Looks like Facebook's "Beacon" poses a horrific privacy risk
Photo by Flickr user plynoi. Used under a Creative Commons license.
So I'd been thinking about trying out this Facebook thing. Recently I'd noticed several sex, politics, and relationship-oriented bloggers and site operators have been setting up Facebook groups, and since a lot of people go there I thought maybe I'd get an account so, at least, I could hook up with those other groups and... do whatever the heck Facebook would to be useful for.
Now comes word from the venerable and highly-respected-in-tech-circles InfoWorld.com that Facebook's owners are *adamant* that they'll never back down on their new Beacon software's information collecting *and sharing* feature.
Facebook's CEO and Founder Mark Zuckerberg has profusely apologized for missteps in the design and deployment of the Beacon ad system, but he remains unrepentant about what privacy advocates consider a particularly egregious feature.
InfoWorld PodcastAbsent from Zuckerberg's mea culpa Wednesday is any indication that Facebook plans to modify the system's ability to indiscriminately track actions of all users on external sites that have implemented Beacon.
...
Even critics of Beacon had generally assumed that the ad system limited its non-Facebook tracking and data reporting to Facebook members who were logged on to the site.
However, in the past week, CA security researcher Stefan Berteau stunned many when he reported that Beacon tracks all users in these external sites, including logged-off and former Facebook members and even non-Facebook members, and sends data back to Facebook. He also found that logged-in Facebook users who declined having their actions broadcast to their friends still had their data sent to Facebook.
Beacon, already blasted for weeks by privacy advocates like MoveOn.org and the Electronic Privacy Information Center, as well as by concerned Facebook users, has come under renewed attacks as a result of the findings from Berteau's independent research.
Facebook confirmed that this broad user tracking function remains untouched in Beacon, despite the changes announced Wednesday, a spokesperson said in an e-mail.
It allegedly tracks you even if you opt out with their little "Don't append stories about what you've purchased, browsed, or accidentally stumbled upon on arbitrary external websites to your profile" feature in their "Privacy" settings section. That only prevents the sites from *telling your friends* about what you did while you were there.
Under the agreement with external sites Beacon allegedly continues to track you even if you're not actively logged in to Facebook at the time. In fact Facebook will continue to track you via Beacon *even if you quit the service!*
They'll even received purchase and other information from cooperating websites of people who've never, ever *been* facebook members, but, of course, they won't (yet) have all the personal profile information (a.k.a. *your identity*) such as family, social, and professional affiliations plus all the intensely personal questions about, say, your first kiss or your mother's maiden name...
...and, assuming you don't have an account, they won't be able to tie *you* to *all your friends* and *all their "friends"* to these arbitrary websites.
So anyway, the point I'd like to make about Facebook accounts for bloggers is that *even if* you're not concerned for your own privacy -- and for you it might be perfectly reasonable not to be concerned about that for yourself -- it's still the courteous... responsible... even *decent* thing to consider whether any of your on-line friends have reason to be concerned about *their* privacy, have reason to fear being traced as friends of anyone who browses sites and makes the purchases you make or leaves the comments you make... people who might be worried about stalkers (stalking being a form of OCD, stalkers can be stunningly persistent, creative and resourceful) or involved in lawsuits or custody disputes... then do your friends a favor and think twice before establishing or tying your Facebook account even peripherally to anything where privacy might be an active concern.
---
Techno-twit note: On the face of it this Beacon thing looks a lot like a real version of the 90's-era controversy over website "cookies." The difference being that cookies were scandalous because websites could store your personal information on *your* computer. (Don't worry though, thanks to lots of activism and legislation, website operators were obliged to stop storing your personal information on *your* PC... where it was inaccessible to other websites and, if you turned off your machine and/or deleted your cookies, was inaccessible to the original website as well. So now, almost universally, website operators store your personal information on *their* databases... where no amount of cookie-deleting will erase it.) And if cookies were a complete and utter false alarm, this Facebook business seems a lot more ominous. Yes, yes, they say the won't share or sell your information *outside* the system, but given the ping/ping-back nature of its communication with outside vendors there's no reason (beyond your personal faith in their respect for your privacy and faith that they'll always resist temptation to earn a great deal of money) to believe they wouldn't share your advertisement "personalization" information (i.e. your identity) to anyone willing to pay for it.
With any luck I'll get to look back and say "sheesh, I was such an alarmist to go off like that." And who knows, maybe Beacon is the sort of revenue-generating feature that'll help Facebook grow large enough that, like Google or Amazon, they're not really in reach of "interested party" organizations like Tom Cruise or Mitt Romney's activist religions or Rupert Murdoch's conservative-government-suck-up enterprise. If any or all of that comes to pass, and if it turns out that my concern is unfounded, then I'll very cheerfully issue mea-culpas and otherwise admit I'm descended from Chicken Little.
Until then, however, I'd recommend using virtual condoms and other common forms of online sex safety when using a Facebook-related account to hook up with other sex-related friends.
as a facebook user (talked into it by a college friend since i was/am adamant against joining myspace), i personally don't trust any claim that my private information will not be sold*. (and incidentally, even if you delete your account, it is still held on their computers).
whatever personal information i (and everyone else) put on their site is done voluntarily and of my own free will. personally, i can dispense with it since all that's there is my cell phone number for people that can't seem to remember it. and i'd like to think that people i'm really friends with actually bother to talk to me/email me to find out what's going on in my life rather than using the feed.
all that being said, i still use the site for the fact that there are intelligent discussions to be had in groups (and also semi-important work industry related information, depending on what business you're in), by people that aren't afraid to disclose their real name - things that i haven't seen other websites do. to me, this is kind of important because it lends a certain level of authenticity to the friendships built in a way that's different from the discussions held on blogs/message boards.
*and i joined the site when it was still restricted to academics/college students
[Well, in a way it's totally predictable -- they didn't charge users anything (as far as I know) and while a service like theirs can't have very much real overhead it's not free... and therefore they're free to exploit the billions of dollars worth of potential demographic and marketing information people have been giving them for free any way they wish. This one just happens to be a particularly low-rent/sleazy multi-level-marketing-quality way to capitalize that sort of belies their cooler-than-myspace hipster/academic/professional corporate image. (The potential for abuse, by the way, seems to have been there all along. The new skeevy stunt just brought it to my attention.) Thanks, Kermit. --fl]
I set up another email account for FB and a semi-pseudonym as my name. The only thing that is really identifying is my birth date.
I have few friends there because I thing my everyday friends should just pick up the phone. That could be why I don't understand the entire FB phenomenon.
[Thanks, J. --fl]
There's a certain irony in all this for me, since I joined Facebook mostly to get a peek into my students' lives. Some of them are astonishingly naive about privacy and their FB activities. And I've sometimes learned way more about them than I wanted - for instance, the polite, diligent, intelligent young man who sat in the front row of my intro to women's studies class and belonged to a FB group called something like "We fuck bitches without condoms."
There's now a patch for Firefox that promises to "de-Beacon" my life, but I'm not sure it goes far enough to stop FB from silently monitoring me. The patch is at www.debeacon.org.
and I'd be interested to know if it fixes the problem ...
This is clearly karmic payback for my being so nosy.
[Thanks, Sungold. Yeah, let's see how quickly browser makers can catch up with user's privacy concerns... and how quickly privacy privateers can work to defeat those efforts. %#%!~~#$ --fl]