of service.
Re:Right ... by jgagnon · 2010-11-01 07:51 · Score: 4, Insightful

I'm still trying to wrap my brain around the idea that Facebook has a privacy policy.

--
Remember to maintain your supply of /facepalm oil to prevent chafing.
read between the lines by Skarecrow77 · 2010-11-01 07:52 · Score: 3, Interesting

"While we determined that no private user data was sold..."
Isn't this one of the companies (along with google) that declared that "privacy on the web no longer exists" or something along those lines?
hence, no "private user data" can be sold because all user data is public, therefore no crime has been committed.
1. Re:read between the lines by jgagnon · 2010-11-01 08:10 · Score: 1
  
  Privacy is bad for business... it should be banned.
  
  --
  Remember to maintain your supply of /facepalm oil to prevent chafing.
2. Re:read between the lines by Monkeedude1212 · 2010-11-01 08:15 · Score: 4, Interesting
  
  Exactly, but we've been setting up these double standards where nearly every country in the world has slammed Google for collecting private data for themselves (which of course they claim is an accident), and then Facebook essentially lets any app developer do the same thing (again unintentional).
  Now the developers have actually gone and made money off that data, and now less than a dozen of the smallest targets are getting picked off.How on Earth is that fair?
  IF we're going to get mad at Google for roaming around in a car picking up SSID's than WHY can't we get mad at Zynga for taking whatever information they have about me and making money by selling it? If the argument is that "it's public anyways, anyone can just look it up" for your facebook info, why is listening to unsecured wifi considered illegal?
  I don't really care if the law went one way or the other, (Well I have my preferences), but its far more annoying when its inconsistant rather than my way.
3. Re:read between the lines by AnonymousClown · 2010-11-01 08:17 · Score: 1
  
  "While we determined that no private user data was sold..."
  Isn't this one of the companies (along with google) that declared that "privacy on the web no longer exists" or something along those lines?
  hence, no "private user data" can be sold because all user data is public, therefore no crime has been committed.
  Q.E.D.
  
  --
  RIP America
  July 4, 1776 - September 11, 2001
4. Re:read between the lines by interkin3tic · 2010-11-01 08:21 · Score: 1
  
  Isn't this one of the companies (along with google) that declared that "privacy on the web no longer exists" or something along those lines?
  I was under the impression that was just the CEO making an ill-advised statement. I don't think that's officially company policy.
5. Re:read between the lines by ieatcookies · 2010-11-01 11:53 · Score: 1
  
  Ya because zynga really needs to sell user data to make money.
6. Re:read between the lines by twright0 · 2010-11-01 12:03 · Score: 1
  
  IF we're going to get mad at Google for roaming around in a car picking up SSID's than WHY can't we get mad at Zynga for taking whatever information they have about me and making money by selling it?
  Because Zynga only gets the data that YOU give them; you ultimately have control over how much information Zynga gets about you. Don't want them to have information about you? Don't use their applications.
7. Re:read between the lines by thetartanavenger · 2010-11-02 00:45 · Score: 1
  
  Now the developers have actually gone and made money off that data, and now less than a dozen of the smallest targets are getting picked off.How on Earth is that fair?
  Not to nitpick, but when has the world ever been fair?
  
  --
  Who need's speling and grammar?
Re:Right ... by Anonymous Coward · 2010-11-01 07:53 · Score: 4, Insightful

They don't, they have a PR policy.
Making an example by mr100percent · 2010-11-01 07:55 · Score: 3, Interesting

Interesting. If you want to make an example out of them, then this seems effective. Still, would they have been so harsh against a dev if they were in the top 10? What if Zynga had done this, do you think FB would have banned them for months?
1. Re:Making an example by Jugalator · 2010-11-01 08:04 · Score: 5, Informative
  
  What if Zynga had done this, do you think FB would have banned them for months?
  Zynga DID do this, but yeah, FB doesn't have the balls for that.
  http://www.escapistmagazine.com/news/view/104556-Zynga-Sued-Over-Facebook-Leak
  
  --
  Beware: In C++, your friends can see your privates!
2. Re:Making an example by grnbrg · 2010-11-01 08:13 · Score: 1
  
  What if Zynga had done this, do you think FB would have banned them for months?
  "I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened."
Couldn't by vxice · 2010-11-01 07:56 · Score: 2, Insightful

You just operate for a while collect a bunch of ids, seems like something you would need to track accounts, and once you have a worth treasure trove take the slap on the wrist but only after you have transfered all your applications to another 'developer'?

--
every anarchist is a baffled dictator. Benito_Mussolini
Uhhh... by Monkeedude1212 · 2010-11-01 07:56 · Score: 1

This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform.

Why not? Are you trying to suggest that they don't have these practices, or they simply haven't been caught doing it, or they've got the money to grease palms or hire lawyers?
Re:Right ... by Anonymous Coward · 2010-11-01 07:57 · Score: 1, Insightful

I'm still trying to wrap my brain around the idea that Facebook has a privacy policy.
It's easier when you don't take sensationalist headlines at face value.
Scope of the crime? by s.d. · 2010-11-01 07:57 · Score: 2, Insightful

Those stories about the great privacy terms violations said that Zynga, via Farmville, was a big offender (the story linked to in the back link to the older Slashdot article says this, in fact).
I wonder if they say "anyone who grabs the UID is punished" b/c that freed up some of their biggest developers, like Zynga, who were doing other bad stuff, but not that bad (for some subjective definition of bad)?
1. Re:Scope of the crime? by Anonymous Coward · 2010-11-01 08:06 · Score: 3, Informative
  
  According to the Wall Street Journal:
  "The Journal found that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies."
  from http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html?mod=what_they_know
  I too am puzzled.
Great platform security there... by netsharc · 2010-11-01 08:04 · Score: 1

So yeah, instead of making a platform where they guard user's data privacy, their policy to prevent abuse is a rule that says "you are not allowed to do this", with no effective way of policing whether or not someone's doing it.
This is like leaving your computer with your private information open to remote logins, with a blank password, announcing on the internet that they can use your computer (for whatever reason there may be) and then saying, "but don't be reading my private information mmmkay?"
Morons...

--
What time is it/will be over there? Check with my iPhone app!
1. Re:Great platform security there... by Greguar · 2010-11-01 08:44 · Score: 1
  
  This is the continuation of Facebook's rubber-band of privacy policy. First, they open up a grievous hole. Then, there's an inevitable tide of user outrage, usually coinciding with a Facebook group complaining about it and threatening mass exodus, creating tension on the rubber band. Eventually, the tension overcomes Facebook's inertia and motivates them to fix the hole they created, jerking things forward to be briefly in sync with sensible standards, until they make the next grievous hole and start the stretching process again.
  
  It's a game of seeing how much they can get away with and for how long, only addressing their own problems with minimal efforts when a snapping point nears. Eventually, there will be an API-level prevention of this sort of behaviour, only to be replaced with a new massive security hole.
  
  Most users will just continue blissfully onward posting photos of themselves and friends engaged in compromising situations while under the influence of a wide array of intoxicants, with every sordid detail shared freely with prospective employers. Even iron-tight platform security can't cure the kind of stupid that is Facebook's bread and butter.
2. Re:Great platform security there... by Raistlin77 · 2010-11-01 09:08 · Score: 2, Insightful
  
  I know, right! It's like a news site leaving their articles completely accessible to the public and then threatening the public that if they read more than the first page that they have to pay or face legal action.
  Total morons...
Horse - bolted by wjousts · 2010-11-01 08:08 · Score: 1

This isn't even closing the door after the horse has bolted (data that's been sold, is sold, any it ain't coming back), this is shouting at somebody for walking out with the horse while still leaving the door wide open.
1. Re:Horse - bolted by Abcd1234 · 2010-11-01 08:34 · Score: 1
  
  This isn't even closing the door after the horse has bolted (data that's been sold, is sold, any it ain't coming back)
  Except the UIDs aren't *data*, per se. While it does allow the receiver of the data to track actions against individual users, which is bad, it doesn't grant them access to private profile data.
  That doesn't make this excusable, as individual tracking is bad enough (although it can be just as easily achieved with simple cookies). But it's no massive privacy breach.
Re:Pffft by jgagnon · 2010-11-01 08:09 · Score: 1

So... do you hand out little cards to people you know with Facebook accounts that say "My lack-of-caring-list welcomes YOU as its latest entry!"?

--
Remember to maintain your supply of /facepalm oil to prevent chafing.
6 months ?? by nurb432 · 2010-11-01 08:40 · Score: 1

Why were they not terminated?

--
---- Booth was a patriot ----
What about Zynga???????? by tnerb123 · 2010-11-01 08:46 · Score: 1

Interesting how the dont do anything about one of there bigger clients! Zynga has done it before and they havent done a thing about it! Yes for all you farmville people they have released data on you!
Extra Punishment by flappinbooger · 2010-11-01 09:02 · Score: 1

And they reported them for animal cruelty for good measure.

--
Flappinbooger isn't my real name
Re:Right ... by Anonymous Coward · 2010-11-01 09:03 · Score: 1, Insightful

So why isn't Zynga being punished?
Re:MOD PARENT FLAMEBAIT. by joebagodonuts · 2010-11-01 09:04 · Score: 1

Modded "flamebait" because there is no "idiotic" mod? Yes, the plot twist in a beloved movie is roughly the equivalent to people being unable to play a beloved game.

--
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
This doesn't make any sense. by fredmosby · 2010-11-01 09:16 · Score: 1

There are only two possibilities here:
This was a misunderstanding, and the developers involved should get a warning.
This wasn't a misunderstanding, and the developers should be permanently banned to protect facebook users. Otherwise they will just look for other ways to sell data to make money.
Punishments are for dealing with children who don't know the difference between right and wrong. Adults don't generally change their opinions on what's right when they are punished.
Re:Right ... by The+Archon+V2.0 · 2010-11-01 09:44 · Score: 2, Insightful

So why isn't Zynga being punished?
How do you punish the biggest game company on the planet? That's like trying to punish Microsoft because your webpage doesn't render well in IE.
Re:Right ... by eln · 2010-11-01 09:50 · Score: 4, Insightful

Because Zynga is more powerful than Facebook itself. If Facebook tries to fuck with Farmville its entire over-30 female population will riot in the streets.
Mafiawars by Fuzzums · 2010-11-01 09:53 · Score: 1

Zynga shares facebook user ids openly through mafia wars. The user images in mafiawars have the facebook ids in them.
I don't have to explain how to find the actual facebook page with that, do I?

--
Privacy is terrorism.
Re:Right ... by rijrunner · 2010-11-01 10:00 · Score: 1

Facebook's business is selling that information. They really, really do not want to lose the monopoly and ability to monetize it any way they can.
So, of course, they are going to crack down on others selling information that facebook has so carefully accumulated.
Re:Right ... by ArundelCastle · 2010-11-01 10:18 · Score: 1

They don't, they have a PR policy.
Fortunately Privacy and PR have at least two letters in common. So it's like the same thing, only shorter to read...
Re:They just don't wanna share... by Culture20 · 2010-11-01 10:34 · Score: 2, Funny

The only one allowed to harvest and sell your data on facebook is facebook.
I like how you made it into a Farmville analogy.
Pot and kettle by Solandri · 2010-11-01 11:05 · Score: 1

Facebook: "Bad developers! You can't sell private user info to advertisers and data brokers. Only we are allowed to do that!"
So Zynga got booted? by codepunk · 2010-11-01 11:35 · Score: 1

So Zynga got booted? I am pretty sure that Zynga could do whatever they want and FB would not do a thing about it.

--

Got Code?
Pot, meet kettle by RichiH · 2010-11-01 13:31 · Score: 1

Sure, grandstanding on the issue of privacy while butt-raping it themselves will foil a lot of people. But the key phrase is:
"This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform"
Would they have done the same if Zynga, which generates a ton of money for them and has a large legal team, had been affected? I guess not.
Facebook shocked, shocked at privacy problems by David+Gerard · 2010-11-02 00:39 · Score: 1

Facebook staff have been amazed to discover that when Facebook passes users' complete details to application developers and advertisers, some of the partner companies might accidentally let slip the information in some manner.
"We are appalled at this information leak," said Facebook founder Mark Zuckerberg as he took a break from his personal RSS feed of drunk women's tits posted to his service. "But I can assure you that we have sternly suggested to everyone involved that they take somewhat greater care not to get caught, and maintain a serious demeanor when rolling around in the great big pit filled with money in their basement."
"I'm horrified and outraged," said office worker Brenda Busybody, 43 (IQ), "that stuff I put on the Internet is on the Internet. It violates everything I expect. I want privacy when I'm calling my boss a useless fuckstick to the entire world, all my coworkers and my boss himself. And when I'm playing a bit of FarmVille before we nick off down the pub."
Privacy advocates are working on Diaspora, a security-enhanced social network so far populated by Linux users who cryptographically sign every update about which episode of Babylon 5 they just finished watching alone in their parents' basement. "BEGIN PGP KEY BLOCK!" said open source software advocate Hiram Nerdboy, 17. "WE WILL PROTECT YOUR FREEDOMS!" The next version of Diaspora will allow users to list more than three friends, should there be any demand whatsoever for such a feature.
Facebook works on the now-standard "Web 2.0" business model: 1. Brutally sodomise the personal privacy of anyone who comes within a mile of your service and say "hey baby, I'm sorry" every time you're busted. 2. Sell ads.

--
http://rocknerd.co.uk
Re:Right ... by hazah · 2010-11-02 01:24 · Score: 1

I just might want to see that...
Re:Right ... by monique · 2010-11-04 03:32 · Score: 1

This over-30 female would be very happy if Farmville would just DIAF.

--
-monique