Facebook, besieged by accusations of privacy breaches this week, is moving to encrypt user information, according to a post on the Facebook developers’ blog yesterday. Facebook engineer Mike Vernal posted that though reports of the effects of sharing user IDs were “greatly exaggerated,” Facebook was nonetheless taking measures to help prevent app developers from inadvertently (or deliberately) sharing this information.
It hasn’t been a great week for Facebook and privacy, beginning with a Wall Street Journal investigation that revealed on Monday that some of Facebook’s most popular apps, like Zynga’s FarmVille, were sending Facebook user ID numbers to at least 25 advertising and data firms. Lawsuits were soon filed in California and Rhode Island. Then, two software researchers determined that Facebook was essentially outing gay users, in some cases, to advertisers. By clicking certain ads, wrote the researchers, a user “would reveal to the advertiser both his sexual-orientation and a unique identifier (cookie, IP address, or email address if he signs up on the advertiser’s site).”
“A Facebook user ID may be inadvertently shared by a user’s Internet browser or by an application,” a Facebook spokesman had told the Journal just before the publication of its report. But Facebook is learning that if it wants to avoid another FarmVilleGate–not to mention lawsuits, or even congressional inquiry–it needs to take an active stance, looking for ways to patch even inadvertent privacy breaches.