Slashdot Mirror
Facebook Caves To Privacy Protests Over Beacon
jcatcw writes "After weeks of privacy protests over its advertising system, Facebook's CEO announced that users now can turn the system off completely. CEO Zuckerberg said 'We simply did a bad job with this release.' Jeff Chester, executive director of the Center for Digital Democracy, called the announcement from Zuckerberg 'a step in the right direction.'"
Of course, they really should just kill the application alltogether, but at least its a step
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I respect that they admit they are wrong, but I find it scary that it took them so long to realize what a privacy issue this is. For an organization with so much information, I had hoped they would put privacy #1 on their priority list.
This is a salve. Things like this should be opt in, not opt out. Aside from ethical considerations, it would make the data a lot more reliable in terms of a self-selecting group of people that welcomed Facebook spying on their consumption habits. Presumably, these opt-inners would welcome marketing spam.
Da Blog
There's probably enough information about me on-line to uniquely identify me as an individual. There's also enough in what I have said on-line to date already to completely rule me out of any political position in this country.
However, I sometimes feel safe in the knowledge that everybody who has used the web has left a similar sort of trail. All this information will stay on the web for decades or perhaps even centuries.
Our privacy, it seems, is protected by the fact that if you dig hard-enough you can find dirt on anybody. Dirt is only good if you can use it and Google shows us just how many people have dirty linen that can be easily obtained.
When all this shakes out over the next twenty years and the Facebook generation grow-up and get careers, we may well find out that our privacy is protected by mutually assured defamation.
Simon
During the mini-feeds debacle, Mark ended up conceding with a comment very similar to this. (http://blog.facebook.com/blog.php?post=2208562130) If they were really interested in privacy concerns, they would have learned from the first time. To me, it seems like a way to see how far they can push the line before people will complain.
So we know now that we can tell Facebook not to ever display our off-Facebook browsing habits on our profile. But how do we tell Facebook not to collect this data at all? Or did I miss something in the article?
Meaning: We'll still collect information on you and do whatever we want with it, but it won't appear on your profile. Better? Yes. Much better? No.
It must have been something you assimilated. . . .
From the article "Facebook came under withering criticism from its users and privacy advocates alike when a security researcher revealed that the ad system tracks user activities on third-party partner sites -- including the activities of people who never signed up with Facebook, who deactivated their accounts or who were not signed on to the site." [emphasis added]
:D.
What are they doing with the data of people who never signed up for Facebook in the first place? Is there a list of the 3rd-party sites that provide data to Facebook so that they can be avoided? I know that Facebook is not the only site to track user activity, but this underscores the need for a "Do Not track" list. Like that will happen anytime soon
Never let reality temper imagination.
Never let reality temper imagination
Need to cut the problem at the source: the advertisers themselves. This wasn't easy to find in google, but here's a list of sites that have privacy-violating Beacon code embedded in them.
Boycott the following sites:
eBay
Fandango
College Humor
Busted Tees
iWon
Citysearch
Pronto.com
echomusic
Travelocity
Allposters.com
Blockbuster
Bluefly.com
CBS Sports
Dotspotter
ExpoTV
Gamefly
Hotwire
Joost
Kiva
Kongregate
LiveJournal
Live Nation
Mercantila
The NBA
The New York Times
Overstock.com
(RED)
Redlight
Seamless Web
Sony Online Entertainment
Sony Pictures
STA Travel
TheKnot
TripAdvisor
Travel Ticker
Typepad
viagogo
Vox
Yelp
WeddingChannel.com
Zappos
Source: http://www.facebook.com/press/releases.php?p=9166 (found from a blog)
I should buy some cement.
and that is the crux of the issue, not just Facebook, but everywhere.
The data I create and store on my computer are MINE. I control access, determine what portion of my income will go to protection of said data, and its my ass for everything if someone steals this information. This event will be both a criminal and civil crime against me personally, that I am free to persue how I see fit.
The data I create and store on {insert favorite online service here} are NOT MINE. It is the property of some other entity. They control access, determine what portion of their income will go to protection of said data. When someone steals this information, from my point of view, liability may not matter, many entities are involved, and it may only be civil issue between myself and the next entity, be they human or corporate.
This goes from my last tax return to pictures of my wife and our friends. Both of those sets of data are shared on a need to know basis, after clearing several security hurdles. My security hurdles. I am judge and jury.
And, for those of you that are not from the USA, who sometimes see our almost obsessive desire for personal freedoms over the common efficiency of society as lunatic, this is what makes my America great. Freedom, personal freedom, however shaky and eroded they might be at this moment, is what makes America great.
Its why Google Apps will never conquer MSOffice or OpenOffice or locally installed and operated vi or EMACS if that's all I get locally. Because secure (as in stored locally, for my eyes only, and whom I see fit) is such a big #1 to an American that its so far above #2 and everything else that it gets dusty and sometimes we forget it is there. Until forgetting comes back to bite us in the ass.
Summary:
If you put the information in an IP packet unencrypted, or give it to someone to put into an IP packed unencrypted, it is there for the world to see forever.
So just accept that everything on Facebook, MySpace, Google Apps, whatever, is not yours anymore, whether you like it or not.
Nicholas Cage had a line in some movie, and I'm paraphrasing here, "There are only two people in the world I trust. One of them is me. The other one is NOT you".
From a Grateful Dead Family Album, in "The 10 Rules of Rock and Roll on the Road", Number 7: Anything that you do not understand is trying to fuck with you.
Remember those two lines the next time you post any information anywhere. You do not trust the other side, and if you do not understand everything about how they will use and protect your data, they are trying to fuck with you, and not in a good way.
There will be changes to terms of service or some other nonsense that people will blindly click "yes" to and all of it will be for naught.
There's simply too much money to be made from advertising and selling information to ignore! That's why CableTV started playing commercials even though it was originally sold to be "commercial free."
They can't resist the evil... the greed... "the corporate obligation." Adobe's "ads in PDF" is another fine example of crap they can't seem to resist. And the fact is, while people are sometimes vocal enough about some things, there's enough people out there who don't care enough to complain that nothing gets done.
CEO Zuckerberg said 'We simply did a bad job with this release.'
What he meant was, "Awwwwwwwww phooey. Danged kids. mumble mumble ad revenue mumble."
That's a pretty big change from what Mark was saying in his blog post if you ask me. That being said, the big problem is, all I have turned off is Facebook's reporting of the sites I visit. I essentially hit a switch that says "Track me, but dont let me know what you are getting!" I wonder if I should turn it back on, so I can at least keep tabs on it.
Also, I wonder if I will still see what sites have reported back to facebook with my information on the settings page, even though I have turned it off.
insight through the mind
On a personal note, I enjoyed Facebook at first until I realized that making my network public is quite idiotic. I mean, I can certainly live without Facebook and if I look at the privacy issues and compare it with the Facebook offers, it's just not that sweet any longer.
Full Tilt
Would it be so hard to "boycott" these sites for anyone here? I occasionally look at ebay, but usually ^W always there is a better deal from another source.
FairTax baby!
It would be interesting to look at the various sites privacy policies and see which (if any) of them allow sending data to Facebook without an opt-out. So for example, the New York Times privacy policy says they will not share information with third-party sites, and while IANAL it's not at all clear to me that the indiscriminate sharing going on here falls within the exceptions they list.
Despite hysterical nonsense from a vocal minority the feed issue was never a privacy issue. The information that feed shared was information users had already elected to share and only with people who were supposed to have that information.
The lesson to learn from the feed issue is that people 'care' about issues if they don't have to invest any time in learning about the issue. You will never satisify the instigators, but you will defang them if you give the appearance of giving in to their commands. If they keep complaining after you've offered them an olive branch they just look like they have a grudge to the bandwagon folks. Looks like Facebook learned 'the first time' very well.
I'm sorry but opt in or opt out... what's the difference?
As far as I understand Beacon is merely some AJAX code that resides within the affiliates webpage.
Your own computer gets this code, and communicates with Facebook directly, looking at your cookies to see if you're affiliated with Facebook. Since the transfer is local you can block it, but still these websites have the malicious AJAX code residing within their pages.
You have to block "http://www.facebook.com/beacon/*", which can be done using the FireFox BlockSite plugin, among other methods.
Unless you stay off the internet entirely you are almost certainly creating a nice little profile about yourself. Have you ever made an online purchase? Do you disabled cookies, flash, etc. by default? Do you use an anonymizing network from a neighbor's open wireless AP? Do you read the privacy policy of every single site you visit (avoiding those without privacy policies) to make sure that third parties are bound by the same policy as the first party? Do you trust that the sites you visit will never have data stolen or corrupt employees? Are you sure no one is sniffing your traffic at some point upstream?
In the present it might be difficult or costly to find dirt about you, but it's out there alright. You might not think it is dirt, but make yourself 'worth it' and watch how much of that information really is retrievable. Someone just might care about your position on abortion mentioned in passing on some anonymous blog, or the fact that you visited some news article three times in one day. In the future it is going to be even easier and cheaper and the data isn't going anywhere.
I can't say as I trust them. I don't use Facebook and I don't intend to, but I added this to my ad filters after the last story:
http*://*facebook.com/beacon/*
Unless you want to use that "feature" I don't see how it can hurt.
I added Beacon to AdblockPlus when this shit first came to light, but I'm going to officially deactivate it too. Why? The same reason why my Gmail bookmark goes directly to the 'old version' page: These fuckers are keeping track of who goes where and who does what on their sites, and the more people who make a gesture (be it one click or one finger) against this 'feature' creep, the more it'll show in the metrics.
Interesting to note that it appears that you can find out which sites are tracking you. From the opt out page...
Show your friends what you like and what you're up to outside of Facebook. When you take actions on the sites listed below, you can choose to have those actions sent to your profile.
Please note that these settings only affect notifications on Facebook. You will still be notified on affiliate websites when they send stories to Facebook. You will be able to decline individual stories at that time.
No sites have tried sending stories to your profile. When they do, those sites will appear in a list on this page.
I admire the broad personal freedoms of Americans ... ... and lament the broad personal freedoms of American corporations.
Any one else find it amusing that the first big move by Facebook after Microsoft bought in alienated its entire user base?
Or am I the only one who sees some correlation and causation there?
Here's what I haven't seen explained yet (maybe I'm reading the wrong comments?) - how is Facebook collecting this information? If I'm not logged in (or don't even have an account with them), how are they gathering information? Are they correlating things by IP address?
I'm not sure which is more obnoxious -- Facebook's lengthy resistance to fixing the problem, or their continued spin that this feature was born from some altruistic desire to help people share more information. Can't they just admit that the genesis of this feature was a plan to further monetize their users' social networks?
Facebook is still collecting the information it shouldn't have. The fact that users can opt to not have it broadcast to their friends means almost nothing in terms of privacy.
There seem to be a number of sites (ala Google) that show Beacon can (at least, right now) be blocked by adding " http://facebook.com/beacon/* " to your anti-adware/blocker plugins.
People, if you are on Facebook, there is a simple fact you should understand. They may be providing you a service, but they are out to make money and justify their $BN valuation. You are the *product* not the customer. Mark et al are trying to get paid and they could care less about your privacy or what you think. If the violation of privacy was not so obvious in this case to the average FB user, to the point that they would have less product to sell if they kept it up unchanged, they would have done nothing.
Don't boycott LiveJournal (or at least not for this reason - there are other reasons you might want to); their implementation is opt-in and I think it always has been. It looks like it just doesn't send anything to Facebook unless you explicitly enable it on your Livejournal account.
When query google style paid ads at the top of a result set were first introduced in the late 90s people rebelled against. Search engines had to back away from them. Google brought them back using a side panel first, and now at the top in a yellow background, just like they were first introduced 10 years ago (ok, back then the background was blue).
Just watch we-know-who-you-are ads and tracking will become the norm. Don't believe me? See how much valuable personal information people voluntarily upload in Google (mail, calendar, blogger), facebook, myspace, etc. Users just don't care about handing over their most valuable life details to a third party.
" ... they won't collect info ..." does not equal " ... won't store those actions ... "
Means "THEY" (as in FACEBOOK) won't collect. Probably also means they offloaded the tool to some ghost subsid or partner who will then periodically aggregate collected data with/to/for Facebook and other unnamed ad agencies... The English language, combined with lawyers, can trick-fuck ANYbody, no matter HOW scholarly or seasoned. Even whole teams of attorneys tend to miss things.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
But they explicitly state they do collect it. The partner sites send everything, including the data from opt-out users, to Facebook. Partner sites are not privy to Facebook users' preferences; only Facebook knows that. So, in every case, they send it to Facebook. (Were it not such, then an even greater privacy issue develops; why does Facebook rely on a thousand retailers to do the right thing and why doses even more information have to be disseminated to even more entities for this to work? Answer: they don't, and it doesn't, so the retailer has no idea which Beacon user opts in or out and treats them all equally by sending all the data to Facebook to sort out).
All I'm saying is that is collecting anyway you play it. We don't need sinister 3rd party plots to make it so; it is so already.
Facebook then compares the data after collection to the user's preferences, and then either uses it as they intended in the first place, or throws it away. (And although I'm cynical and I'm by no means going to go out on a limb here to defend the morality of a company I know nothing, when it comes right down to it, about, I'm at this point willing to concede they might do what they say and leave it at that. You see, trust is an essential part of the whole transaction, and Facebook is very, very wary of generating any more mistrust, since a lack of trust goes right to the bottom line and costs them money; in fact it goes straight to the viability of the whole business model itself. No trust? No users. No users? No data. No data? No income).
Opt-out is preferred to Opt-in simply because Opt-in costs money to police while opt-out is either generating thousandths of a cent, or nothing, with 100% reliability with no work whatsoever verifying anything. But, in either case, it's critical that you, the user, do the work because at 1/1000 a cent (or whatever it actually is; we know it's definitely a micro-payment level thing) per user per income instance, it just ain't worth it to chase you. Which is why companies like FaceBook set these stupid things up this way in the first place.