Facebook's privacy scandal is deepening as we learn more details. And it's worse than we thought. Not only can Facebook employees track which profiles you had viewed, but it's possible, and very easy, for Facebook employees to control any profile in the network. Once they control the profile, they can make any changes they want to and see any private data, like messages in the Facebook inbox. And all they had to do to get this access?

Log in through a developer account and click a link on the top of the page. With that feature, known as "super," an employee could impersonate any Facebook user, controlling the profile like a virtual puppetmaster. This explains how a Facebook employee could change the profile picture of a user without much effort. We hear that snooping employees got so curious that, about a month ago, one project manager called a meeting to tell his team to knock it off.

On the outside, Facebook is maintaining a steely reserve, with spokeswoman Brandee Barker claiming to "set the record straight."She took an awfully twisty path to setting the record straight, noting only that access to the tool is "restricted." It's telling that Barker never actually denied anything Valleywag reported. In truth? Access to the "super" tool is widespread, and executives were largely ignorant of the degree of abuse until recently. The company is now scrambling to put restrictions on "super" in place.


Why does this matter? Today in New York, Facebook is touting its targeted ads to Madison Avenue. But that targeting relies on accurate personal information. And the only reason why Facebook users give the social network intimate details of their lives is because they trust it to keep them private. Even from Facebook employees. Especially from them.