Facebook users have started to get more and more concerned about the privacy of their personal data recently. Non-Facebook users might start getting worried as well. A recently filed complaint from Ireland’s Data Protection Commissioner alleges that Facebook purposely uses covert methods to coax Facebook users into handing over information about their non-member friends and then hoards that information, creating dossiers on non-users.

The complaint alleges that mechanisms like syncing phone books and email contact lists, sending invitations, and even search queries are being used by Facebook to not only collect and store information about non-members, but to con members into handing it over frequently and in quantity. As “proof” the complain points out that often, non-users will get invitations listing people whom they know in real life. This kind of information, the complaint suggests, could be being used for less than legal purposes.

After July 31, Google will force everyone’s Google Profiles to go public. A message on the Google Profiles page explains:

The purpose of Google Profiles is to enable you to manage your online identity. Today, nearly all Google Profiles are public. We believe that using Google Profiles to help people find and connect with you online is how the product is best used. Private profiles don’t allow this, so we have decided to require all profiles to be public.Keep in mind that your full name and gender are the only required information that will be displayed on your profile; you’ll be able to edit or remove any other information that you don’t want to share.

If you currently have a private profile but you do not wish to make your profile public, you can delete your profile. Or, you can simply do nothing. All private profiles will be deleted after July 31, 2011.

Not exactly something as staggering as the initial Blizzard RealID scandal, considering Google is only forcing a profile name and gender to be public, and technically, nothing is stopping a user from using a fake name. The change has been announced for a while now, but with the release of the Google+, Google is pretty much forcing users to submit to going public, assuming said users want to use a service that is currently garnering the biggest buzz across the Internet. Google+ does, however, allow users to remove their profiles from Google searches, so at least they can somewhat disappear.

(via Search Engine Land)

It’s been a rough week for Apple, since a pair of researchers put forward the shocking claim that iPhones and 3G iPads were keeping a log of user’s movements in an unsecured file. After seven days of near-silence, Apple has finally issued a Q&A on how, exactly, the location data stored on iPhones is used. Their answer is, to say the least, quite intriguing.

The thrust of Apple’s argument is that they have never been tracking your location, and that the information within consolidated.db is actually not even your data. Confused? Understandable.

On the heels of the furor over the iPhone’s unsecured location log, the Wall Street Journal is reporting that the iPhone continues to store location data in the consolidated.db file even when location services are disabled on the phone. This is in direct opposition with previous statements from Apple, unrelated to this recent revelation, which claimed that users could opt out of all location gathering operations.

In their follow-up research to last week’s revelation about the consolidated.db location information, the WSJ found that deactivating location services from the iOS settings panel did not stop data from being logged.

U.K. researchers Alasdair Allan and Pete Warden have announced what has apparently been known in the digital security fraternity for some time: That your iPhone logs your movements and stores this data for extended periods of time.

Starting with iOS version 4, the researchers found that iPhones began logging and storing location information in a filed called “consolidated.db.” This file shows the user’s latitude and longitude, and is timestamped to the second. Troublingly, this information is not encrypted on the phone or on the iPhone backups made by iTunes. The file is also persistent, transferring itself to a new iOS device when the old one is replaced. Because data started to be logged in June 2010, the release of iOS 4, it is not known how long the data is stored.

The primary concern, beyond the fact that this data exists at all, is that is apparently not well protected. The data is not encrypted, and were a user’s device or computer to be stolen, the location information could be extracted with relative ease.

The purpose of this log is completely unknown.

An investigation of the Pandora mobile app by Veracode has revealed that the popular free music streaming app is sending reams of personal information to advertisers without the user’s knowledge or consent. The Wall Street Journal, which initially investigated several free mobile apps and discovered similar information-broadcasting mechanisms, is also reporting that a federal investigation has been launched into the makers of these apps and that Pandora has been subpoenaed.

Veracode has published their findings, indicating five different libraries of advertisers’ code in the Pandora app from AdMarvel, AdMob, comScore, Google.Ads, and Medialets. Veracode confirmed that the app was, indeed, sending information including gender, unique phone identifiers, IP address, connection status, bearing, altitude, and geographic location, among other information.

Well this is ill-advised: In one of those efforts to make something more “social” that does not really need to be more “social” at all, whimsical stuff-buying site Etsy has rolled out something called People Search, which a) allows people to search for other Etsy users by real name rather than purchase name, b) links these identifiers to purchase history, and c) automatically opted all users in without much warning. Considering that most Etsy customers (and presumably customers of most e-commerce sites) do not want their order histories shared, this is not a good thing.

A Penny Arcade forumer illustrates just how not good a thing it can be for Etsy customers:

Oh god. I was looking for an example to give to a reporter that asked me for one, and I just found a woman who’s Etsy profile comes up on Google as the 5th link. I was expecting 6 or 7 pages down, but it’s on the very first page, right after her online resumes (four of ‘em – so I guess she’s looking for work and this cannot be helping). She signed up a year ago, under the old privacy policy, and hasn’t logged in since 2010.

And now I know what dildo she uses. Right down to the curvature and coloring.

Update: Etsy has fortunately rolled back some of the changes, making purchase details private.

We take privacy very seriously. We work with TRUSTe and audit our privacy policies regularly, notifying all members via email any time a substantive change is made.

In the future, we may provide an option to share individual purchases publicly at the time of purchase. This will be completely opt-in and on a purchase-by-purchase basis.

We are deeply sorry for any confusion and will work hard to regain your trust.

This sounds like one of the most disastrous, privacy-destroying changes a site has implemented in a long while; the much-criticized Facebook privacy changes last spring were not nearly this bad.

Luckily, our sister site The Mary Sue has a guide to changing Etsy privacy settings.

The Wall Street Journal is reporting that many Facebook applications are sharing users’ personal information in violation of the company’s privacy policy. According to Facebook’s terms of service, apps cannot transmit users’ personal IDs, the unique strings numbers assigned to every user, with which a simple Google search can determine the identity even of someone with the strictest privacy settings.

But many of Facebook’s 550,000 apps, including all ten of the top ten apps, are doing this anyway, covertly giving access to “people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies.”

Update: Many people hate this WSJ article and think it is dumb.

A few days ago, the Wall Street Journal published an interview with Google‘s CEO Eric Schmidt. It delved into a number of things like the Verizon deal and Schmidt’s excitement for Minority Report-style “targeted advertisement,” but the folks at the Telegraph noticed a truly interesting quote nestled unto the discussion. Schmidt apparently believes that, as time goes on and we reach a point where every single person has embarrassing information and pictures from their adolescence posted on social media sites online, it will become commonplace for people to automatically change their name once they reach adulthood.

The recap: this February, parents of children in the Lower Merion, Pennsylvania high schools brought suit against the district, claiming that their children had been issued laptops with enabled webcameras without their knowledge, and that the school district had used those cameras to take thousands of pictures without student or parent consent or awareness.

The update: federal prosecutors have announced that they will not be pressing criminal charges against the school district, saying that no evidence of criminal intent was found.