Facebook's privacy problems continue this week after researchers discovered that Facebook may inadvertently be outing gay users to its advertisers. Saikat Guha from Microsoft and Bin Cheng and Paul Francis from the Max Planck Institute for Software Systems set out to study the challenges in targeted advertising systems (PDF) online, but found that advertisers can ferret out gay users from straight users just by looking at who's clicking—even when that sexual orientation is hidden.

The team set up profiles for straight men, straight women, a gay man, and a lesbian to see how the ads differed between the different types of users. The ads did change for the gay and lesbian users, though the difference in the ads was much greater for the gay males (compared to the straight males) than gay females, "indicating that advertisers target more strongly to [gay males]" reads the paper.

This in itself isn't a huge cause for concern, but the researchers were disturbed by the fact that the text for the ads were sexual-orientation-neutral, even though they were measurably different. Half of the ads were exclusively shown to gay men, but the text associated with them was neutral, therefore not giving a clear indicator to those users that the ads they click were directly tied to their sexual orientation.

"The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by clicking it he would reveal to the advertiser both his sexual-orientation and a unique identifier (cookie, IP address, or email address if he signs up on the advertiser’s site)," wrote the researchers.

If the advertiser in question also collects other data, such as Facebook ID, the info can be tied together without much thought, even if the user has not made that information public. As we saw earlier this week, Facebook IDs and other user info are running rampant across ad networks and third-party app developers, and the collection of such information (especially when tied to something as sensitive as sexual orientation) could spell disaster for a user who thinks he's being fastidious when keeping his profile private.

Facebook's official policy is that any data collected by advertisers must be anonymized, but given this week's discoveries regarding Facebook IDs, it's pretty clear that there isn't anyone making sure the policies are enforced until after the fact. This is one area that two Congressmen focused on in their recent letter to Facebook CEO Mark Zuckerberg, but it's unlikely that any major changes to how Facebook handles its advertisers will come anytime in the near future.