• by Wendy Davis , Staff Writer @wendyndavis, October 21, 2010

Turns out Facebook's data leakage to advertisers could be even more of a problem than first thought. A new report shows that Facebook's targeting systems enable marketers to learn the identity of users who fall into specific categories -- including ones as sensitive as sexual orientation.

For the report, "Challenges in Measuring Online Advertising Systems," researchers from Microsoft Research India and the Max Planck Institute for Software Systems created six profiles -- two for straight men, two for straight women, one for a homosexual man and one for a homosexual woman -- and then compared the ads that those profiles received.

The researchers found that the gay profiles received ads that were targeted based on sexual orientation, such as ads for gay bars. The gay male profile also received ads that were targeted based on sexual orientation, but that didn't itself obviously indicate that it was being targeted to a gay audience. The problem with these ads is that people who click on them don't realize that just the act of clicking is enough to link their identities with the gay-male targeting bucket.

The researchers write: "Alarmingly, we found ads where the ad text was completely neutral to sexual-preference (e.g. for a nursing degree in a medical college in Florida) that was targeted exclusively to gay men. The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by clicking it he would reveal to the advertiser both his sexual-preference and a unique identifier (cookie, IP address, or email address if he signs up on the advertiser's site)."

Privacy researcher Chris Soghoian investigated further and has a screenshot showing the tool that allows marketers to target by sexual preference.

A Facebook spokesperson says the company's ad guidelines ban advertisers from using data collected based on running an ad. "We explicitly prohibit them from associating that targeting detail with the data collected from the user in forms they fill out, applications they make, or other interactions on their site," the spokesperson says. "We also require that targeting of ads based on a user attribute be directly relevant to the offer in the advertisement."

The company also says that it takes action when it learns of violations, but as a practical matter, it's not clear how Facebook can police marketers' use of information.

Even if Facebook stops transmitting users' IDs in referrer headers, advertisers can still learn personal information about the gay users who click on the neutral-seeming ads if, for instance, they provide their email addresses.

For that reason, Facebook might not be able to fix this latest problem easily. Soghoian proposes two alternatives: The company could stop allowing targeting based on sexual orientation, or it could start disclosing to users the specific reason why they're being targeted with certain ads.

Facebook might not be thrilled with those options, but either one seems like a more realistic way of protecting users' privacy than continuing to rely on marketers to voluntarily refrain from using data they have collected.