A recent investigation by The Wall Street Journal revealed another breach in Facebook privacy thanks to popular applications such as Farmville, Causes, Mafia Wars and Quiz Planet. With Zynga’s Farmville having 59.4 million users alone, this revelation certainly hasn’t done much for Facebook’s already bad track record for user privacy. The WSJ study detailed for the first time, how exactly individual information is being transmitted:

The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photo

While in theory this couldn’t have too poor effect, companies such as RapLeaf in San Fransisco have proved how dangerous even that bit of information can be. RapLeaf, like many others, compiles and sells profiles of individuals based off of individuals by their comprehensive online history. This means that the “ID number” system that Facebook has in place is practically useless against companies like RapLeaf finding the missing pieces to your identity.

However, what the WSJ has revealed is nothing we didn’t already know, and it’s not entirely Facebook’s fault. As Gigaom points out, many companies and media (including the Wall Street Journal) sell information about their subscribers to third parties with similar goals to RapLeaf, who in turn sell it to marketing and ad agencies.

Social networking has completely redefined what one considers privacy, both from social and corporate spheres, and everyone is pointing the finger at someone else. As individuals we blame the corporations, the corporations blame the third parties, the third parties blame the marketers and the marketers blame the individuals. Modern privacy must achieve certain objectives so that everyone can stop blaming and feeling threatened.

1. Accountability of the Creator

Both the creator of the information, i.e. the Facebook or Google user is accountable for the information they put online, and the ripple effect that may have, personally or otherwise. We must recognize that if we take part in the online social network we run the risk of anyone finding out information that perhaps we would not share otherwise. Similarly, we are responsible for choosing to skim over privacy agreements for the sake of convenience. If we want more security over our online information, take control. Read the privacy agreements, read the updates. Change your settings to suit your comfort. Applications like Privacy Check give you a score on how secure your Facebook profile is, and if you type http://graph.facebook.com/user-id (replacing “user-id” with the username of any user you can find out exactly what information Facebook is releasing about you. Here’s mine, username “creativetaboo”:

{
   "id": "1149750692",
   "name": "Madelynn Martiniu00e8re",
   "first_name": "Madelynn",
   "last_name": "Martiniu00e8re",
   "gender": "female",
   "locale": "en_US"
}

2. Accountability of the Corporation

It is the responsibility of the company (i.e. Facebook, Google or RepLeaf) to provide easily accessible information on privacy. If it is as big of a concern to the general public as it has proven to be, the information on privacy needs to be at the top of the Terms of Service, not all the way at the bottom, as it so often is. Similarly, if a user chooses to change their privacy settings for any reason, instructions should be easily available and it should be simple to understand. The corporation does not get to wipe out existing changes to user-chosen privacy settings every time there is an update.

3. Equality

If a user wants to participate in a network but does not wish to participate in sharing their information to companies or social networks, they should be allowed to do so. No application or corporation should be able to only allow users to access their service if they relinquish control to their privacy. There are far too many applications that won’t allow a user to activate them without letting them access your information and provide it to third parties.

4. Anonymity

Corporations should be able to find a way to collect data while still allowing users to have some semblance of anonymity. The little information Facebook has on me has made me a demographic number rather than an individual, and I prefer to keep it that way. Companies like RepLeaf that have the ability to cross reference that information with my search history, and more specific data collected over my span of accessing the internet allows companies not only to know that I exist, but can create a detailed profile of my personality. This breaches a line from indirect advertising to direct advertising; as companies are no longer targeting my demographic, but what they have collected about my online personality. To breach anonymity into direct advertising can quickly turn social networking into a hostile landscape bombarded by sales.

In conclusion, these online “privacy scares” will continue to happen, and not just with Facebook, and we’ve yet to see any substantial number of people boycott social networking as a result. All companies involved obviously have something to work on, but so do the individuals voluntarily participating in the internet. Just as an individual would protect themselves from viruses on their computer, or choose different personas to portray to certain people, these are both skills that need to be reminders for all those who enter the murky waters of privacy online.

Photo by Picasa user Jeff Reitler under Creative Commons License