The Wall Street Journal gets a nice Facebook/MySpace privacy scoop this morning, reporting that the sites—particularly Facebook—send along personal-identification information to advertisers. The potential legal problem is that these sites tell their users they don’t do that.

This is another example of the increased scrutiny by the press in the last few weeks as Facebook in particular has gone over the line with its users’ privacy. It’s lost any bit of credibility it once had on the issue, and it doesn’t get the benefit of the doubt on something like this.

The fact that such a wide variety of social-networking sites had the same problem makes it awfully suspicious that this was really just an oversight or an accident. And, the Journal found that Facebook’s was was more revealing than others’:

For most social-networking sites, the data identified the profile being viewed but not necessarily the person who clicked on the ad or link. But Facebook went further than other sites, in some cases signaling which user name or ID was clicking on the ad as well as the user name or ID of the page being viewed. By seeing what ads a user clicked on, an advertiser could tell something about a user’s interests.

PC World explains this:

The real problem is, of course, that social networking sites have the ability to obscure user names and profile ID numbers from advertisers—but they simply haven’t. While many of the sites only reveal information about the last page viewed (which may not be the user’s profile and may therefore not reveal anything about that person), Facebook was a more serious offender as it sent information on both what profile was being viewed and who was doing the viewing.

The act of pointing this out to the Journal large, influential audience has already resulted in changes. It’s worth pointing out, as the paper does, that the companies did nothing when researchers pointed this stuff out to the companies last summer.

After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code.

Good work by Emily Steel and Jessica Vascellaro here. Keep it up.

Further Reading:

Pushing Back Against Facebook’s Privacy Practices: The press and others bring needed new scrutiny to the social network

Fortune Sounds Out of Tune With a Facebook Piece

Google Is Not a Heroic Defender of Privacy

If you'd like to help CJR and win a chance at one of 10 free print subscriptions, take a brief survey for us here.

Ryan Chittum is a former Wall Street Journal reporter, and deputy editor of The Audit, CJR's business section. If you see notable business journalism, give him a heads-up at rc2538@columbia.edu. Follow him on Twitter at @ryanchittum.