We take user privacy seriously. We are dedicated to protecting private user data while letting users enjoy rich experiences with their friends. This more social Web will only occur if users trust that they are in control of their information.
Our policy is very clear about protecting user data, ensuring that no one can access private user information without explicit user consent. Further, developers cannot disclose user information to ad networks and data brokers. We take strong measures to enforce this policy, including suspending and disabling applications that violate it.
Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.
Press reports have exaggerated the implications of sharing a UID. Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy.
We have experience addressing this sort of issue previously, although the technical challenges here are greater. We are talking with our key partners and the broader Web community about possible solutions. We will have more details over the course of the next few days.
Ensuring that Facebook users are in control of their information is essential for the success of your application and the rest of Facebook Platform. We encourage you to review our policy and your use of user information, including UIDs. If you have any questions, use the comments below. We will be reviewing and answering questions as they arise.