Blog Archive

Thursday, 21 October 2010

Zynga sued in privacy breach controversy

218 million “class members” probably won’t settle for Farmville dollar

A suit has been filed in U.S. District Court in San Francisco on behalf of a Minnesota woman charging game maker Zynga with leaking the personal information of 218 million Facebook members in violation of federal law. The suit seeks class action status. (Story in The Register of the UK here. )

The action follows by three days an investigative story by The Wall Street Journal that found a large number of Facebooks apps – including Zynga games such as Farmville and Mafia Wars  – leaked the user IDs of Facebook players and their friends to outside companies. (Story here.)

Users’ privacy on the Internet has been a dicey proposition (some say non-existent) for most of the net’s history. Social engineering techniques early on became about as refined as cryptographic algorithms.

The compromise of personal information from breached company, university and government systems made high-profile headlines. That resulted in security standards and laws that required notification of those whose information was compromised (California’s breach notification law, HIPPA, etc.)

The rise of spyware took the issue to entirely new levels and created a whole anti-spyware component of the anti-virus industry.

The most recent controversy over social media exposures (especially by young people) and persistent tracking cookies just refined the concern.

The central question in all of this for the Internet user should be: “will there be some new technology in the future that will circumvent all existing safeguards and compromise my personal information yet one more time?”

If Internet history is any guide, answer is “yes.” There has been a long chain of innovative methods for extracting personal data from any place it is stored and it appears that will never end.

Hackers and virus writers solved the problem years ago. They use pseudonyms (and more than one in known cases.)  We haven’t heard of any widespread use of pseudonyms by the average user on social media sites, but we predict it isn’t far off. And it’s not like we’re suggesting it, but changing accounts every few months on things like web email and social media sites and using false personal data like dates of birth would sure play havoc with tracking systems. It will probably give you a whole new selection of spam too.

Hey, on the Internet no one has to know you’re a dog (or your real DOB.)

Tom Kelchner

Update 10/22:


I stand corrected.

I've been told The Register has a sizable staff in the U.S. and half its 5.5 million unique readers are in the U.S. So when I wrote "The Register of the UK" that wasn't really accurate.

No comments:

Post a Comment