Late last night, Facebook issued a statement on their development blog with the cheery title, “Good Ads Make for a Good Ecosystem.” I’ll begin by saying this post is very good news, and I applaud Facebook for addressing ad networks that violate application policies.
My enthusiasm is a bit tempered by how long it’s taken for Facebook to respond on this issue, and I’m still mystified by some of the remarks in their post. But first, let’s recap the good news. By noon Pacific on August 3rd, Facebook will require all application advertising to meet a revised version of their own guidelines. As part of this change, ad networks will no longer be able to use profile pictures or the names and birth dates of users without Facebook’s approval. As Justin Smith notes, “To our knowledge, this is the first time Facebook has said all ads that display user data must be ’specifically approved’ by Facebook.” Facebook also reminded developers that they can’t send user data to third-party advertising networks, and that ads are part of an application – meaning they fall under the same rules as the application itself. I particularly appreciated this bit:
If you run code provided by an ad network in the operation of your application, be sure you understand what this code does.
Now for the less heartening aspects of this announcement. Yesterday, July 28th, Facebook said:
Please remember that developers have never been allowed to send user data received from Facebook to ad networks…
Stop the tape. On May 28th I posted the following tidbit about a Facebook Verified Application:
I was surprised to see right in the HTML for the application that when it called for an advertising banner, the iframe URL included my full name, sex, date of birth, age, relationship status, and college information (schools, years, degrees, and majors). I didn’t really think an application, particularly a verified one, should be passing such profile information to a third party.
On June 10th, I named names, noting that AdMazing was the ad network getting the data. Fast forward over a month to July 25th, when I made this comment:
I did mention one example over a month ago on this very blog, yet the methods of that particular ad network have not changed at all in the mean time, nor has Facebook taken any action against them.
Now with that background, let’s finish the sentence from Facebook’s July 28th post:
…and we take firm action against this.
I might also note that on June 7th I filed a report about a different type of unsettling ads on Facebook which used user profile data, and on June 18th AllFacebook’s Nick O’Neill left this comment:
Just as a heads up I’ve been in discussions with Facebook for the past week about this exact issue and soon enough I should have a post up about the result. This is definitely a workaround that while they may be abiding by the terms, it results in shock to many of the users that see it.
Apparently Facebook was, in fact, working to address the issue and… oh wait a second. That blog post was from June 7th of last year. (By the way, Nick made good on his promise with a discussion of Social Banners and related issues.)
So why the sudden flurry of activity from Facebook regarding these application ads? Perhaps the Financial Times can shed some light on the subject:
Facebook has found itself the victim of its own success. A user revolt is underway, as a huge number of users are updating their status to warn of a rumoured invasion of privacy by the site….
Also worth noting is how suddenly this message went viral. Ms Smith first reported her experience last Sunday, and the news was picked up, and dismissed by Mashable among others. But like a buried ember that sparks a raging brush fire, the meme caught a gust of wind, and by Friday was spreading across the social graph.
As I’ve pointed out before, Facebook has shown remarkable agility when their users raise an outcry en masse. Say what you will about Facebook protecting their users, you can’t deny that Facebook works hard to defend its image. After that viral wave of status updates, Facebook has moved swiftly to restore user confidence in the site’s advertising, whether from Facebook or on applications.
That’s why I’m not holding my breath for any action on the other privacy problems with the Facebook Platform I’ve noted, all of which remain and which, together, leave private information at risk. Until users realize the current reality and make an issue out of it, Facebook apparently has little incentive to change the status quo. I would love to believe that Facebook is more proactive and that I’m simply unaware of certain measures or underestimating the situation, but so far the company’s actions have inspired little confidence.