Just as people were beginning to settle in to Facebook’s much-reviled new privacy settings, some more news has come out casting a negative light on the change. According to Wired, an exploit in one of Facebook’s free features allows unscrupulous individuals the ability to mine extensive pieces of data about Facebook users all from one piece of simple information: their e-mail address.

From Wired:

The hack, first publicized by blogger Max Klein, repurposes a Facebook feature that lets people find their friends on Facebook by scanning through e-mail addresses in their contact list.

But as Klein points out, a  marketer could take a list of 1,000 e-mail addresses, either legally or illegally collected — and upload those through a dummy account — which then lets the user see all the profiles created using those addresses. Given Facebook’s ubiquity and most people’s reliance on a single e-mail address, the harvest could be quite rich.

Using a simple scraping tool, a marketer could then turn a list of e-mail addresses into a rich, full-fledged set of marketing profiles, with names, pictures, ages, locations, interests, photos, wall posts, affiliations and names of your friends, depending on how users  have their profiles set. Run a few algorithms on that data and you can start to make inferences about race, income, sexual orientation and interests.

While that information isn’t available for all users, Facebook changed its privacy settings in early December so that certain information can’t be made private, including one’s name, current city, profile picture, gender, networks and friend list (the latter can be somewhat hidden from public view).

Anyone with your e-mail address can harvest that information, the company admits.

Obviously, this is an unacceptable loophole, but it’s one that Facebook has no intention of fixing. In changing its privacy settings, Facebook made it so that even with the most stringent privacy controls in place, users still were obligated to share certain public information. To fix the loophole would require reneging on the main purpose of the privacy change in the first place, which was to open up Facebook to greater advertising revenues.

The only comfort Facebook offers users against the pain of having their information potentially scraped and sold to the highest bidder is that, according to a Facebook spokesman, the company “works to catch rogue marketers and sets a limit on the number of e-mail addresses that can be run through its system.”

Data mining is the lifeblood of Internet marketing, and, despite possible crackdowns from Congress, there’s no chance of it going away anytime soon. Nevertheless, it’s still disconcerting to see how loopholes like this one can crop up so easily. When we choose to use social networking websites, we should be able to choose who we share our personal information with. So long as people continue flocking to Facebook, however, the company has no incentive to augment its terms of service.