Will Facebook’s privacy woes ever end?

Researchers have exposed a gaping privacy loophole on the social network that could expose a user’s sexual orientation to advertisers.

Facebook offers targeted ads based on many different demographics, a common advertising technique online. Those ads are targeted based on profile information -- which includes your sexual orientation.

Saikat Guha from Microsoft and Bin Cheng and Paul Francis from the Max Planck Institute for Software Systems set out to study the challenges inherent in using targeted advertising systems.

The team set up profiles for straight and gay men and women, to see how the ads served up differed between the different types of users, explained technology site Ars Technica, The researchers noted the most difference between ads targeting gay males and their heterosexual counterparts.

Half of the ads were exclusively shown to gay men, but the text associated with the ads didn't indicate that they were shown only to users of a specific sexuality. Those users can't realize that the ads they click are shown only to Facebook users with a certain sexual orientation. And thanks to that ambiguity, users who clicked on these ads are unknowingly broadcasting their sexuality not just to advertisers but to anyone who might use that data, explained the researchers' paper.

“The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by clicking it he would reveal to the advertiser both his sexual-orientation and a unique identifier (cookie, IP address, or e-mail address if he signs up on the advertiser's site),” the researchers noted in their report.

“Furthermore, such deceptive ads are not uncommon; indeed exactly half of the 66 ads shown exclusively to gay men (more than 50 times) during our experiment did not mention ‘gay’ anywhere in the ad text.”

The researchers were unclear if advertisers actually keep track of this data -- but the outing of yet another security hiccup adds yet another asterisk to Facebook’s privacy record.

Read more at Ars Technica.