Sunday, October 31, 2010

Tech: Security Online: My Space webs+t sends your personal Identity Data when ads are clickd

I got the dope on MySpace from Wall Street Journal reporters Geoffrey Fowler and Emily Steel who did an investigation to find out what the hell is goin' on (WSJ, Oct23,2k10) "S+t sends personal IDs when ads are clicked" :

MySpace and some popular applications on the social-networking s+t have been transmitting data to outside advertising companies that could be used to identify users, a Wall Street Journal investigation has found.

The market for data about Web users is hot--and one of the methods used is "scraping," harvesting online conversations. In May, Nielsen scraped private forums where patients discuss illnesses. How can web users prevent their data from being scraped? Julia Angwin joins Digits to discuss.

The information was primarily sent by MySpace when users clicked on ads. The website had pledged to discontinue the practice of sending personal data when users click on ads after the Journal reported it in May.

A MySpace spokesman said the data identify the user profile being viewed but not necessarily the person who clicked on the ad. MySpace is owned by News Corp (shame!, let's see if Fox News will give noozcoverage to this WSJ report) -- WSJ is also owned by News Corp, which also owns The Wall Street Journal.
-- Technowlb

Click on the t+m-stamp below to Read more ... 

MySpace, which had 58 million visitors in the US in September, has been struggling to turn its business around in the face of tough competition from Facebook Inc., which had 148 million US visitors last month, according to comScore Inc.

The data being transmitted were MySpace user IDs. These unique numbers can be used to look up a person's MySpace profile page, which sometimes includes their real name, photographs, location, gender and age. The advertising companies being sent the data, which included Google Inc. (shame!), Quantcast Corp. and Rubicon Project, said they didn't use the information. [Wh+ are they even receiving the info, whether or not they've used it yet?]

Earlier this week, the Journal reported that the top 10 most-popular applications on Facebook (shame!) were passing that site's user ID numbers to outside companies. Facebook said it is changing its technology to block the transmission of user IDs.

The MySpace leaks appear to be more limited than those at Facebook, which has far more users and requires them to make public their name, gender and country.
---------------------------------------------------- 
More From the Series

•  Web's New Goldmine: Your Secrets
•  Personal Details Exposed Via Biggest Sites
•  Microsoft Quashed Bid to Boost Web Privacy
•  On Cutting Edge, Anonymity in Name Only
•  Stalking by Cellphone
•  On the Web, Children Face Intensive Tracking
•  Google Agonizes Over Privacy
•  'Scrapers' Dig Deep for Data on Web
•  Facebook in Privacy Breach
•  The Tracking Ecosystem 
Follow @whattheyknow on Twitter
Complete Coverage: What They Know
---------------------------------------------------------

On Facebook, the user ID is linked to a person's real name. MySpace allows users to hide their real names and use a "display name" on the network. That means that user IDs don't necessarily link to people's real identities. MySpace says knowledge of a user ID number only provides access to information a person has made public on their profile.

In addition, the Journal investigation found some MySpace applications were transmitting user IDs, including BitRhymes Inc.'s TagMe, which lets its 8.3 million users make and comment on friends; WonderHill Inc.'s GreenSpot, a virtual gardening game with 1.8 million users; and RockYou Inc.'s RockYou Pets, a game with 6.1 million users.

MySpace said it prohibits app makers from sharing user data, including user IDs, with other entities. "It has recently come to our attention that several third-party app developers may have violated these terms and we are taking appropriate action against those developers," a MySpace spokesman said.

The Journal's investigation demonstrates how fundamental Web technologies can jeopardize user privacy. When a user clicks on an online ad, several pieces of data are transmitted, including the web address of the page where the user saw the ad. At both MySpace and Facebook, that web address has included a user ID.

Craig Wills, a professor at Worcester Polytechnic Institute who has studied how social-networking sites handle user IDs, said such referral data are a growing problem for the Web. As more sites try to tap into social-networking capabilities, "there is the potential danger that those sites with the identifier don't necessarily take care of it, and potentially leak it to whatever third parties are present," he said.

In many cases, the transmission is inadvertent. A RockYou spokeswoman said a company that works with RockYou was transmitting user information to a third company without RockYou's knowledge. "We have taken immediate action to indefinitely suspend their services in connection with RockYou and we are reviewing all third-party providers to ensure compliance with our platform partners' terms of service," she said.

WonderHill didn't respond to requests for comment.

The Journal found that TagMe transmitted a user ID to online tracking company RapLeaf Inc. MySpace and TagMe both said TagMe has since stopped the practice. RapLeaf declined to comment.

BitRhymes, maker of TagMe, said it "has a strict policy of not passing personally identifiable information to any third parties. When we were informed of the issue, any suspect relationship was immediately dissolved."

—Courtney Banks contributed to this article.

Write to Geoffrey Fowler at geoffrey.fowler@wsj.com and Emily Steel at emily.steel@wsj.com
The foregoing piece is an exemplary instance of investigative reporting, and its message (and that of the ent+r series) is of importance to all Net users. Even I go occasionally to MySpace to check out up-and-coming musicians who broadcast l+v on Stickham. Further, I'm shocked that my new fave, Facebook is entangled in this web of carelessness and dishonesty. Straiten yourselves out, gang! I urge every refWr+t reader to evaluate their use of MySpace and the effect that may have on your computer security. This is an SOS with your personal identity and computer security in m+nd!

No comments: