Here is what one of the Facebook guys says about the situation:
The Wall Street Journal article is not exactly factually false, but the implication you're drawing from it is incorrect -- the actual issue is that in some cases (e.g., after performing some editing operations) the viewing user's ID is contained in the page URL. If the user happens to click on an ad on such a page, the browser will send a Referer header line that has the URL with the ID in it. On the other hand, if the user clicks away to a different page then clicks on an ad there, the ID will no longer be present.
This by no stretch of the imagination represents Facebook "going out of its way" to pass user information to advertisers.
In any event, the accusation makes little sense given the context. If Facebook wanted to leak user IDs to advertisers, surely it would be far more profitable to do it reliably, on every ad click, rather than doing it via a mechanism that (even according to the WSJ article) only discloses user IDs a small percentage of the time when the user happens to be viewing certain pages in certain ways.
http://www.quora.com/How-did-Elliot-Schrage-not-know-that-Fa...
Here is what one of the Facebook guys says about the situation:
The Wall Street Journal article is not exactly factually false, but the implication you're drawing from it is incorrect -- the actual issue is that in some cases (e.g., after performing some editing operations) the viewing user's ID is contained in the page URL. If the user happens to click on an ad on such a page, the browser will send a Referer header line that has the URL with the ID in it. On the other hand, if the user clicks away to a different page then clicks on an ad there, the ID will no longer be present.
This by no stretch of the imagination represents Facebook "going out of its way" to pass user information to advertisers.
In any event, the accusation makes little sense given the context. If Facebook wanted to leak user IDs to advertisers, surely it would be far more profitable to do it reliably, on every ad click, rather than doing it via a mechanism that (even according to the WSJ article) only discloses user IDs a small percentage of the time when the user happens to be viewing certain pages in certain ways.