Check the link below for more context-setting and analysis
But this latest Facebook privacy scare has actually been brewing for more than a decade. It's all down to a "vulnerability" that was described back in 1999 by Tim Berners-Lee and others working on version 1.1 of the HTTP standard, and which underlies the web: "The Referrer header allows reading patterns to be studied and reverse links drawn. Although it can be very useful, its power can be abused if user details are not separated from the information contained in [it]." Here's what that means: Every time your browser loads a new webpage, or a section of one, the server providing the data gets to know the address of the page that sent you there. The same process is at work when you're interacting with an app inside Facebook, which means the app gets a Referrer header containing your unique Facebook ID.