Wall Street Journal Supposed “Investigative” Report of Facebook “Sending” Information to Advertisers is Incomplete Journalism

Mashable posted a link to a Wall Street Journal article with the title “Facebook and Others Caught Sending User Data to Advertisers” (Mashable’s Title, not WSJ). Talk about a sensationalized headline!

The issue at hand here is what Web nerds know as the HTTP_REFERER, which is part of the HTTP headers that your web browser sends to every web server during every single request made to that web server. The HTTP_REFERER header has been around LONG before facebook was even an idea, long before myspace ever existed. It lets the current page request know the page the browser was on prior to the current page. This is valuable information for a lot of reasons, not just because websites want to know where their clicks are coming from (but that’s not what this blog article is about).

WSJ’s “investigative” report claims the following

“For most social networking sites, the data identified the profile being viewed but not necessarily the person who clicked on the ad or link. But Facebook went further than other sites, in some cases signaling which user name was clicking on the ad as well as the user name of the page being viewed.”

The problem with this statement is that is clearly make Facebook out to be some advertising hoodlum with no regard for the privacy of it’s users when that is hardly the case at all.

I’m sure we’ve all seen the 50 foot Facebook URLs like http://www.facebook.com/jaredude/#!?ref=logo/photo=1627836127y/pages/Dinosaurs/75183307096?ref=search&sid=704807817.2984144529..1&v=wall

Well, apparently I like dinosaurs, and I did a search for dinosaurs while I was visiting a friend’s wall. So, Internet advertisers now know that I like dinosaurs and they also know my profile! So, if they make up a profile and become my friend, they will then be able to harvest my “personal” Facebook information to find out that I don’t just like dinosaurs.

Now, I may be a dinosaur with my HTTP_REFERER knowledge, but links opened in a new window (which all Facebook ads do) NEVER contain an HTTP_REFERER. This would mean that this supposed gigantic privacy hOle is just that… a hole! It doesn’t even exist. WSJ could have just called me to get a verification on their “findings”, but they didn’t. Poor investigation WSJ!

Now, playing around with Facebook a bit, I notice that it opens a new window but has a URL from Facebook… OMG! Is this the smoking gun! Are we all doomed?!?!?!!! Here’s the URL that shows up from one of my ads on my profile: http://www.facebook.com/ajax/emu/f.php?eid=AAAAAwAgACAAAAFFvp4ppN6m9Pq4hq0i2rFlgwyY6y-1YtQsEyXKS3PawzDv9weX5sDBV2GHxRjLqLKiscV76VwF7-y68e-AIpUGgJrPMQNdirDzSkjauIPEw6xeyLnT754RNezJRytIA7fsxYSRNXqPq1C3xXMDkeJw3PJiUzC3rN2fTnM8dBPa4XRk5gBsKmMhqBFuUpD340JAefH8PNrxWfV9cdYm2m765XdPTV3oHCQsrRp5yOowx4UOzk61oiDUf5xZ12s2DjG5rGcxheCegMIE7b_aLsFlCt4kcUm4ISvz8FZGOe6YsRWA7kJ9_QhJI-wARu1fO0xuwWMZHTPyh_KV5reo5I6IIh0V-cqcYyg5DGGo05hCkoNgRUakUpuqV84tY_0QCPsSPMHEqb1w62HceiZlszdb7zeusIyzGv-liqZJBRYaakfLyxATXOgH42A8cKBK6iNkUV0V_Nbc-6_47IOAlikTrOSdMPwjJIkmhv3xA4DMT1B6m-y-Te3JEdUs5mOPL_3x_gq_yRE-KgD-lulSgSSdMNmqsu0u4h1pUuuvSkD4eg8.&c=2&f=0&ui=6002535060667-id_4bf5ffe573ac8267871a1&en=1&a=0

Hardly mappable to any personally identifiable information about me, except maybe my personal taste in women 😛

Update: Even TechCrunch has jumped on this story, yet added no real tech information on anything. Funny that they can publish an article a few weeks back talking about how the scrubbed their logs for the HTTP_REFERER and found how little traffic Google Buzz sent them but aren’t intelligent enough to point out that links opened in a new window pass no HTTP_REFERER.


    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

%d bloggers like this: