Facebook Beacon Privacy Issues Worse Than Previously Thought?

An anonymous reader writes "Further developments in the Facebook Beacon affair ... According to PC World, a Computer Associates researcher claims that Beacon, when installed on participating sites, is sending data about users' activity back to Facebook, even when a user is logged out of Facebook - despite Facebook's claims to the contrary."

FredDC

[FredDC]

No privacy on a social networking website? I am shocked!
</sarcasm>

Re:FredDC

no privacy OFF a social networking site.. you should be shocked. repeatedly.

Re:FredDC

[zenetik]

What made Facebook different from other social networking sites is that, in the beginning, it was a social network available only to college students. Within that exclusive bubble, members existed within communities limited to members of their college or university. By default, profiles were only available to be seen by academic peers -- the people you have class with or pass by on campus. Before Facebook opened its doors to everyone, most Facebook social connections were those that already existed in the real-world, so privacy wasn't as big as an issue because it remained private within a limited community of peers. Facebook built its success on this exclusive-access strategy and Facebook users have become accustomed to a certain level of privacy not found on other social networks such as MySpace, where social connections are less about adding actual friends as they are about racking up a huge number of virtual friends they've never actually met. In this sense, Facebook has broken the trust with the very users that have made it successful by taking away people's decision to decide what to share with their friends and what not to -- and going a step further by making that information available to third parties. Facebook users view this as a betrayal of an unspoken social contract and they have every right to feel this way because it is a sudden and drastic change of direction from what they've been led to expect over the past few years.

Microsoft and $$$

[vaderhelmet]

What were we to expect with money to be had? They need something to justify that ridiculous price tag they've given themselves. Users = dollar signs to them. It's funny how every time they add a feature that invades the users' privacy to make money, they release some statement like "Oh, once users calm down, they'll find these services to be useful." Putting in privacy controls and restrictions later means they get away with more and only have to patch what users find out and complain about. That being said, don't claim malicious intent where ignorance is just as likely the cause. (Full Disclosure: I was one of the users who has been banned from Facebook for posting negative comments ("spam") during the mini-feeds debacle. So I have some negative bias.)

Re:Microsoft and $$$

[rucs_hack]

This is all a bit silly to me. Ok, so people are annoyed at Facebook, and I see the story has been tagged BigBrother. That's utter rubbish for a start, but of exactly the kind you expect from people who don't really know what big brother represents in 1984, or never read the bookt.

Why can't it be Big Brother? It's an elective free service, which is two things that the figure Big Brother in 1984 most definatelly does not represent. You are under no obligation to use it. That's all there is folks, don't like it? Don't use it, problem solved.

People do like it though, most of the people I know who are on it don't care about this new storm+teacup, which they view as, well, not worthy of notice. Facebook does what they want, end of problem. I use it too. Ok I block the sidebar beacon adverts, but otherwise I like it.

Oh yes, and online shopping is going to be tracked by everyone who can possibly manage it soon. It's big, big money. So Facebook are doing it now, well, give it a year or so and try to find a free online service of this type that doesn't do tracking, or promises not to in the future.

I think you better look up Diogenes for advice first mind.

Re:Microsoft and $$$

[mrbluze]

Why can't it be Big Brother? It's an elective free service, which is two things that the figure Big Brother in 1984 most definatelly does not represent. You are under no obligation to use it. That's all there is folks, don't like it? Don't use it, problem solved.

Now, if I remember correctly (I haven't read 1984 for a few years now), it is Big Brotherish. I mean, sure, it's not enforced, default, systematic spying by a government, but the Big Brother scenario did not get that way overnight in the book. It took many years of phasing in. I think it's discussed in the part where the main character is reading Emmanual Goldstein's highly illegal and very sensational alternative history of the world. (Even that bit is ringing true nowadays)

Re:Microsoft and $$$

[karolo]

In think you are presenting an partial conclusion on what 1984 is about, for starters Orwell was a communist, only not of the type that Stalin liked.
The point of 1984 is how power perpetuates itself through the establishment of a reign of fear (like Stalin did with the purges) through constant surveilance of the people and the presence of an external enemy, whether real or imagined, as tools to control dissent and keep power for its own sake. There is nothing in a capitalist society to stop that from happening, I would say more, because of the way people are lulled into a sense of security an advanced consumerist capitalist society are more likely to fall for it because they feel they have more to lose if the "enemy" wins, and they are more ready to let the changes creep in in the name of security and comfort.

Re:Microsoft and $$$

[wish+bot]

You're going to seriously tell me that when all these people joined FB of their own volition that they wanted their web browsing habits to be tracked, stored, and probably acted on in some fashion? I think it's more likely that they joined so they could hook up with their friends...you know, kind of like what FB was actually about. The subsequent invasion of privacy, tracking and collation of personal habits certainly IS very 'big brotherish' if you want to participate in modern society in any meaningful form. Or you could sever all ties to the internet, "opt-out" and go and live under a rock, is that the choice that what you call 'capitalism' has given us?

Re:Microsoft and $$$

[faraway]

Orwell was a socialist. Communist and socialist are not the same thing.

How to avoid Beacon

[Conanymous+Award]

From a comment on TFA:

Facebook users who also use Firefox to browse the we can prevent facebook's beacon from reporting by doing the following: download the BlockSite Add-on for The Firefox Browser. Under the tools menu, select "add-ons" Select the BlockSite Add-on and edit the preferences. Under the Blacklist, add a new site with the "add" button. enter the URL "http://*facebooks.com/beacon/* Hit return twice and you are good to go.

I wonder if he actually meant "*facebook.com" without an S, though.

Is *that* what that was?

[brogdon]

I was playing some rinky-dink flash game on kongregate.com and all of the sudden a little DHTML window panned up from the bottom of the browser and said "Tower Defense has added a story to your Facebook profile."

At that point I had three questions:

1) What is a flash game site doing talking to Facebook?
2) How do you know what my Facebook ID is?
3) Where the fuck do you get off?

I had to go several menus deep in Facebook to figure out how to opt-out of this crap. I haven't been back to kongregate since. Absolute crap.

This would never happen

[Hanners1979]

I'm sure Facebook would never monitor my activity on other si

It looks like you're writing a comment criticising Facebook! Would you like to:

- Delete the comment
- Tell everyone how great Facebook is?
- Add some more useless junk to your Facebook profile?
- Spam all your friends with a picture of a 'cute' travelling bear?

Re:This would never happen

[VGPowerlord]

"Go away you paperclip! No one likes you!" -- Stewie Griffin

Re:Not sure how this works

[Achromatic1978]

I would presume that rather than removing cookies upon 'logout', they keep a note of the fact you're logged out, and continue to track that cookie, knowing that the last logged in user was you.

Re:Let them know

[arth1]

Um, why bitch at kongregate.com or other sites for using Beacon, instead of just ditching Facebook? Without a Facebook account, this won't a problem on any site.

Uh-oh.

[martensitic]

"Slashdot has added a story to your Facebook profile."

Re:Let them know

[Wuhao]

Do both. Going after the advertisers is an effective way to persuade an ad-driven media company. No advertiser sticks around when they realize that their ad campaign is actively harming their company. We need more people telling sites like Kongregate that they won't be visiting since they support this shit, and then sites like Kongregate probably won't support it anymore and Facebook won't get paid for it and the entire Beacon campaign will get dropped like a ton of bricks.

Re:Let them know

[Volfied]

Actually, you can't delete a Facebook account, only deactivate it. After reading the PC World article a couple days ago, I tried to delete mine, and was told that I could log back in any time and it would be ready and waiting for me. Something tells me they don't stop mining data from other sites just because you've deactivated the account, when they're not even willing to delete your favorite brand of toilet paper from your profile. I wiped every bit of information about me by hand, aside from my wall posts, which were simply too numerous.

Get 'em young and innocent

[gihan_ripper]

This is just the next in a long line of privacy violations by social networking sites such as Facebook. They target a primarily young and non tech-savvy audience so they can get away with the most atrocious breaches in privacy until they overstep the boundary and do something that's blatantly egregious, even to the most innocent Internet users. With Beacon, Facebook allowed other users to see our online shopping habits. I feel that the latest revelation about Beacon "calling home" won't be as resonant with the general public. We've gotten used to a data-mining culture and don't worry about some faceless "they" having access to all this information. Perhaps if we imagined these personal details being broadcast on national TV, it would be a different story.

Re:Get 'em young and innocent

[dyfet]

Yes, but in a culture built around American Idol and reality TV, people WANT to have the personal details of their lives broadcast on national TV! ;)

Re:I hope this will finally make people see

[NoPantsJim]

COULD be made? Hell I made one myself just so I could find stuff faster.

Block the "Feature"

[ZlatanZ++]

This might be useful for some people. It shows you how to block Facebook's Beacon.

Re:Block the "Feature"

[empaler]

Basically, it tells you to go to addons.mozilla.org, find blocksite, install, add "http*://*facebook.com/beacon/* to blocksite, and gold. Should work in AdBlock/ABP too, PeerGuardian, or whatnot.

Re:Block the "Feature"

[Dogtanian]

This might be useful for some people. It shows you how to block Facebook's Beacon. Not to demean the solution you gave, which I'm sure does its intended job well. However, it's really just a technical fix that is papering over one of the symptoms.

It doesn't- and can't- address the far more serious underlying cause. Namely that Facebook and the other companies involved are clearly totally contemptuous of their users' privacy and quite happy to screw them over in the name of a few quick bucks. And then hide this behind a weaselish and unclear "opt-in-by-default" agreement. (Yes, it's acceptable for them to make money from a free website; no, it's absolutely *not* acceptable for them to do it in this way).

Frankly, I'm glad I don't use Facebook. At one stage I may have believed that it was possibe to balance the invasion one's privacy by controlling what appeared on their page- and then some low-down **** like this comes along. It's one thing to have your Facebook information publicly available, quite another to have your activities on apparently unrelated sites made public.

I wouldn't touch Facebook with a ******* barge pole now. Your fix may work on the current problem, but what happens when the next moneygrabbing exploit comes along? What happens when these assholes figure out a totally different way to use the information they already have on you?

Seriously, fuck that, and fuck Facebook. Their behaviour was already unacceptable- regardless of how they snuck it into the legal agreement. With this latest news on top, I seriously hope that this marks a turning point in Facebook's fortunes. Joe Public isn't as concerned about his privacy as he should be, but when it comes to blabbing about his Christmas present purchases without his knowledge, it puts it in more concrete terms.

Re:Block the "Feature"

[empaler]

Until facebook changes the site that beacon lives on to a mirror list that the participating company checks periodically. Facebook would never do something as insidious as that.
Their updated, improved Beacon 2.0, codenamed "Bacon" will, completely incidentally, have a new URL that changes daily - cos of new features, see? Due to the... complex nature of these features, and, er, to protect user privacy from malicious activity, it won't be trivially facebook.com/bacon/$date, but a pseudo-random alphanumeric URL based on your user name, spending habits, number of sexual partners, and curry; e.g. facebook.com/dfh7usd3kiwiqnhu. Share and enjoy.

Re:Block the "Feature"

[Culture20]

Awesome. Now that we know curry is in the algorithm, we can write an auto-blocker. I never would have thought of curry.

Re:Not sure how this works

Probably 'web bugs'. These are usually 1x1 pixel images, placed on the 3rd party page but served from Facebook's domain. The web bug can then access all your Facebook cookies and pass details onto the 3rd party site.

A trick borrowed from spammongers, who embed these things in emails to vaildate email addresses.

You must be an officer of the law...

[LaTechTech]

"Don't Tase me, bro!"

Re:An honest and serious question.

[Skrynesaver]

I've an account, while I don't use it much it has enabled me to get back in touch with friends I haven't seen for nigh on 20 years. People move to other countries and back in the day they didn't have email addresses or the like, so for some of us older folks it has a use, as to the constant update carry on, well for those that want to I guess it's ok, personally it's just a way of finding old mates who I'd lost touch with.

Re: angry emails to facebook's sponsors

[giafly]

Don't do this because your angry rants can be linked with your facebook account and available for data mining. You do want a job after college I assume?

If you are non-technical:

1. send the sponsors a complaint letter in the post.
2. if sponsor runs a blog, post factual reports of this issue

If you are technical: consider the fun to be had from Beacon.

Re:Let them know

[XSpud]

There are also a number of Beacon-related groups and petitions on Facebook including:

http://www.facebook.com/group.php?gid=7578845355/
http://www.facebook.com/group.php?gid=7534656429/
http://www.facebook.com/group.php?gid=6290193865/
http://www.facebook.com/group.php?gid=6188991025/

Facebook == new Google

[ThirdPrize]

Google stopped becoming a search engine and is now an advertising company that does a bit of searching on the side. Same will happen to Facebook. You might use it as a social networking site but it WILL become more concerned with getting ads on screen.

Earning user trust requires honesty.

[zestyping]

The problem here isn't just that Facebook is collecting private information. Any company could say "look, if you use our service, here's what we're going to collect and what we're going to do with it," make a good-faith effort to inform everybody what's about to happen and how it works, and then proceed.

The problem is that Facebook is lying about it, and doing so repeatedly.

1. Zuckerberg led the press and advertisers to believe that Beacon would be opt-in (it would publish only with the user's consent) but launched Beacon as an opt-out feature (it published without the user's consent).
2. Both the original design and the current design of Beacon announce to the user that a story is being sent to their profile. They do not present themselves as a choice; they do not ask for consent; they present themselves as a notification that something is already occurring.
3. Even though the new design is "opt-in", the notification has only one clearly emphasized button: "Okay". A design that offered a true choice would offer two equally clear buttons (e.g. "Publish" and "Cancel"). Again, the design is crafted to give users the impression that they have no choice.
4. Facebook collects information about its users' activities on other sites through Beacon despite public statements to the opposite. According to Stefan Berteau, Facebook does this even when you are logged out and even when no notification is displayed.
5. Facebook did not give its users reasonable advance notification that it would start publishing information about their activities on other sites. It just went ahead and did it. And Facebook is still not being upfront about the fact that it is collecting this information.
6. Facebook continues to refuse to let users just turn off Beacon. Instead users have to individually refuse Beacon for each partner site, and they cannot do this in advance; they can only do it at the moment a partner site is about to publish a story on Facebook. Again, they are clearly trying to maintain as many obstacles as possible for users who simply don't want this information shared.
7. Facebook's official response is disingenuous and insulting. The problem is not that Beacon "can be kind of confusing"; it is obviously designed to mislead. Facebook's Paul Janzer wrote:

   While we know "global opt-out" seems like the easiest solution, we believe that if we provide you with full control over your information, you and your friends can get the full benefit of sharing information and connecting on Facebook.

   Of course, if they really wanted to provide users "full control over [their] information" they would let users turn Beacon off.

A Facebook Satement in Response

[Stefanwulf]

CA received a statement from Facebook following their blog entries, which speaks to the use of this data.

Re:Not sure how this works

[cbart387]

From the horse's mouth on their techniques (emphasis mine).

Third Party Advertising

Advertisements that appear on Facebook are sometimes delivered (or "served") directly to users by third party advertisers. They automatically receive your IP address when this happens. These third party advertisers may also download cookies to your computer, or use other technologies such as JavaScript and "web beacons" (also known as "1x1 gifs") to measure the effectiveness of their ads and to personalize advertising content.
See original here.

Facebook is dead

[CaptainZapp]

So they have a zillion of members and is that hot Web 2.0. ticket now?

So what? How long do you think "members" need to move to the next "big thing"?

This beacon thing was not only badly thought out and implemented, but Facebook as a company also seems to lie a lot.

Besides that, what about Facebook members in the EU? The sleaze they are trying to pull off is illegal in virtual any EU country (and then some).

They should have done a Google and found themselves a CEO, with respect and a network in the industry. But they seem to have a founder-CEO who doesn't seem to have managed his adolescence quite yet.

Way to go Mark!

Not the best friends

[aws910]

I had re-joined some social networking sites recently, and this was my pretense. However, it made me realize that if these "old friends" were such great people, I would have kept in touch with them. With each "old friend", I realized that there was some fatal flaw that made me not want to keep in touch with them anyway.
Honestly, how long do you want to dwell in the past? The future is so wide open...