In their report, it says, "Across the Web, it's common for advertisers to receive the address of the page from which a user clicked on an ad. Usually, they receive nothing more about the user than an unintelligible string of letters and numbers that can't be traced back to an individual. With social networking sites, however, those addresses typically include user names that could direct advertisers back to a profile page full of personal information. In some cases, user names are people's real names."
When this was reported, Facebook and MySpace have announced a change in their software to protect their users.
If you like this post, buy me a cup of coffee.