From the "I'm-Shocked!-Shocked-I-Tell-You" department: Facebook, MySpace, LiveJournal, Hi5, Xanga, Digg and other social-networking sites deliberately broke their own stated privacy policies and sent data to advertising companies that could be used to find and identify users' names and other personal details.
Facebook calls it a "privacy loophole". I call it dirty dealing, lying, and outright deception.
The companies, most of whom defended their actions, sent user names and/or ID numbers tied to personal profiles when users clicked on an ad. This information could be used to spy on the individual user profiles, and depending on the site and the information that the user entered, could link to or include information like the person's real name, their age, hometown and even their occupation.
After The Wall Street Journal started investigating, Facebook and MySpace moved to make changes. What that means in plain English is that they did their best to cover their tracks, and make the smallest changes they could while still not admitting they did anything wrong.
Some of the advertising companies identified by the Journal as receiving the data were Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media. Doubleclick and Right Media claimed they were "unaware" of the data being sent to them and said they haven't made use of it. To be blunt, I find both of those claims difficult (if not flat-out impossible) to believe.