Earlier this week, we learned of a vulnerability in Facebook's targeted advertising system that could reveal users' sexual orientation to advertisers. It's not just a theoretical concern: A Stanford researcher used targeted ads to determine a user was gay.
The New York Times reports on a recent paper by Stanford Computer Science researcher Aleksandra Korolova. In it, Korolova describes how she used a highly-specific Facebook ad campaign to figure out one female user was gay, even though her orientation was set to "friends only."
First, Korolova gathered publicly-accessible information about her target: age, location, educational background, interests. (She targeted a friend so as not to be creepy.) Then she plugged this information into Facebook's advertising system to create an ad which would only be displayed to her target, along with the condition that the ad only be displayed to women interested in women. When Facebook's advertising system showed the ad had been displayed, Korolova knew the target was gay. (Or, at least, that her target was "interested in women" on Facebook.)
The cost of finding private information this way is "a few cents," according to the paper, and Korolova used the same technique to figure out a target's age and other sensitive stuff. The Times says Korolova notified Facebook of the problem in July and Facebook addressed the vulnerability by making it impossible to target less than 20 people with an ad. But Korolova says in her paper that someone could simply create 20 fake profiles with the target's characteristics to work around the limitation.
Good to know! We're planning on doing this to every maybe-gay celebrity in the world. Surely one of them has yet to realize that you shouldn't put anything on your Facebook profile that you don't want strangers to infer using micro-targeted ads. [NYT]