Facebook Beacon Privacy Issues Worse Than Previously Thought?

An anonymous reader writes "Further developments in the Facebook Beacon affair ... According to PC World, a Computer Associates researcher claims that Beacon, when installed on participating sites, is sending data about users' activity back to Facebook, even when a user is logged out of Facebook - despite Facebook's claims to the contrary."

Not sure how this works

Could somebody explain how exactly they tie your other sites to Facebook if you are not logged in? Is it by email, by checking for cookies? I use throwaway emails on a lot of these partner sites so I'm not sure exactly how they're going to tie spam_address2@mail.com to myname@school.edu.

Re:Not sure how this works

Probably 'web bugs'. These are usually 1x1 pixel images, placed on the 3rd party page but served from Facebook's domain. The web bug can then access all your Facebook cookies and pass details onto the 3rd party site.

A trick borrowed from spammongers, who embed these things in emails to vaildate email addresses.

Is *that* what that was?

[brogdon]

I was playing some rinky-dink flash game on kongregate.com and all of the sudden a little DHTML window panned up from the bottom of the browser and said "Tower Defense has added a story to your Facebook profile."

At that point I had three questions:

1) What is a flash game site doing talking to Facebook?
2) How do you know what my Facebook ID is?
3) Where the fuck do you get off?

I had to go several menus deep in Facebook to figure out how to opt-out of this crap. I haven't been back to kongregate since. Absolute crap.

Re:Let them know

[Wuhao]

Do both. Going after the advertisers is an effective way to persuade an ad-driven media company. No advertiser sticks around when they realize that their ad campaign is actively harming their company. We need more people telling sites like Kongregate that they won't be visiting since they support this shit, and then sites like Kongregate probably won't support it anymore and Facebook won't get paid for it and the entire Beacon campaign will get dropped like a ton of bricks.

Re:An honest and serious question.

[Skrynesaver]

I've an account, while I don't use it much it has enabled me to get back in touch with friends I haven't seen for nigh on 20 years. People move to other countries and back in the day they didn't have email addresses or the like, so for some of us older folks it has a use, as to the constant update carry on, well for those that want to I guess it's ok, personally it's just a way of finding old mates who I'd lost touch with.

Re: angry emails to facebook's sponsors

[giafly]

Don't do this because your angry rants can be linked with your facebook account and available for data mining. You do want a job after college I assume?

If you are non-technical:

1. send the sponsors a complaint letter in the post.
2. if sponsor runs a blog, post factual reports of this issue

If you are technical: consider the fun to be had from Beacon.

Re:Block the "Feature"

[empaler]

Until facebook changes the site that beacon lives on to a mirror list that the participating company checks periodically. Facebook would never do something as insidious as that.
Their updated, improved Beacon 2.0, codenamed "Bacon" will, completely incidentally, have a new URL that changes daily - cos of new features, see? Due to the... complex nature of these features, and, er, to protect user privacy from malicious activity, it won't be trivially facebook.com/bacon/$date, but a pseudo-random alphanumeric URL based on your user name, spending habits, number of sexual partners, and curry; e.g. facebook.com/dfh7usd3kiwiqnhu. Share and enjoy.