Facebook and your privacy

Months after geeks who hate walled gardens hailed Facebook as the great exception, Facebook announces that it is wholesaling our privacy to any turdball with a dirty nickel to spend. So what else is new? And what do we do about it?

In a titled-for-SEO-rather-than-readers article, “Do Facebook users care about “privacy issues?” What about Doubleclick?,” Eric Eldon defends Facebook’s violation of its users’ privacy on the grounds that not many users have protested.

Some may not have protested because the petition against Facebook’s Beacon advertising feature is hosted by Moveon.org, an organization half of America considers a tool of the Antichrist. Many more may not have protested because they don’t know Facebook is violating their privacy. In a prove-nothing survey, no Facebook user I talked to yesterday was aware of the Facebook privacy concerns.

The New York Times explains what Moveon and members of the Facebook group, Facebook: Stop invading my privacy!, are protesting:

MoveOn is objecting to a new advertising technique that Facebook announced a few weeks ago that posts members’ purchases and activities on other websites in their Facebook profiles. Users can choose not to have the information posted from individual sites, or “opt out,” whereas with most Facebook applications associated with external sites, users must proactively choose to participate, or “opt in.” With the Beacon feature, if a user does not specifically decline participation, his or her Facebook friends will get a “news feed” notice about the purchase.

Back to Eldon. The interesting tidbit in his titled-for-SEO article is the suggestion that MoveOn is protesting the wrong thing, and that the problem goes well beyond Facebook:

Facebook uses the cookie it requires for logging into its site to track what you do on other sites, from what we can tell. These cookies are unique identifiers—code sent to each user’s computer from Facebook, and tracked by Facebook when they visit web pages.

In other words, Facebook tracks what you do when you are on websites other than Facebook, and shares that information with its advertisers and your Facebook friends. Hmm, who else does that sound like?

Google’s Doubleclick and Microsoft’s Atlas ad networks also use cookies to track user actions, and this is a long-standing issue for online privacy advocates. In fact, the U.S. Senate is looking into Doubleclick’s privacy issues now. We have not heard MoveOn comment on cookie tracking as it relates to Beacon or any other company that uses cookies to track users.

Spurious “no comment” jibes aside, Eldon has a point. Even if you feel smug for never having joined Facebook, unless you anonymize all your web browsing sessions, refuse to use or accept cookies, turn off images (in case one of them is a “tracker GIF”), and go into the woods with Ted Nugent and a crossbow, Big Advertising already has your number. It knows where you live, where you shop, and how much porn you download.

But that DoubleClick sins doesn’t excuse Facebook from betraying its members’ trusts.

(And yet, what else should we have expected? Did we really think Facebook’s investors just wanted us to have fun? Did we believe if there was a way to make a dirty dollar, they would scorn it on ethical grounds? This isn’t the Well, people.)

Stipulate that we like using Facebook but that we don’t wish to be denuded for the enrichment of goblins. Beyond joining the group and signing the petition, what do we do?

[tags]facebook, privacy, advertising, web advertising, doubleclick, socialnetworking[/tags]

41 thoughts on “Facebook and your privacy

  1. We delete our Facebook accounts, which are really never deleted. That’s another story we should talk about.

  2. Maybe I’m radical or something but I prefer just to not use Facebook.

    One of the things I’ve never liked about the walled-gardens (vs. having my own site out in the wild) is that I have to cede control over my stuff to somebody else. Once I do that, I might as well know the landlord could do something that isn’t cool with me.

    I think freedom and doing your own thing rather than running through somebody else’s filter is a big part of what makes the www worth bothering with. Maybe it’s messier that way but I don’t mind.

  3. Heh I think that Beacon thing sounds like quite a good idea.

    Facebook users expect ‘apps’ to post notifications about their actions to their ‘mini-feed’ and thus the ‘news-feeds’ of other users (because the news feed selectively aggregates mostly from your friends’ mini-feeds). If an advertisement behaves like an app, then this is behaviour most people would not be unhappy with.

    You can decline to let an app post anything to your mini feed on an app-by-app basis.

    I see no issue for those who know how to use Facebook properly, and in my opinion they make this easy enough.

  4. I come and go from facebook. The privacy issues were a concern for me when I first left (or deactivated my account) a few months ago. Maybe a facebook user strike would do something…

  5. When I began using Facebook a few months back I pretty much assumed (who reads Terms of Service documents?) that everything I do on the network is fair game for Facebooks’s team of people responsible for milking cash out of their users. Okay. Having them monitor and make use of outside web use is just cold, though. Sure, Google does it and that is unsettling. But Google makes no claim to be (or appearance of) a separate system apart from the rest of the web. Facebook does.

    Also wondering about something I’ve recently been looking at – as mentioned on by a colleague here – that Facebook claims complete copyright control over all user-supplied material… photos, video, writing, etc. I’m not familiar enough with the Terms of Service of similar networks to know if this is unusual.

  6. You can decline to let an app post anything to your mini feed on an app-by-app basis.

    One of the problems that people have with this program is that you can’t just opt out of it. You can opt out of it on a site-by-site basis, apparently, but can’t just say “not interested.”

    That said, you are given two chances to avoid getting this stuff posted to your profile, one at the merchant’s site and one when you log in to Facebook.

    Personally I’m not too concerned because I don’t buy much online, and would just say “no” at purchase time if I so desired. But I can understand the concerns of an “opt-out in a slow and painful manner” system versus an “opt-out” or “opt-in” system.

    The best bet is for everyone to block beacon.facebook.com if they’re at all concerned. If you’re not running a browser that can do site blocking, google for how to edit your hosts file.

    …the news feed selectively aggregates mostly from your friends’ mini-feeds…

    BTW news feed and mini feed are two separate entities; if you remove something from your mini feed, it remains on your friends’ news feeds. An application’s privacy setting will have controls for both items separately.

  7. There is nothing that can be done for non-tech-savy people. They are happy enough to bang in their hotmail log-in details for some random application with not a concern in the world. So something as subtle as this they will neither understand nor care about.

    However, I’d love a firefox extension that only allowed cookies to talk to the origin site, and also that deleted the cookies set by a site as soon as the tab was closed. Might help a little.

  8. Microsoft did invest 250+ million into this little Facebook Web 2.0 venture. What did you expect — a business model that was not capable of a ROI regardless of how FUBAR that model may be?

    Web 2.0 is one big experiment that will probably [justifiably] be characterized, in a few years, as a failed experiment with much too little thought applied by its promoters and developers.

  9. One could also complain directly to the companies that have signed up for Beacon. Facebook’s press release mentions eBay, Fandango, CollegeHumor, Busted Tees, iWon, Citysearch, Pronto.com, echomusic, AllPosters.com, Blockbuster, Bluefly.com, CBS Interactive (CBSSports.com & Dotspotter), ExpoTV, Gamefly, Hotwire, Joost, Kiva, Kongregate, LiveJournal, Live Nation, Mercantila, National Basketball Association, NYTimes.com, Overstock.com, (RED), Redlight, SeamlessWeb, Sony Online Entertainment LLC, Sony Pictures, STA Travel, The Knot, TripAdvisor, Travel Ticker, TypePad, viagogo, Vox, Yelp, WeddingChannel.com and Zappos.com.

  10. Some tips for savvy browser users (i.e. anyone reading this site):

    Block Facebook Beacon tells about blocking Beacon in Firefox. And a Facebook Privacy group member wrote:

    Mac Safari Users:

    If you want to block Facebook’s beacon on Safari you can install either PithHelmet or SafariBlock. Both allow you to add and define filters and you pretty much use it the same as the BlockSite plug-in by adding http://*facebook.com/beacon/* as a rule.

    It’s good software to have installed anyway. Enjoy!

    Blocking the stuff in Firefox or Safari is like having a raft. It doesn’t stop Katrina from wrecking everything, but at least you don’t drown.

  11. Jeff, have you heard of anything that could work with Opera (for the benefit of those that use it)?

    Anyway, back to the blog post. Did Facebook ever hear of a thing called an “opt-in” system? Apparently not. Oh well, if this hits the mainstream media, I hope they’ll enjoy the foot-in-mouth, egg on the face with an extra side of crowk they’ll be eating, because they’ll get a lot of it.

    (Another reason why I tell people it’s better to get people to opt-in rather than just assume it’s ok to do whatever they want with people.)

  12. And to think I thought I was being a jerk swearing off community sites all together. I gave facebook a chance for the sake of the dwws community and wham they take advantage of our trust.

    Bastards. I’m all for protesting but to be honest far too many people don’t care that they lose their privacy. They are the 98% that don’t care what’s in the patriot act. Screw privacy and freedom, give me cool services and keep me safe any day.

  13. Yeah, this one really doesn’t come as a big surprise – personal data is such big business/income – and Facebook are about making money (just like almost everyone else). They’ve had to be very subtle about how they get the data, and Facebook definitely encourages a false sense of security from the outset, but it was only going to be a matter of time before third-parties with enough cash could start tapping in to the personal data (potential) goldmine. Wait, does that sound too cynical?

    Bottom line is: if you don’t want the world to know about something, don’t put it down on anything…the Web, the computer, even a bit of paper. The moment data is available – there’s always some sort of way to retrieve it.

    Certainly, once Facebook users become more aware that their personal data is at risk of exploitation (or already being distributed) then it will likely cause a surge of mistrust, some users might already leave the site altogether! One of the things Facebook is counting on though – is that the site, the personal groups formed and discussions that occur on it, are sufficiently important to the common user’s web browsing habits that they really can’t leave (see MySpace – how many millions of users are all sat on there, know exactly how crap it is, but can’t leave because all of their buddies are on their too?) This is what Facebook is counting on too.

    Simply: Public awareness of the level of (any) data misuse by Facebook is what needs to be addressed first…and then see how people react to the privacy options available to them – will they close their accounts? Probably not.

    Dustin: You know it! Hahaha

  14. Has anyone thought that a lot of Facebook users aren’t protesting because they don’t care? Maybe they should, but they don’t? The 70’s gave us the “Mee Generation” and this one is the “Look At Me” generation.

    Remember, a lot of the millions of members of facebook are kids who post videos and party pictures online, kids who put TMI (too much information) in their profiles, kids looking for attention from their peers and strangers alike. This exposure of their shopping habits, for many of them, is just another element of the lowering of personal boundaries that blogging and social networking have wrought.

    There seems to be an assumption that if Facebook users knew about this, they’d be outraged, thus a lack of outrage = ignorance. But maybe their lack of outrage isn’t due to ignorance. Perhaps they’re not outraged because they’re coming from a point of view where this isn’t outrageous.

    – Greg

  15. Does anybody actually have or use those dumb social networking accounts like facebook, myspace or the twitter/magnolia masturbation? Aren’t these geocities-type internet fads dead already? Good for farcebook or facesoot or whatever they call themselves in silly “web 2.0″ of the moment. Let’s get back to web standards and posting stuff about design/markup/creation that matters more than 5 minutes from now.

  16. Perhaps they’re not outraged because they’re coming from a point of view where this isn’t outrageous.

    Isn’t that part of the definition of a child?

    Social networks know their demographics and how the service appeals to kids. Parental responsibility aside, where is the owner/developer responsibility?

  17. Does anyone know whether or not Beacon/Facebook is in compliance with COPPA [Child Online Privacy Protection Act]? They couldn’t be that foolish not to be in compliance. Or could they?

  18. While the issue of being tracked by cookies and how that information is shared is an important one, Beacon, from a technology standpoint, is a separate issue entirely. It is not possible to reliably do what Facebook/Beacon is doing with cookies alone.

    Even more importantly, it’s not possible to do what Facebook/Beacon is doing without the cooperation of the merchant website.

    There’s a good technical write up over here, but I’ll quote the most important bit.

    The partner site page includes the beacon.js file, sets a meta tag with a name, and then calls Facebook.publish_action.

    So, if this upsets you, in addition to the polite email you’ve certainly sent to Facebook, a polite email sent to the Merchant in question is also in order.

    Getting back to my original point, this has zero to do with cookies, and everything to do with

    1. Merchant sites sharing information with Facebook

    2. Facebook publishing this information

    3. Both there things happening happening without your explicit opt-in (except for the standard, draconian, “we can beat you senseless you with a plunger and you have to smile” TOS agreements

    Don’t get me wrong, the third-party cookies and ad tracking is worth considering, but conflating the two issues is going to make this seem like less of a big-deal.

    In the larger context, this is the real danger of internet bubbles and stock-market pipe dreams. This money doesn’t come out of thin air, at some point investors want to see something back, and snake-oil salesmen are forced to adopt ROI techniques pioneered by shady internet markers, which lessens the the value and vibrancy our entire medium.

    Real value, not just dollars and cents.

    Or, 80s sitcom style; Web 2.0? More like Web Two-Faced point oh … (is this thing on?)

  19. @Alan, your comment is more useful than my post. Thanks!

    Don’t get me wrong, the third-party cookies and ad tracking is worth considering, but conflating the two issues is going to make this seem like less of a big-deal.

    In the larger context, this is the real danger of internet bubbles and stock-market pipe dreams. This money doesn’t come out of thin air, at some point investors want to see something back, and snake-oil salesmen are forced to adopt ROI techniques pioneered by shady internet markers, which lessens the the value and vibrancy our entire medium.

  20. All,

    Next week we (the VRM “gang”) will meet during the IIW 2007 in Mountain View.
    The idea of VRM “school” is a 180 degree turn on the relationship between vendor and buyer.
    Today the vendor is in control of the relationship with the buyer, They are keeping the buyers data for themselves, while this data is actually owned by the buyer.
    The VRM line of thinking, is to hand back the control over their data to the buyer/consumer.

    In my blog ichoosr.com/blog I will keep you updated on the progress.
    But do not despair, we are working on it … ;)



  21. What do you do? Ahem… stop using it. Or maybe people are so addicted to (one of hundreds of thousands) social networking sites that they can’t do without?
    I’m a misanthrope, so i’m safe.

  22. What do we do? How about start listening to the people who are just a little skeptic (me included).

    Facebook is a) based in the US and b) not getting any money for their service from users. The former is relevant because companies aren’t forced to a lot of customer privacy. And they have to start making money eventually — now, how do you do that with millions of detailed profiles at hand?

    So please don’t complain if people keep saying “I told you so!”

  23. Dan Schulz said on November 28th, 2007 at 3:39 pm:
    Jeff, have you heard of anything that could work with Opera (for the benefit of those that use it)?

    The solution in Opera is to navigate to Facebook, right-click on some empty space, choose “Block Content”, “Details”, “Add”, type in “http://*.facebook.com/beacon/*” and then “Close”, “Done”. Opera has had this content blocking functionality in its UI since version 9.0 and before that through manual editing of filter.ini since version 6.02.

  24. More than progress! I marked these in Ma.gnolia earlier today:

    Feeling Betrayed, Facebook Users Force Site to Honor Their Privacy
    Last night, Facebook backed down and announced that the Beacon feature would no longer be active for any transaction unless users click “ok.”
    BBC NEWS | Technology | Protests force Facebook to change
    “Facebook members have forced the social networking site to change the way a controversial ad system worked.”
    Facebook Retreats on Online Tracking – New York Times
    “Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program.”

    Thanks to all who joined the group or wrote to Facebook and its advertisers.

Comments are closed.