Why Facebook is selling you out — and won’t stop

Different day, same story — privacy breach at Facebook — again. This time due to a known vulnerability that is decades old, intrinsic to the Internet application protocol layaer: the HTTP referrer header, described by Berners-Lee in the v1.1 spec.

The response from Facebook reads very much like a cop-out:

Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.

Interpretation: don’t blame us, blame the standard! That’s just how it works.

There is great monetary incentive behind this negligence. Bill Snyder nails this on the head in his InfoWorld article:

 

Facebook and its developers could bring in as much as $1 billion this year; only a bozo would think that Mark Zuckerberg will give that up to protect the privacy of his users

Facebook has fooled us not just once, but over and over again, blithely exposing users’ private information to any advertiser or creep who happens to get interested. It’s a tired drama. The company messes up, it gets caught, the media freaks out, the company apologizes. Then the cycle starts all over, as it did this week when the Wall Street Journal learned that it’s not just Facebook harvesting personal data — Facebook’s platform developers are in on it as well. That data is being shared with advertisers and Internet tracking companies, whether or not users have opted for privacy. 

What’s more, Facebook has apparently decided it’s OK for Sarah Palin to use her Facebook page to wage a political crusade, but it’s not OK for grassroots activists organizing boycotts against large corporations like Target and BP. For these and a multitude of other transgressions, Boy Billionaire Zuckerberg is the Tech’s Bottom Line Bozo of the Month.

But he has to share that distinction with you, the Facebook user. Jeez, don’t you get it? Facebook is not your, well, friend. So why do you persist in making Zuckerberg and his investors even richer?

Selling your privacy
The root of Facebook’s most recent transgression (allowing third-party apps to harvest user IDs) is greed — greed for the millions of dollars that app developers are pulling from the site. Facebook wants a piece of that action, and if privacy, freedom of speech, or any other trivial concern users may have get in the way, that’s just too bad.

The mechanics of this outrage have been well publicized. Simply put, something called a referrer URL comes to life whenever you click on a hyperlink or an ad. The referrer tells the page you’re going to what page you’ve come from. That happens all over the Web, including here on InfoWorld, where we use it to analyze traffic.

Facebook, though, takes it further. Once you log in, the referrer URLs it generates may contain a unique identification number or, if you’ve opted for a personalized Facebook URL, your name. That gets passed along inside the URL to makers of the Facebook apps you’re using, and some of them then sell it to advertisers and online data brokers, who add it to their trove of information about you.

Facebook was quick to say that usage is a violation of its terms of service, and it’s shocked — shocked! — that anyone would commit such a dastardly deed. Puhleeze. Kudos to the Journal reporters, but I find it hard to believe that a handful of journalists could figure out something that eluded Facebook’s throngs of computer science whiz kids.

There’s a wonderfully symbiotic relationship between Facebook and its major app developers. Apps make the service much more attractive; indeed, the proliferation of cool add-ons propelled Facebook past also-rans like MySpace. And without Facebook, the developers are in Palookaville. Everybody has an incentive to get along and keep on raking in the bucks.

A billion-dollar business
Those bucks are very big indeed. Facebook is privately held, but it is widely believed to have posted revenue of about $500 million last year. A big chunk of that, maybe as much as $50 million, came from the sale of virtual goods used with various applications. A report in Advertising Age last year estimated that the aggregate Facebook-related revenue for third-party developers was actually larger than that of Facebook itself. Facebook has to be thinking of a way to cash in, perhaps via a revenue-sharing arrangement for the sale of virtual goods.

All in all, the Facebook ecosystem could generate $1 billion this year. You think that the Boy Billionaire is going to mess that up by worrying about your privacy? No way. So the privacy breaches will continue, no matter how shocked the company says it is. And anything you do or post on Facebook, regardless of its privacy settings and policies, will be fair game.

The great thing about capitalism is that it gives consumers lots of choices. If you don’t like what Facebook is doing with your data, don’t give it up. Maybe there’s another service to use, or maybe you could simply give your friends — the real ones, that is — a call now and then. If staying on Facebook is important to you, and it certainly has its uses, you’d better face the fact that Zuckerberg’s profits take precedence over your privacy.