4.0B: By Playing Farmville, You Consent To Having The Privacy Of Everyone You Know Torn To Shreds

Entirely appropriate illustration from Toothpaste For Dinner

Farmville and other games by Zynga, LOLapps, and other big names in social gaming collect your personal information – and the personal information of everyone on your friends list – and then turn around and sells it to data enrichment firms.

Yeah, this can’t be bad at all!

The most expansive use of Facebook user information uncovered by the Journal involved RapLeaf. The San Francisco company compiles and sells profiles of individuals based in part on their online activities.

The Journal found that some LOLapps applications, as well as the Family Tree application, were transmitting users’ Facebook ID numbers to RapLeaf. RapLeaf then linked those ID numbers to dossiers it had previously assembled on those individuals, according to RapLeaf. RapLeaf then embedded that information in an Internet-tracking file known as a “cookie.”

RapLeaf says it strips out the user’s name when it embeds the information in the cookie and shares that information for ad targeting. However, The Wall Street Journal found that RapLeaf transmitted Facebook user IDs to a dozen other advertising and data firms, including Google Inc.’s Invite Media.

RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms, the Journal found.

RapLeaf said that transmission was unintentional. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf.

Well, as long as they didn’t mean it!

Is it just me who yearns for those halcyon, innocent days of three years ago or so when the worst moral challenges we faced in the online sphere were gold farmers sending you badly spelled IMs?

Because now it appears the sleaze is making more money than the games they leech from.

(Hat tip: Popehat)

  • http://Website Enzenti

    No privacy is the way of it nowadays. Sometimes I even tell myself that it’s all a good thing… that at least the infuriating spam I am subjected to will be more tailored to my whim and whimsy.

    Seriously, it’s simply that ages old truth: “Nothing is free.” Not a single thing… we pay in some form or fashion… always. If we don’t want to pay the coin of the realm then we should not avail ourselves of the King’s wheat.

  • http://Website Suedeo

    Excuse me, but your apathy is disheartening. Perhaps you are fatigued from being outraged all the time, and from fighting your whole life in order to retain ownership of what belongs to you.

    Well, your life is not over, and people still want to enrich themselves with your stuff. It’s still our job to present a stiff resistance; and remain vigilant.

    Your own statement of total surrender does not represent my views; I am not buying any rotten wheat regardless of how persistent the sales pitch is, or how the invoice is printed.

    We have to keep fighting.

  • http://Website JuJutsu

    “If we don’t want to pay the coin of the realm then we should not avail ourselves of the King’s wheat.”

    Works for me. My facebook page is just a sock puppet account for my wife anyway.

    .

  • http://wowpanda.blogspot.com/ wowpanda

    Same here, that is why I am over 200 years old on facebook.

  • http://Website Lee Quillen

    Well, most knew they weren’t making those apps out of the goodness of their hearts. At least they aren’t all trying to trick you into entering your cell phone number to agree to some monthly faux-service (just some of them).

    I’ve become so disenchanted that I am happy to see the sleezy stuff because it’s a step up from blatant scams.

  • http://Website Mark

    The real tragedy here is that Zynga hired Brian Reynolds, as apparently making the greatest turn-based strategy game of all time (Alpha Centauri) doesn’t pay as well bullshit on facebook.

  • http://Website Mark

    Also, I question whether this information is really that new or interesting. Keep in mind that the WSJ is owned by the same company (NewsCorp) that owns Myspace. Would have been nice to mention in the article that they’re a failed competitor to facebook.

  • http://Website John Smith


    Mark:

    Also, I question whether this information is really that new or interesting. Keep in mind that the WSJ is owned by the same company (NewsCorp) that owns Myspace. Would have been nice to mention in the article that they’re a failed competitor to facebook.

    Their motivations for posting this, as self serving as they may be, are completely irrelevant. Don’t get distracted by such obvious red herrings. Otherwise you risk falling into the same self defeating attitude like Enzenti and JuJutsu have.

    Lee Quillen’s post is especially disturbing. Really, you are awarding points to criminals because they are stealing from you in your sleep rather than making a ruckus during the day? What is wrong with you people?

  • http://Website JuJutsu

    Why is my attitude self-defeating? They engage in sleazy behavior, I shutdown my account in response. If the ruckus you raise causes a change from sleazy behavior I can free-ride. If not, no big loss. I don’t really care about Facebook.

  • http://Website Freakazoid

    Facebook? Heh. Sorry, no. :smugface:

  • http://psychochild.org/ Brian ‘Psychochild’ Green

    Ah, I guess this explains why LOLapps had their applications temporarily banned from Facebook. Looks like Facebook saw the potential privacy violations and were upset they weren’t profiting, too. I mean, because they wanted to protect their users. Yeah….

  • http://Website dartwick

    As a non-facebook user I find this extremely funny.

  • http://www.bestebookreaderscompared.com/ Evelyn

    Ya, and I just read that they did suspend some apps – but not FarmVille! Just the other – smaller ones I guess. They should all be banned!

  • http:WWW.popehat.com Patrick

    Agreed that Reynolds is tragic Mark, but your gotcha on the Journal, MySpace, and OMG FOXNEWS-MURDOCH!!! means … ?

    Are you suggesting the Journal libeled Zynga? If not, what’s your point? If Burger King tells me truthfully that big Macs are made of cow patties, I’ll thank him. Doesn’t mean I feel guilty that I don’t buy whoppers.

  • http://Website Irenor

    And that’s why I don’t use Facebook! (Nor any other social networking tools like MySpace, Twitter, etc)

  • http://geldonsgaming.blogspot.com/ geldonyetich

    The bigger question goes somewhere along the lines of, “exactly what do you plan to do about it?”

    Zynga is no different than the rest of Corporate America in that they seek to do whatever they can go away with in order to turn a profit. They are, however, considerably more overt about it, owed partly to the gaze-attraction qualities of unprecedented success.

  • http://unsubject.wordpress.com UnSub

    Making money by selling vast swathes of collected user information isn’t uncommon.

    However, doing so without providing an opt-out is certainly unethical (and I believe illegal in Australia under Federal Privacy Principles, but I’m not 100% on that).

  • http://Website Boanerges

    People do this all the time with supermarkets and pharmacy stores. “Sign up for our card to give you special discounts!”

    “Sign up with Farmville to get our superleet stuff!” It’s just less obvious and Facebook tends to be frowned upon because they employ an arcane opt-out system. Don’t want apps to know who your friends are or your birthdate? There’s a setting for that… somewhere in there.

  • http://Website Wanderer

    Some of us refuse to shop at stores which only offer their posted prices to “registered users”. All else aside, the card-free stores are consistently cheaper. SOMEONE has to pay for those cards, after all.

  • http://Website Count Nerfedalot

    Anyone surprised by this has not been paying attention. Facebook and Zynga aren’t even the most recent sleazebags outed for having a business model that depends on suckering or deceiving people into voluntarily giving up (when they don’t outright steal it) something valuable and irreplaceable in exchange for a brief moment of fun or convenience – your privacy.

    Zynga was exposed months ago, and Facebook’s complete disregard for their user’s privacy made their morals, if not their motives, pretty obvious from the get-go.

    At least as bad as the pricks stealing your data are the enablers like Google, both for its own collection of your browsing history and for it’s obstinate refusal to build in adequate user controls in Android to ensure that personal data only gets used when you want it. And Apple for similar though less severe problems with the iPhone, being more concerned with making sure no possible competitors profit from their walled garden than they are with ensuring the safety and privacy of their users. And Microsoft for fighting tooth and nail against allowing the user control of their browser until Firefox kicked their butts by opening it up.

    Even the state and federal governments (in the U.S.) are in on the gravy train making money off your personal info, with the Post Office and Drivers License Bureaus selling your name and address and who knows what else to anyone who asks.

    Also add every website that insists on putting a cookie on your machine. There is NO situation that requires a website to put cookies on your computer as long as you are willing to live with typing in your username and password each time you access it. Anyone saying otherwise is either ignorant of the alternatives, too lazy or cheap to use them, or has ulterior motives regarding your data.

    Even every site that requires your email address to participate is a suspect. An email address is useful for a lot of things involving communication and validation, but you still have to be cautious and assess whether you actually trust that unknown entity (and everyone they hire/trust) to actually keep your email private.

    Personally I long for those halcyon, innocent days of a couple decades ago when the worst you had to worry about online was some spammer getting your email address. Although I don’t really miss my 2400 baud modem.

    It is ironc that, after 20 years of ranting and raving at friends and family trying to get them to protect the privacy of my email address with the same consideration they would expect of their own personal telephone number, I’ve just this year gotten compromised for the first time and had my work address sold to some spammers. It could be worse, but now I get 2-5 solicitations for money per day on my unchangeable work account from east european businessmen, african princes, long lost family, forgotten acquaintances needing help, etc that sneak through our impressively tight spam guard, thanks to some greedy pricks (or incompetent idiots) that sold (or allowed to be leaked) my address which they got from me when I foolishly signed up for a free database webinar. (I’m looking at you, Idera, you won’t be selling any of your db tools to MY agency, you assholes.)

  • http://Website VPellen

    I realize this is probably besides the point, but I personally prefer targeted advertisements to untargeted advertisements.

  • http://Website hat_eater

    I, too, prefer targeted advertisements, provided that they are targeted somewhere else.
    I’m rather a loner, so I don’t mind not having Facebook account or any other like that, but I feel for folks who love to socialize and have no choice but to socialize with the whole world, warts and all.

  • http://Website Iconic

    Yet another reason why I’m no longer on Facebook, and throw up in my mouth when other companies (like Blizzard) want to “integrate” with Facebook.

  • http://Website Iconic


    Mark:

    The real tragedy here is that Zynga hired Brian Reynolds, as apparently making the greatest turn-based strategy game of all time (Alpha Centauri) doesn’t pay as well bullshit on facebook.

    I agree on both accounts. Alpha Centauri is indeed the best, and it’s a shame that Mr Reynolds hasn’t done better off of it.

  • http://Website JuJutsu

    “Even every site that requires your email address to participate is a suspect.”

    If I start getting tractor-related spam I’ll know who to blame.

  • Scott Jennings

    FYI, this site’s posted privacy policy makes it very clear exactly how and why this blog collects emails:

    http://brokentoys.org/privacy-policy/

    (I really need to add that link back to the footer)

  • http://Website Lee Quillen


    Lee Quillen:

    Well, most knew they weren’t making those apps out of the goodness of their hearts. At least they aren’t all trying to trick you into entering your cell phone number to agree to some monthly faux-service (just some of them).
    I’ve become so disenchanted that I am happy to see the sleezy stuff because it’s a step up from blatant scams.

    Someone missed the point, and someone else needs to learn how to post Sarcasm better :P Of course I am not rewarding them… I walk away from obvious attempts to grab and sell my personal data.

    The point I poorly made was that while we are talking about sleezeballs selling data, I am regularly seeing legitimate companies allowing blatant scams via their websites or services. If it is not a facebook quiz asking for your cell phone number to sign you up to sa 20 dollar a month serviceless plan then it is Pizza Hut taking money to allow a membership clup application to be sneaky on their web sites. When AOL stopped reactivating trial accounts full membership years after they cancelled SONY was sneaking tracking software onto your PC via music bought from a record store.

    To be clear, I don’t have any fondness for online companies doing basically what the walk in stores have been doing (only much more sneakily), but there’s much worse happening on a regular basis if I have to pick my battles. And picking your battles is something you have to sadly do as there isn’t nearly the time to grab the pitchforks and storm every Tom, Dick, and Harry looking to take advantage of consumers.

  • http://Website Lee Quillen

    To clarify:

    Instances I can specifically think of where I had to fight with large companies over what I considered very important issues included…
    AOL
    Citibank
    Pizza Hut
    Microsoft (ongoing DRM issue)
    Sony
    …and even NC Soft which I won’t go into details about for obvious reasons unless Lemm wants a PM ;)

    So, yeah, while I dislike them… I find them a step up from what companies have already been regularly doing.

  • http://Website Joe


    Wanderer:

    Some of us refuse to shop at stores which only offer their posted prices to “registered users”. All else aside, the card-free stores are consistently cheaper. SOMEONE has to pay for those cards, after all.

    The thing about those cards is you don’t actually have to give them any information. I have cards for all the local grocery stores, but I’ve never filled out the applications. Just ask for a card, they’ll give you one and a form to mail in. Whether you mail the form in or not, the card still works forever.

    So they know it’s the same person buying things each time I use the card, but not who I am.

    That, they have to look at my credit card for. If you really want to keep your info private, you have to pay cash.

  • http://Website Brask Mumei

    As an added bonus, Joe, you can always swap cards with your friends to further confound the tracking technology.

  • http://Website Count Nerfedalot

    The email address is problematic since it’s so very useful. But it still comes down to whether you really want to trust the web site to protect your address or not, regardless of whatever privacy policy they claim. Even purportedly legitimate entities may change their policies from time to time, perhaps long after you’ve forgotten about them and the little tidbits of info you left behind.

    That said, I trust Scott not to sell my address, ergo I post. :) WordPress I don’t know or trust, but oh well, you takes your chances.

  • One of the Elders

    I think gasoline should be free.

  • http://Website Mark Asher

    It’s why I’ve never played a facebook game and probably never will — I refuse to let the game scan my friends list. And while my chances of ever playing something like Farmville were remote under the best of circumstances, I did want to play some Scrabble-like games. If they’d let me play without exposing my friends to their marketing efforts, I’d be happy to.

    Oh, and besides Brian Reynolds, add Raph Koster of UO and SWG to the list of facebook game developers.

  • http://Website Glazius


    Count Nerfedalot:

    Also add every website that insists on putting a cookie on your machine. There is NO situation that requires a website to put cookies on your computer as long as you are willing to live with typing in your username and password each time you access it. Anyone saying otherwise is either ignorant of the alternatives, too lazy or cheap to use them, or has ulterior motives regarding your data.

    Pretty sure that’s not true, unless by “every time you use it” you mean “every time you access a file that requires authorization, including the hundred-odd style files, images, and scripts that can exist on a single page”.

    HTTP is stateless. It doesn’t care that the request for index.css came ten microseconds after it finished serving up the results of index.php to the same IP address: it doesn’t know you from Adam unless you provide more information. And that means writing your session ID to a cookie and keeping it around, at least as long as the browser’s open.

  • http://Website Ashendarei

    TANSTAAFL!