Facebook was one among leaking user data to advertisers; Facebook has closed up that privacy hole, announced Facebook. Facebook’s Matt Jones writes, ” In some cases the referrer could contain the user ID of a profile you visited, including your own, but we were not aware of any way that a user ID on the referrer could identify the person who clicked on the ad. We’ve been testing different solutions to remove user IDs completely from referrer URLs since their inclusion was first brought to our attention.” The fix is now live in every browser but IE, and Facebook is working on that. However, in a rarely occurring case, advertisers knowledgeable about structure of Facebook’s URLs could use referrer to determine when someone who clicked on an ad had been viewing his or her own profile, thus potentially enabling them to infer user ID of that person. We’ve no reason to believe that any advertisers were exploiting this, and doing so would have been a violation of our terms. To our knowledge, none did.
“we began rolling out a change to completely remove all user IDs from appearing in referrer links before web browsers send the links to external websites, including to advertisers. We’ve been working for the past few months on this change. It is live for the Firefox, Chrome, Safari and Opera browsers, and we’re working on a solution for Internet Explorer.”
More Info: Protecting Privacy with Referrers