Latest Facebook privacy flap: Big deal or overreaction?

Wall Street Journal “investigation” sparks new concerns, debate about severity

This looks like one of those cases where the details matter a lot ... and yet not so much.

When The Wall Street Journal print edition carries a four-column headline at the top of page one, the newspaper is announcing to the world that that this story is a Major League Big Deal. This morning's headline: "Facebook in Privacy Breach: Top-Ranked Applications Transmit Personal IDs, a Journal Investigation Finds."

The headline screams "be afraid, be very afraid."

However, a number of security experts -- while acknowledging that the newspaper has identified a legitimate issue - are calling the presentation of that news alarmist at best.

From the Journal story (which has that same headline):

Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information-in effect, providing access to people's names and, in some cases, their friends' names-to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. The practice breaks Facebook's rules, and renews questions about its ability to keep identifiable information about its users' activities secure.

There seems no dispute - even by Facebook -- that what the newspaper said is happening is happening, but there is little agreement as to its significance.

Writes security analyst Richi Jennings on Computerworld:

Yet again, Facebook has been caught out leaking users' identifiable private information. It's failed to prevent 3rd-party apps from disclosing user identities, despite receiving countless previous knuckle-rappings.

Kashmir Hill begs to differ at Forbes:

Using "breach" to describe this strikes me as overwrought. The applications reveal your name, that you are on Facebook, and possibly which application(s) you've downloaded. Is that something that we should be freaking out about? A host of experts debated the issue on Twitter last night.

Her post gets into some of the blow-by-blow of those exchanges.

Facebook's Mike Vernal offered a less-than-apologetic take on the company's Developer Blog:

Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.

Press reports have exaggerated the implications of sharing a UID. Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy.

Meanwhile, the Journal story is being picked up by every news outlet on the planet. That's what I meant about the details not mattering.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

Latest Facebook privacy flap: Big deal or overreaction?

IMDb turns 20, takes stroll down memory lane.

10 reasons to fear Google's self-driving car.

Bank of America is holding my online accounts hostage.

Linus Torvalds is now an American citizen.

Fly on the wall says Apple made Newsday kill funny iPhone app ad.

An example of why cell phones do not belong in public bathrooms.

Kindle owner on her continuing love of 'real' books.

Pizza lovers suffer information theft from Hell.

Playboy's new site is safe for work? ... Not.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in