In the wake of a controversy surrounding the security of Facebook user IDs, the social-networking site on Friday admitted that several of its developers sold UIDs to data brokers.
"As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs," Facebook engineer Mike Vernal wrote in a blog post.
Private user data was not sold, Vernal said. Facebook has since suspended the developers for six months. If they wish to return to the Facebook developer community, they will have "to submit their data practices to an audit in the future to confirm that they are in compliance with our policies," he wrote.
Facebook did not reveal the names of the developers in question except to say that they are about a "dozen, mostly smaller" developers that are not among the top 10 applications on the site. Facebook also reached a deal with data broker Rapleaf whereby the company will delete all Facebook UIDs and stop conducting any activities on Facebook Platform going forward.
"In taking these steps, we believe we are taking the appropriate measures to ensure people stay in control of their information, while providing developers the tools they need to create engaging social experiences," Vernal wrote.
The issue over Facebook UIDs made headlines several weeks ago when the Wall Street Journal published a story that said Facebook apps share users' personal information with advertising networks and other Internet-tracking companies. That, apparently, did include the top 10 apps on Facebook, as well as Rapleaf. Facebook later said it would encrypt UIDs going forward.
On Friday, Facebook further clarified its app privacy policy to "state that UIDs cannot leave your application or any of the infrastructure, code, and services you need to build and run your application," Vernal wrote.
Services like Akamai, Amazon Web Services, and other analytics options are allowed "as long as those services keep UIDs confidential to your application." This week, Facebook will also release a way to share identifiers anonymously with third parties like content partners, advertisers, or other service providers. Developers will be required to use this mechanism by January 1.
0 comments:
Post a Comment