Jun. 10, 2009

Posted by in Facebook, General | 1 comment

Finally (Updated)

I’m happy to report that the issues mentioned in the last post here did not go unnoticed by others, including Facebook.

Earlier that day, Nick O’Neill questioned some of the ads I examined in my technical review, and he has since kept up the pressure about such ads. Today, I received a linkback from Joseph Bonneau (thanks man!), who also uncovered privacy problems with Facebook ads. Since most of the cats are out of the bag now, I’ll confirm that SocialReach and SocialHour, the two networks Joseph discussed, were indeed the culprits for most of the ads I investigated last time. However, these ads were being loaded through an iframe from AdMazing, which was behind my first advertising problem. The verified application I mentioned was We’re Related, and currently it still provides AdMazing with your full name, sex, date of birth, age, relationship status, and college information (schools, years, degrees, and majors) via the iframe URL. (The application also still appears to have the photo vulnerability I mentioned as well, if anyone cares.)

But even more good news follows. As Nick now reports, Facebook has shut down SocialReach and SocialHour, and updated their advertising guidelines a bit. Kudos to Facebook for taking at least some action on this issue. I’d still like to see changes to the platform to avoid future problems, but at least Facebook seems to be paying some attention to all this.

I’ve finally decided to write an application that I’ve thought about several times before – one that raises user awareness about issues on the Facebook Platform. I know that Facebook values user privacy, but readers of this blog know how many problems still exist. And as Joseph pointed out, “Unless users are complaining en masse, Facebook has little reason to police the platform…” I’ll keep you posted on the progress of the application.

Update: A commenter on AllFacebook mentioned they were still seeing ads for IQ quizzes, so I checked on things once again.  Turns out that many of the problems described previously still exist.  The ads have apparently been modified a bit; while previous ads showed IQ scores, implying friends had taken the quiz, the new ads simply speculate with descriptions such as “Genius?”  Meanwhile, if you watch the actual traffic, you’ll see that SocialReach is still making the same disturbing REST API queries using the application’s session information.  How is Facebook not noticing this?

  1. We’ve been thinking about the scare application too. Get in touch, I’d love to swap ideas.


  1. Twitted by theharmonyguy - [...] This post was Twitted by theharmonyguy - Real-url.org [...]
  2. Social Hacking » Blog Archive » More Problems with Facebook Platform Ads - [...] Social Hacking « Finally (Updated) [...]
  3. Facebook Taking Action on Application Ads | Social Hacking - [...] June 10th, I named names, noting that AdMazing was the ad network getting the data.  Fast forward over a ...

Leave a Reply