Facebook plans encryption to protect user data

Facebook has proposed using encryption after reports that popular applications expose user identification numbers.

Facebook has proposed using encryption after reports that popular applications expose user identification numbers.

A report by the Wall Street Journal revealed that the privacy breaches by the 10 most popular apps affected millions of users.

The report led to increased concerns about privacy at Facebook, and two US congressmen have demanded more details from the social networking firm.

The issue is that certain Facebook apps transmit user identification numbers (UIDs) , which may be used to identify users and link actions at other Web sites to a Facebook identity.

Facebook plans to lay the groundwork to implement encrypted UIDs in the next few weeks, and then to add support for encryption after consulting internal developers and the greater web community, Mike Vernal, a Facebook engineer said in a blog post.

"While initial press reports greatly exaggerated the implications of sharing a UID, we take this issue seriously. Our policy is already very clear that UIDs may not be shared with ad networks and data brokers, but we recognise that some developers were inadvertently sharing this information," he wrote.

The proposed change is aimed at preventing the accidental sharing of UIDs, but will not stop deliberate UID sharing in violation of Facebook policy.

"While this proposal will address the inadvertent sharing of this information on Facebook, the underlying issue of data sharing via HTTP headers is a web-wide problem," wrote Vernal.

"We look forward to working with the web standards community and browser suppliers over the coming months to help address this issue," he said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT governance

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...