Today the FTC announced a proposed settlement with Myspace, on charges that the company broke its privacy promises to consumers. I want to focus today on one of the FTC’s charges, relating to possible syncing of identifiers.
Myspace, a popular social network, assigns each of its users a numeric identifier called a “Friend ID”. If you know someone’s Friend ID, you can use it to get their public information, by accessing the URL http://www.myspace.com/<Friend ID>.
The Friend ID is a pseudonym of the type I discussed in the previous post. This particular pseudonym has significant privacy sensitivity because it is associated publicly with the user’s personal information.
Now consider an ad network that showed ads on Myspace and also on other sites across the web. The ad network would have placed a tracking cookie on the user’s computer, establishing a pseudonym (which I’ll call the Ad ID) that the ad network associated with a partial history of the user’s browsing activities.
The FTC’s complaint describes how Myspace made it possible for an ad network to sync Myspace”s Friend ID with the ad network’s Ad ID. To sync two pseudonyms means to connect them, to determine that two separate pseudonyms actually correspond to the same person. If each pseudonym has a body of user information associated with it, syncing allows the two bodies of’ user information to be merged into a single record.
Myspace enabled syncing by causing the Friend ID to be sent to the ad network when an ad was requested. When the user visited a Myspace page containing a third-party ad, the page would contain a directive to the browser to contact an ad network URL. The user’s browser would contact that ad network URL–conveying the Friend ID to the ad network–while sending along the cookie containing the Ad ID. This made it easy for the ad network to sync the two identifiers.
(The FTC did not allege that any ad network did take advantage of the syncing opportunity to gather user information, only that Myspace opened the door to such syncing.)
While enabling syncing was one of the issues in this case, it’s important to recognize that syncing of pseudonyms is not always a privacy problem nor a violation of the law. What made the possible syncing problematic in the case of Myspace was that (1) Myspace enabled ad networks to use Myspace’s Friend ID pseudonym to get personal information about the associated user, and (2) Myspace promised its users that it would not share that personal information with third parties.
If your product syncs pseudonyms or identifiers with third parties, or makes such syncing possible, you might want to ask yourself which information flows, if any, are enabled by the syncing, and whether those information flows are consistent with your privacy obligations.