At issue: the fact that Facebook user IDs were being shared with advertising and analytics companies through Facebook applications.
In most cases, this undisclosed sharing really wasn’t Facebook’s doing. Because user IDs are included in URLs used by Facebook applications, advertising and analytics companies were able to access them through referrer data. Despite the uproar, it still isn’t clear how many companies were intentionally keeping track of, or sharing, user IDs.
While it’s hard to blame Facebook for the scourge of referrers (note sarcasm), Facebook isn’t exactly a victim here: it certainly knew that user IDs could be exposed in this fashion and used in violation of its rules. For whatever reason, it seems to have simply ignored this.
But faced with more unwanted attention that reminds the world that what happens on Facebook doesn’t always stay on Facebook, Facebook has proposed a solution: encrypt user information. Developers of Facebook applications would have to decrypt the user information within their applications; information, such as user IDs, would no longer be visible in plain text in URLs.
Is this a viable solution? Unfortunately not. While it would prevent inadvertent tracking and sharing of user IDs, it will do nothing to prevent intentional tracking and sharing of user IDs. An application developer who decides that the value of this data exceeds the risk of being banned by Facebook could still decrypt this information in his or her application and then transmit it to third parties.
Will this be a common occurrence? Who knows, which highlights the fact that Facebook’s real problem is one of trust and transparency. There can be no doubt that Facebook’s open platform has been a boon to the company, its users and entrepreneurs. But the open platform model Facebook has adopted has some inherent limitations. Pragmatically, Facebook cannot fully police or control the behavior of third party developers. They have access to certain data, and Facebook has to trust that they will follow its rules for the use of that data.
That data, of course, is potentially valuable, and there will always be an incentive for some developers to use it in ways that violate Facebook’s rules. The issue for the average user is that much of this is not obvious. Many users, for instance, are probably entirely unaware of what data is shared with Facebook applications and what is going on behind the scenes.
The challenge for Facebook is balancing what’s good for its open platform strategy with what’s good for user privacy. But Facebook can’t meet that challenge until it recognizes that not all of these privacy conundrums will be resolved solely by technical means.