The Latest Social Network Privacy Issue

This is one privacy scandal Facebook isn't alone on.

Facebook and other social networks have been giving advertisers data that could be used to identify names and other personal information of people who click on ads, the Wall Street Journal reports. It's scary, but the risk is nothing new and it's an unfortunate part of the way the Internet works.

Any site you visit can collect a lot of information about you, as creepily evidenced by the Panopticlick project run by digital civil liberties group the Electronic Frontier Foundation. One piece of information sites obtain about visitors is their referrer, the URL of the site visitors come from. Nearly every company uses referrers to find out what their sources of traffic are (Google, blogs, etc.). Do a Google search and the sites you click on will know how you got there because Google includes the search phrase in the URL:

With social networks, the problem is worse. A lot of networks include IDs and names in URLs. Using the ID or name, advertisers can easily and automatically scrub a user's public profile for more information, such as a name, photo, date of birth, likes, other interests, friends, etc.

(Note: The Journal reporter who wrote the story recently clarified that referrers weren't the only way in which social networks shared data. Facebook had apparently included IDs in the URL of the advertisement itself --, for example. Facebook changed its code in response to the Journal's inquiry.)

Advertisers said they didn't know they were receiving and don't plan on using the information. And while Facebook changed its code, a Twitter spokeswoman stated the obvious: "This is just how the Internet and browsers work." There are ways to obfuscate or hide the referrer.

This privacy problem was first "flagged" in an August research paper, The Journal reports. They don't name the authors, but this seems to be the paper in question. Data passed along, as the research paper explains, looks like this (emphasis mine):

GET /clk;203330889;26770264;z;u=ds&sv1=170988623...

Cookie: id=2015bdfb9ec||t=1234359834|et=730|cs=7aepmsks

But knowledge of the referrer privacy risk is nothing new. The paper itself refers to a note on referrer risk in a 1996 memo co-written by Tim Berners-Lee, the professor credited with inventing the Web:

Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent.
Presented by

Niraj Chokshi is a former staff editor at, where he wrote about technology. He is currently freelancing and can be reached through his personal website, More

Niraj previously reported on the business of the nation's largest law firms for The Recorder, a San Francisco legal newspaper. He has also been published in The Hartford Courant, The Seattle Times and The Age, in Melbourne, Australia. He's also a longtime programmer and sometimes website designer.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register with Disqus.

Please note that The Atlantic's account system is separate from our commenting system. To log in or register with The Atlantic, use the Sign In button at the top of every page.

blog comments powered by Disqus


A Stop-Motion Tour of New York City

A filmmaker animated hundreds of still photographs to create this Big Apple flip book


The Absurd Psychology of Restaurant Menus

Would people eat healthier if celery was called "cool celery?"


This Japanese Inn Has Been Open For 1,300 Years

It's one of the oldest family businesses in the world.


What Happens Inside a Dying Mind?

Science cannot fully explain near-death experiences.

More in Technology

Just In