The New York Times has a story about other ways in which private user data can be gathered on social-networking site Facebook for online targeted behavioral advertising. The article focuses on two recent research papers: “Challenges in Measuring Online Advertising Systems” (pdf) by Saikat Guha, Bin Cheng and Paul Francis and “Privacy Violations Using Microtargeted Ads: A Case Study” (pdf) by Aleksandra Korolova.
Online advertising offers marketers the chance to aim ads at very specific groups of people — say, golf players in Illinois who make more than $150,000 a year and vacation in Hawaii. But two recent academic papers show some potential pitfalls of such precise tailoring.
Both papers focus on Facebook ads and show that in certain circumstances, advertisers — or snoops posing as advertisers — may be able to learn sensitive profile information, like a person’s sexual orientation or religion, even if the person is sharing that information only with a small circle of friends. Facebook does not share such information with advertisers. […]
In one paper, researchers from Microsoft in India and the Max Planck Institute for Software Systems in Germany found that it was possible for an advertiser to find the stated sexual preference of Facebook users.
The researchers created six nearly identical Facebook accounts, three for men and three for women. The one significant difference was that in one account for each gender, the profile specified that the user was “interested in” people of the same sex. […]
But the researchers also found that the gay profiles were shown ads that were not shown to straight people and had no obvious connection to sexual preference — like those for a nursing degree at a medical college in Florida, which appeared exclusively in the gay man’s account. […]
In a separate study, Aleksandra Korolova, a researcher at Stanford, said she was able to find the age and sexual orientation of specific Facebook users by tailoring certain ads to their profiles.
She said an attacker could use the technique to find other profile information that was not public, including relationship status and political and religious affiliation. She also said that the technique could be used on other social networks or Web sites, like Google and MySpace.