UPDATE, Sunday, May 9, 2010 : Facebook has fixed the issue. Barry Schnitt, Policy Communications at Facebook, writes:
We originally included IP address information in these email headers as part of industry best practices designed to improve spam filters. This is similar to what many webmail providers do. However, we agree this practice no longer makes sense for Facebook and we've discontinued it. Thank you for bringing this to our attention.
We've been covering the mounting privacy violation woes for Facebook users here on Boing Boing in recent weeks—here's another issue to be aware of. Facebook base64-encodes your IP address in every emailed event that you interact with.
Matt C. at Binary Intelligence Blog explains that Facebook's automated email notifications (which go out when, say, a friend comments on your status or sends you a message) appear to contain the IP address of the user who caused that Facebook email to be sent:
The email headers contain a line similar to:
X-Facebook: from zuckmail ([MTAuMzAuNDcuMjAw])
Copy this line out and feed it to this page:
You will get the IP address of your friend and clicking on it will get a geolocation-based map. This will also show you if your friend used their cell phone to post and who they use as their service provider.
This information is great when a fugitive is taunting law enforcement through their Facebook page, but not when a wife is trying to hide from an abusive husband and assumes Facebook is the best form of communication.
As Matt points out in the blog post, this may not be the most onerous of Facebook's privacy problems, and it's certainly not the only one. But no good purpose for users is served by leaking user IPs, and there are many good reasons not to. Facebook, get your shit together for chrissakes.
- What data does Facebook publish about you?
- Infographic: Facebook's "anti-privacy monopoly"
- Personalized Facebook ads are creepy
- Interview with Facebook employee will not make you feel better ...
- Facebook further reduces privacy control for users
- More Facebook privacy woes: rogue marketers can data-mine your ...
- Six reasons to hate Facebook's new anti-privacy system ...
- US Senator wants FTC to regulate privacy on Facebook, other social ...
- Opportunity to ask Facebook about privacy!
- Facebook and the Social Dynamics of Privacy
- Facebook privacy meltdown: company removed opt-out prior to launch ...