In response to a scathing article in the Wall Street Journal last week that revealed Facebook apps collecting and selling user information to ad networks and other data mining outfits, Facebook posted today in its blog that they would be offering encryption services for user IDs in the near future.
The blog post acknowledges the existence of UID sharing, but reminds readers that the media coverage of the situation was blown way out of proportion and that the implications of UID sharing are not nearly as heinous as the WSJ would have you think. Nevertheless, Facebook is staying true to the demands of the users, and Mike Vernal details the technical implementation of the new encryption functionality in the blog post. Since the problem is stemming from http headers on apps that contains the UID of the app user, the encryption will affect only the passed parameters that contain UID data.
This will be an opt-in service at first for Facebook users, but Vernal claims that they want this to become more widespread as time goes on. Eventually, it will be integrated into the official Software Development Kit, and developers can start coding UID encryption into their apps.
While Vernal may be right in saying the media dramatized the idea of UID sharing to ad companies, it still goes against the TOS for apps. Vernal claims that the vast majority of these UID leaks are inadvertent and happen because coders don’t always realize that the UID get passed to the http header referral field.