Facebook, Android and MySpace have all been in the spotlight of late for security gaps in their sites or in their applications that allow user IDs to be sent to third parties, including advertisers. Privacy advocates and legislators alike have asked for more details on how the "leaks" happen and how they can be fixed. Facebook announced last week that it plans to encrypt user IDs to prevent inadvertent sharing.
But if what Facebook has said is true and the user IDs don't give third parties access to information users mark as private, what's the big deal?
A story published in The Wall Street Journal Monday details just one example of online profiling that access to such information can allow. It illustrates how online profiler RapLeaf gathered information on Nashua, N.H., resident Linda Twombley that is so detailed she told the WSJ:
It is like a watchdog is watching me, and it is not good.
The profile, for which RapLeaf collected data from a network of cooperating websites that require users to register with e-mail addresses to participate, correctly identified that Twombley is a conservative Republican who is interested in cooking, crafts, rural farming and wildlife, as well as correctly identifying the ranges for her age and income, among other things.
For her part, Twombley says she's restricted cookies on her browser and stopped using Facebook applications that shared the information. Even though RapLeaf and other online profilers strip consumer names and e-mail addresses from the information they collect, the fact remains that if enough information about a consumer can be found online, it will eventually be connected in such a way as to identify that consumer.
The more time passes, the more online privacy really does become a myth.