Facebook Is Deeply Broken

The seemingly never-ending cascade of privacy breaches at Facebook continues. The newest demonstrates a design flaw at the heart of Facebook: getting access to a user’s Facebook ID gives access to all information stored in Facebook created by that person. Apparently various companies that build Facebook apps (Zygna, and others) have been using this backdoor to transmit personal information to other companies,

Emily Steel and Geoffrey Fowler, Facebook in Online Privacy Breach; Applications Transmitting Identifying Information

The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photos.

The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

Defenders of online tracking argue that this kind of surveillance is benign because it is conducted anonymously. In this case, however, the Journal found that one data-gathering firm, RapLeaf Inc., had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms, the Journal found.

RapLeaf said that transmission was unintentional. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf.

Facebook said it previously has “taken steps … to significantly limit Rapleaf’s ability to use any Facebook-related data.”

Facebook prohibits app makers from transferring data about users to outside advertising and data companies, even if a user agrees. The Journal’s findings shed light on the challenge of policing those rules for the 550,000 apps on its site.

The Journal’s findings are the latest challenge for Facebook, which has been criticized in recent years for modifying its privacy rules to expose more of a user’s information. This past spring, the Journal found that Facebook was transmitting the ID numbers to advertising companies, under some circumstances, when a user clicked on an ad. Facebook subsequently discontinued the practice.

Wow, this stinks to high heaven.

But it shouldn’t be possible. Facebook should be based on a design where user information is partitioned in such a way that having access to a pointer, like user ID, should not open all doors in the user account. In a capabilities based architecture, the user should be able to grant specific access rights to a specific recipient, and those rights would involve both sides at the time of any access: the recipient would provide the key that was granted, it would be checked against the user’s key, and only if they cross-matched would the transfer take place. This would mean that there would be no master ID that could open all of a user’s information.

Until Facebook is redesigned, and especially while they are so eager to stripmine our social networks, no one should put or maintain any information on their Facebook account that you wouldn’t publish on your blog or give out to a total stranger in a bar. There is no Facebook privacy.