Facebook Updates User ID Policy, Puts Six Month Block on Rogue Application Developers

Following an arguably overblown investigation into Facebook application developers sharing publicly-available user identification numbers with third parties, Facebook has made a few additional moves to clamp down on the problem. One is a policy update, another is punishment for those developers that purposefully sold this information — most had done it accidentally — and a third is confirmation of a change it previously proposed to how user IDs are handled.

Given that the user IDs are already publicly available, there was no privacy violation — contrary to how many news organizations covered the story. But selling user data to third parties is explicitly forbidden in Facebook’s developer terms. So Facebook’s actions here are likely motivated in part by the need to reassure the public that their (public) data is safe, while also setting an example to developers.

First, the policy change, from the company’s developer blog post on the matter:

Today, we are clarifying our policy to ensure that developers understand the proper use of UIDs in their applications. Our policy has always stated that data received from Facebook, including UIDs, cannot be shared with data brokers and ad networks. Moving forward, our policy will state that UIDs cannot leave your application or any of the infrastructure, code, and services you need to build and run your application. You can use services, such as Akamai, Amazon Web Services and analytics services as long as those services keep UIDs confidential to your application.

Second, developers will also need to adopt the new mechanism for making user IDs anonymous.

We realize that developers may sometimes need a way to share a unique identifier outside of their application with permitted third parties, such as content partners, advertisers or other service providers. We are adding a mechanism that developers must use to share anonymous identifiers for this purpose. We will release this functionality (available via the Graph API and FQL) early next week. We encourage developers to move to this mechanism quickly and will require it on January 1, 2011.

Ad networks on Facebook, the post notes, are also being required to delete any IDs in their possession in order to continue doing business on the platform; Facebook is also requiring that developers anonymize any IDs they send to these companies.

It is also banning some currently unknown developers for having purposefully brokered this data to third parties. It’s not naming names, but please let us know in comments if you have more information about who they are. From the post:

As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs. While we determined that no private user data was sold and confirmed that transfer of these UIDs did not give access to any private data, this violation of our policy is something we take seriously. As such, we are taking action against these developers by instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies. This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform.

Finally, Facebook says it has worked out a deal where one of the data brokers that was buying the data, Rapleaf, will delete all user IDs in its possession

Facebook Marketing

Mediabistro Event

Facebook Marketing

Starting January 13, work with the group marketing manager of social media at Microsoft/BingAds to grow your business on Facebook! In this course, you’ll learn how to set up your company page, understand Facebook best practices, and execute a monthly content strategy. Register now!


Leave a Reply

5 Responses to “Facebook Updates User ID Policy, Puts Six Month Block on Rogue Application Developers”

  1. johann akram says:

    i really dont think we can trust facebook anymore. they solve one problem and another privacy issue arises. this is never going to end. its time for us to move on to a different social networking site. Other sites offer complete privacy and wont treat our content as their own. hopefully they can live up to their promise when they open

  2. Udi Barone says:

    An absurd situation occurs when Facebook apps have legit access to the user’s data through Facebook API but lacks the technology to optimize its ads targeting (the ones that actually have the technology to optimize ads are the 3rd parties who are reluctant to get this user data).

    If you are a Facebook app which looks for safe optimization technology you can check out this post on Facebook forum:

  3. Derrick Norris says:

    I think this is just a cover up from facebook to show users that they actually care about user content when they dont. Facebook has now become totally insecure and any iformation that you post on it can be used against you. As an app developer i know how easy it is to get user content and my advice is that users should quit facebook and join a safer platform like MyCube or Diaspora who actually will care about your content

  4. Rebecca perry says:

    lol well guess this why band of heroes made by lolapps has had all post’s removed from facebook once again

  5. FACEBOOK naujienos ir patarimai #64 | Komunikacija FACEBOOK'e says:

    [...] Facebook‘as atnaujino USER ID naudojimo politiką, kuria aplikacijų kūrėjai naudojosi ir trečioms šalims pardavinėjo vartotojų duomenis. [...]

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Assistant Editor

8 Inc.
New York, NY

Copywriter & Editor

Santa Monica, CA

Director of Marketing & Communications

Neumans' Kitchen
New York, NY

Social Community Manager

Tallahassee, FL

Editorial Director

Phoenix House
New York, NY

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us