MySpace Sued For Leaking Users' Identities To Advertisers
- by Wendy Davis @wendyndavis, April 14, 2011
Two MySpace users have sued the company for allegedly leaking personally identifiable data about them through referrer headers.
As with similar lawsuits against social networking services Facebook and LinkedIn, the gist of the complaint appears to be that MySpace's referrer headers contained enough unique ID numbers that can be used to identify users who click through to third parties' sites. Those outside companies are then theoretically able to append users' names to the otherwise anonymous tracking data contained in cookies, according to the complaint.
"Unbeknownst to its members, MySpace knowingly serves as and profits handsomely from being a conduit through which details of the most intimate aspects of its members' lives, as reflected in their Internet browsing history and otherwise, are transmitted to data aggregators, who package the information into profiles and sell it like any other commodity to advertisers who use the information for marketing and other purposes."
The complaint alleges that even if MySpace members don't use their real names on the site, they can still be identified because "computer programs can quickly and automatically determine their identity from snatches of information."
The complaint was brought by Brooklyn resident Linda Virtue and San Francisco resident Lily Castro. They allege that MySpace violated federal wiretap law, as well as New York and California laws. They also contend that the company violated its contract with users by disclosing personally identifiable information about them to outside advertisers. They are seeking class-action status.
Like the lawsuits against Facebook and LinkedIn, the complaint draws heavily on the 2009 report, "On the Leakage of Personally Identifiable Information Via Online Social Networks," by two computer scientists from AT&T and Worcester Polytechnic Institute.
Those researchers concluded that many social networking sites leak personally identifiable information by including it in the HTTP header information that is automatically sent to ad networks. The result, according to the report, is that most users of social networking sites "are vulnerable to having their ... identity information linked with tracking cookies."
Conceptually this touches on an important issue in regard to privacy. However, I do not believe that any harm has come to the potential plaintiffs in this instance as described by this article. Seriously, how much personal information can you really be worried about being passed through a header from myspace? Does anyone else see why the plaintiffs should deserve any money at all from this? The effect of a class action law suit seems as though it would do more harm than good. Once the lawyers all take their cuts the members of the class will get barely anything, and even then it seems they will be getting more than they deserve. This could hurt future financial growth of companies that provide tens of thousands of jobs, and support towards our economy. Please don't get me wrong, I advocate stronger privacy awareness, but wonder if any real good will come of class action law suits like this. Sounds like another frivolous lawsuit to me. http://www.seo-cubed.com