Facebook, MySpace and other social networks have been caught red handed sending personal and identifiable information about their users to advertisers without users consent, despite documented assurances that users information will not be shared.

Large advertising companies which include Google’s DoubleClick and Yahoo’s Right Media have received sensitive information including usernames and ID numbers that can be traced back to individual profiles as users clicked on ads. The data could be potentially used to look up personal information about a user, including the users real name, age, occupation, location and anything else made public on the profile. Both of the companies obviously denied being aware of the “extra” data they were receiving and claim they have not made use of the data.

The Wall Street Journal reported that since questions were raised about Facebook and MySpace, both companies have since rewritten at least some of the code that allowed transmission of identifiable data. Beyond those two big social media companies, LiveJournal, Hi5, Xanga and Digg were on the list of sites who have sent the identifiable information back to advertisers when a user clicked on individual ads.

The Wall Street Journal found that Facebook went a step or two further sharing identifiable data by sending the username of the person clicking the ad as well as the username of the profile he or she was viewing at the time. This news could hardly come at a worse time for Facebook, while they are facing a privacy backlash big enough to make the cover of Time Magazine this month.

Outside of Facebook, the other companies named in the article maintain that the data they send to advertisers contains only the user ID of the profile a user is visiting when he or she clicks on an ad, and not the user ID of the individual visitor. Both Google and Yahoo refuted the idea that they would ever make use of any such personally identifiable data. Yahoo VP of Global Policy Anne Toth said of the allegations, “We prohibit clients from sending personally identifiable information to us. We have told them. ‘We don’t want it. You shouldn’t be sending it to us. If it happens to be there, we are not looking for it.”

Comments