Facebook Encrypts User IDs in Response to Inadvertent Data Leak

Lora Bentley
Slide Show

If Facebook can remember these five facts about user privacy, its headaches may begin to fade.

In response to the news that several of Facebook's popular applications were sending user IDs and other identifying information to third parties Facebook says it plans to encrypt user IDs. (Of course, the announcement didn't come until privacy groups and legislators made significant noise about the data "leaks," so I'm sure that helped the decision along.)


Mashable reports:

[T]he parameters that are passed back to iFrame-based applications will be encrypted using an application's secret key, meaning that only the actual application will be able to read the information and accidental disclosures over HTTP headers will no longer be possible.

Though Facebook indicated last week that possession of the user IDs doesn't automatically give third parties access to private user information, the fact that Facebook policies prohibit sharing user IDs suggests that they are not without value, Mashable writer Christina Warren explained.


Obviously, the decision to encrypt is a good one. But like Warren, I'm wondering why it took Facebook this long to decide to do it. Moreover, I'm not sure it will be enough to satisfy the legislators who are working to see Facebook take further steps toward user privacy.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.