The Wall Street Journal reports that applications inside social networking website MySpace are directly linking user IDs (UIDs) to advertisers when their ads are clicked on by users. The UIDs link back to a user’s personal page which has as much personal information as the user has decided to put out. In the case of most MySpace users, who tend to non-technical, that’s often just about anything someone would want to know.
This comes less than a week after the WSJ – who is owned by News Corp., the same company that owns MySpace – reported that the top ten applications on Facebook were also sending out user IDs, after which a woman in St. Paul, MN filed a class action lawsuit against social games company Zynga. The apps that were pointed out as sending data include the game RockYou Pets, which has 6.1 million users.
In response, everyone has started a game of public relations Hot Potato. MySpace, who changed their company policy regarding UIDs in May in response to a similar issue, has stated that companies that violate their policy will be dealt with. RockYou has stated that the issue was unintentional, and that they have fixed it and are making sure that all of their applications are incompliance. MySpace and TagMe – an application that allows users to tag photos with adjectives such as “kissable lips” or “adorable” – both state they send their data to a third party company named RapLeaf, who has discontinued using UIDs. And all of the companies mentioned as having received information, including Google and Quantcast, say they don’t use it.
I will go out on a limb here: everyone I’ve mentioned in the previous paragraph is flat-out full of shit. Every advertising firm gathers as much information as possible to build a targeted database; that’s their job. For companies to say “we’re not using this goldmine of information that has been leaked to us”, I want to see specific examples of why. At least Google does that, because they collect information via their own networks, which they have shown has a church-and-state like separation inside the company (in other words: Google cannot and does not link my data to my name outside of algorithms, which humans don’t see). The other companies mentioned don’t have that kind of practice. It’s telling that this happened right after Facebook – a company that requires users to use their full names and location – was dinged again for violating user privacy. Fool me once, shame on you, fool me twice…
Also, Emily Steel, one of the reporters on this story, yesterday put out an article that goes into great detail about just how RapLeaf works. RapLeaf makes no bones: they tie your information to your name, your email, everything, and they transmit that data to other companies. Are people seriously going to say that they no longer participate in this just on MySpace? It’s notable that they didn’t comment.
The business of web-based advertising is based specifically around getting as much information as possible, and bullshitting people long enough via public relations to keep people from rioting. In that world, it’s only cheating if you’re caught. On this very site, as I load the main page, I’m being told what Jim Himes – my district’s Congressman in Washington – “doesn’t want me to know” (Goddamnit AdThwart, work!). I’m supposed to believe that the company we’re using for our advertising doesn’t have me targeted? I do know this: I trust the word of these advertising companies about as much as I trust Mr. Himes’s opponent, Dan DiBicella, meaning if they told me the sky was blue I’d walk outside to confirm. People who use Facebook and MySpace applications would be wise to do the same, and lock down their profiles away from the public as soon as possible.