back to article Facebook leaked users' real names with advertisers, suit says

Two California men have filed a federal lawsuit accusing Facebook of sharing their real names and other sensitive information with advertisers in violation of the social network's own privacy policy. The personally identifiable information was relayed in referrer headers that were sent over three months to advertisers when …

COMMENTS

This topic is closed for new posts.
  1. fidodogbreath Silver badge
    WTF?

    Who clicks on banner ads?

    Seriously.

    1. adnim

      What's a

      banner ad?

      Hold on, I think I have a faint memory of these, they are something that people who don't use AdBlock see aren't they?

      1. Elmer Phud

        Not seen one

        Well, not on this machine or any other with AdBlock

        But the best bit is " when users clicked on banner ads" . Well . . . I chuckled anyway

  2. Anonymous Coward
    Anonymous Coward

    Give them enough rope

    The problem with greed is that it never knows when to say 'enough', and Farcebook seem especially keen on banging nails into their own coffin.

  3. Framitz
    Flame

    (untitled)

    Anyone remember the last day that went by without mention of some faceplant bullshit of one kind or another?

    It amazes me that the sheep still stick with this festering puss pocket of evil.

  4. ElReg!comments!Pierre
    Coat

    feature, not flaw

    "It goes on to theorize that a gay user struggling to come out of the closet could be inadvertently outted by such a scheme."

    I suppose that would be by aggregating data from a lot of that user's clicks, and building a "gay-like" pattern. Let me shine a different light on this: we could aggregate the same amount of data and compare it with paedo or terrorists patterns surely... Bam! instant paedorrist finder! That's so obvious, I'm sure that "they" thought about it, and are perhaps even already doing it right now. Come to think of it, that lawsuit sounds rather suspicious, these guys wouldn't happen to have something to hide, would they? Ummmh, California you say? Lottsa dirty old chaps down there, they don't call it "America's flaccid penis" for nothing. Suspiciouser and suspiciouserer...

    Mine's the one with the torch in the pocket, thanks. Yeah, the pitchfork's mine too.

  5. copsewood
    Big Brother

    What else does FB have to sell ?

    Anonymisation has to be reduced to a very transparent fig leaf so they can pretend not to be selling on your personal data while getting the maximum amount of money for it.

  6. Synja
    FAIL

    That's how referrals work.

    ANY web server will get a referral address, unless you are specifically using something like a double meta refresh to blank the referral.

    ANY link you click on within facebook, or *any* other website will do this.

    The funny thing is, the only ads that will blank a referral are the ones not allowed on FaceBook, which are run through a double meta refresh by the ad poster to hide the traffic source from the affiliate program.

    1. adnim

      RefControl,

      is a Firefox plugin that allows the forging of the referrer. One can set the referrer to anything that one wishes. Including setting the referrer to the site one is connecting to.

      I presume that this would negate such nefarious activity. If anyone can show this would not work in such a situation please let me know.

      1. Rattus Rattus
        Thumb Up

        "That's funny," says the advertiser,

        "I don't remember putting an ad on some site called Two Girls One Cup."

      2. Mark 65

        The issue...

        Isn't the issue that Facebook themselves are making the referral and embellishing the information i.e. the ad gives one of those www.facebook.com?openshittyad=www.dumbfuck.com type links and a facebook script is tagging on crap like ?age=23&iq=45&name=joe%20bloggs etc etc?

        1. Peter Garlick

          some title or other

          @mark65 'age=23, iq=45. Love it.'

        2. William Towle
          Boffin

          Re Mark 65 "The issue..."

          "Isn't the issue that Facebook themselves are making the referral and embellishing the information"...

          From http://www.benedelman.org/news/052010-1.html#leak, it is quite clear that the resulting web traffic is an HTTP GET request for the advertiser's page, with the linking page URL (heavily decorated with facebook username etc as normal) duplicated verbatim in the "Referer:" field.

          Sniffed traffic also demonstrates that this particular ad URL contains an identifier which may be instance-unique.

          As such, this isn't FB sharing your details per se (except that, as Synja rightly says, they could be doing more to suppress its subsequent transmission) - it's the browser doing it. I for one am not surprised they didn't comment.

  7. The Other Steve

    If you are concerned about the confidentiality of your personal data

    You could try not putting it on the internet. Just a thought.

    IANAL but I'm going to guess this fails, because if you read through the complaint, they explicitly say that in order to get all the juicy inphos, the advertiser would have to visit (or scrape) your FB page.

    So in fact, technically, FB didn't share your PII, _you_ did. And if you had the privacy settings set correctly, any old Tom, Dick or Harriet wouldn't be able to get access to your PII, now would they ?

    Not commenting viz the rights/wrongs.

    1. Anonymous Coward
      Anonymous Coward

      re: So in fact, technically, FB didn't share your PII

      They didn't share it by giving it out, but they did expose PII in the sense you can be identified from the string. The string IS PII in that it ""can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual." Which would seem to be against FBs stated policies.

      http://snipurl.com/1b52iv

      1. The Other Steve

        Yay! Let's argue like lawyers :)

        "The string IS PII in that it ""can be used to uniquely identify, contact, or locate a single person"

        Is not the case, m'lord, that in fact the referral string can only be used by m'clients global meat tracking network to uniquely identify, contact, or locate a single 'face book ' page ?

  8. Gannon (J.) Dick
    FAIL

    Where stuff is stuffed

    About the only disadvantage to suing FB and MZ is that when you win, you get money you don't want to touch as you are not sure where it's been. Some Lawyers, apparently have used their diplomas to make gloves - problem solved.

    The Plaintiff and the Defendant deserve each other as far as I can see.

  9. Winkypop Silver badge
    Thumb Down

    Faceache

    Blah, blah, blah,blah, blah,blah, blah,blah, blah, THERE IS NO PRIVACY, blah, blah,blah, blah,blah, blah,blah, blah,blah, blah,blah, blah.....

  10. dssf

    Then, post something like THIS to your profile EVERY day...

    And, add it as a note, every day, or at your first and just before your last presence of the day in facebook...

    (But, no guarantees that fb won't scrub it from your profile.):

    "ARE YOU A GOVERNMENT AGENT OR CONTRACTOR OR OTHER PROXY OPERATING TO MONITOR MY PROFILE OR FACILITATE ANYONE ELSE OR A SITE ROBOT TO MONITOR MY PROFILE? IF YOU ARE, LEAVE MY PROFILE OR I WILL OUT YOU AND SUE YOU WHEN I DETERMINE YOU ARE. TAKE THIS AS A STANDING THREAT IF YOU RESPECT YOUR BODY...

    Moreover:

    IF YOU ARE A COMMERCIAL ENTITY ROBOT OR HUMAN OPERATIVE WHO SIDLED UP TO ME TO GAIN ACCESS TO ME, MY FRIENDS, OR MY COMMENTS OR THEIR COMMENTS, ***YOU ARE NO LONGER WELCOME TO THIS PROFILE! LEAVE ***

    FURTHERMORE YOU ARE ORDERED TO C......EASE AND DECIST USING MY PROFILE FOR COMMERCIAL GAIN UNLESS YOU INCLUDE ME IN THE MONETARYGAINS"

    1. The Other Steve

      Why ?

      What would be the point ?

  11. Anonymous Coward
    Thumb Down

    Face Ache +

    Seriously - I once had a Face Ache account.... complete with settings of total privacy - that allowed NO ONE but NO ONE at all, to access my data (email address) or to contact me via that account.

    I mean I had to revise this a bit here and there because of Face Anus's privates policy......

    All was fine for a few years, until I started to get "Hey cool dude, saw your Face Anus Account come to my Sluts Are Us website"...... using the email address I had in my Face Anus account....

    Then I thought - "Yeah fuck Face Book" and I deleted my account - only to find that "Deletion" only equals "suspension from active service" until reactivated - if I should ever choose to sign up again.

    Facebook is shitware run by arseholes. Untrustworthy arsreholes at that.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020