Forgot your password?
typodupeerror
Social Networks The Courts Privacy

Facebook Axes "Beacon," Donates $9.5M To Settle Suit 71

Posted by kdawson
from the all-your-data-are-you-know-the-rest dept.
alphadogg sends in a Network World piece that begins "Facebook has agreed to shut down a program that sparked a lawsuit alleging privacy violations, and set up a $9.5M fund for a nonprofit foundation that will support online privacy, safety, and security. The lawsuit centers around Facebook's Beacon program, which let third-party Web sites distribute 'stories' about users to Facebook. Beacon was launched in November 2007 and less than a year later plaintiffs filed a class action lawsuit 'alleging that Facebook and its affiliates did not give users adequate notice and choice about Beacon and the collection and use of users' personal information.' ... Facebook never admitted wrongdoing but as part of a proposed settlement the company began sending notices to Facebook users this week. The settlement provides no compensation directly to users who receive the notice. Facebook users can opt out of the settlement, and should do so if they wish to pursue further legal action against Facebook related to the Beacon program. 'If you choose to do nothing and remain in the settlement class, you will be legally bound by the settlement,' a FAQ on the settlement Web site says. "By doing nothing, you will be giving up the right to sue Facebook and the other Defendants over claims related to or arising out of the Beacon program.'" Other defendents included Blockbuster, Fandango, Overstock.com, Zappos.com, and Gamefly. Neither the article nor the settlement site mentions what part, if any, they play in the settlement.
This discussion has been archived. No new comments can be posted.

Facebook Axes "Beacon," Donates $9.5M To Settle Suit

Comments Filter:
  • Silly (Score:5, Insightful)

    by dontPanik (1296779) <ndeselms.gmail@com> on Tuesday December 08, 2009 @08:46PM (#30372750)
    It would be totally silly if someone was to sue Facebook over this.
    Yeah, they do have fault in that they didn't design Beacon better so that 3rd parties wouldn't be able to trick users, but I just feel like people want a reason to sue, sue, sue.
    I mean, it has been around for two years, and if a 3rd party site uses it, I believe that you'll notice, because it will show up in Facebook.

    And truthfully? I loved this feature. I would order out to restaurants and at the end it would be like "do you want to share this over Facebook" and I'd be like "Shit why not!" and I'd get a laugh out of my friends criticizing or commending me on my food choice.
    • Re:Silly (Score:4, Interesting)

      by Darkness404 (1287218) on Tuesday December 08, 2009 @09:15PM (#30372970)
      It depends on your feelings of privacy. Myself I tend to give out a decent amount of information to my Facebook friends because the vast majority of them either A) are trusted friends or B) random strangers who I might never meet in my life. However, beacon is a bad thing for a lot of people who might need privacy or who have Facebook-stalking loved ones who may jump to conclusions. Think about it this way, you are on a business trip and decide to order at an upscale restaurant for just you because you like the food, yet your Facebook-stalking wife/girlfriend sees a beacon post about your reservation and thinks that you -clearly- are seeing someone other than her and no one would ever eat at an upscale restaurant just by themselves and clearly your business trip you are on is simply a front for you to cheat on her. And yes, stuff like this does happen. If you are lucky enough like some people (like you and me) not to have friends who don't trust you, but some people are unlucky enough to have situations like this.
      • by NoYob (1630681)
        Another post wrongfully modded "Troll".

        Some of you with mod points really need to read the moderation guidelines.

        Here's a bullet point guide:

        Troll [wikipedia.org]: someone who's posting stuff just to get a reaction out of folks.

        Flamebait: just posting shit to piss everyone off or a select group. An example, I think Slashdot has a script that looks for really stupid people and then gives them mod points. See, that's "Flamebait".

        Now off-topic would be if I posted something about Nazi Germany and their battle tanks.

        Overra

        • Re: (Score:1, Funny)

          by Anonymous Coward

          It's the digg crowd making its way onto Slashdot. They can't help themselves.

      • by djrok212 (801670)
        Your post is too true. I am currently in Chicago on business and went to a very nice restaurant tonight by myself, simply because I like food. When I told my wife about it, her first comment was "Were you alone." Not 100% relevant but figured it added truth to what you are describing.
    • Re: (Score:3, Insightful)

      by nacturation (646836) *

      And truthfully? I loved this feature. I would order out to restaurants and at the end it would be like "do you want to share this over Facebook" and I'd be like "Shit why not!" and I'd get a laugh out of my friends criticizing or commending me on my food choice.

      Yeah, that's cool. But what about the person who rented the DVD AIDS and HIV Answers [blockbuster.com] from Blockbuster and had that rental show up on their Facebook profile without their knowledge or permission?

      • by Skater (41976)

        And truthfully? I loved this feature. I would order out to restaurants and at the end it would be like "do you want to share this over Facebook" and I'd be like "Shit why not!" and I'd get a laugh out of my friends criticizing or commending me on my food choice.

        Yeah, that's cool. But what about the person who rented the DVD AIDS and HIV Answers [blockbuster.com] from Blockbuster and had that rental show up on their Facebook profile without their knowledge or permission?

        As I understand it, you had to specifically approve each post. And if you didn't explicitly approve it, it would be ignored. At least, that's how I read FAQ #2 [beaconclas...lement.com]. I never used it, never even ran into it, so I really can't say much about it beyond what I read on that site today. I agree the information sharing is annoying, but it doesn't sound like it posted info publicly automatically.

        • As I understand it, you had to specifically approve each post. And if you didn't explicitly approve it, it would be ignored.

          You could be right -- I recall hearing it would auto-publish. Regardless, in Blockbuster's specific case there is the Video Privacy Protection Act [computerworld.com] which prevents companies from sharing a member's video rentals with other entities without explicit permission. The penalty carries a $2,500 fine per incident. Even if Facebook requires permission to publish the post, Blockbuster would have still violated this law by simply sharing the information with Facebook.

        • Re: (Score:3, Informative)

          by chimpo13 (471212)

          When it started, you didn't approve anything. And I hadn't heard of beacon or what it was. It outed me on yelp reviews that I had under a different name with a different email. Mildly embarrassing since I gave a friend's restaurant an honest (read bad) review. I figured it was under a different email so I was safe. Not at all.

    • by fwice (841569)

      And truthfully? I loved this feature. I would order out to restaurants and at the end it would be like "do you want to share this over Facebook" and I'd be like "Shit why not!" and I'd get a laugh out of my friends criticizing or commending me on my food choice.

      that would have been fine. if they had asked me.

      the reason why I didn't like beacon is because it linked my facebook account and my yelp account without my consent. my facebook account was displaying my yelp reviews. the two accounts were not linked in any way [email address, openID, et cetera] except for having the same name on record.

      add in the fact that beacon was enabled as 'opt-out', not 'opt-in', means that i was unaware that there was activity on my fb account [my account is kept completely devoid

      • Re: (Score:2, Interesting)

        by L33tminion (908158)

        the two accounts were not linked in any way [email address, openID, et cetera] except for having the same name on record.

        Having the same name on record had nothing to do with it. Yelp was forwarding the information to a page on Facebook, which used the cookies stored in your browser to see which account was logged in (same as how when you log in to Facebook, go elsewhere online, and then return, it knows which account is logged in and doesn't ask you to log in again).

        That aside, you've got it right. The problem with Beacon (in it's original implementation) was that it did unexpected stuff without the user's consent.

  • by PyroMosh (287149) on Tuesday December 08, 2009 @08:50PM (#30372770) Homepage

    I don't use myspace, facebook, etc. but perhaps someone can enlighten me. Why do people who publish info in the internet about themselves somehow feel entitled to some sense of privacy in doing so? It's counter-intuitive on it's face, at best.

    The fact that it's Facebook that was providing hooks through an API to push info out to third parties is just a matter of efficiency. If the data's there, either you have it walled off for your eyes only, (in which case, why "publish" at all?) or it's open through some method to third parties anyway.

    Why would one go publishing info about themselves that they didn't want out there?

    This strikes me as panic for panic's sake. What am I missing?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Some info people choose to publish. Other info people didn't choose to publish but it was published for them, hence the problem. I use Facebook and have some info on it, but just because I visited a website I always visit doesn't mean I want my actions on that website shared with everyone who can see my profile.

    • Re: (Score:2, Interesting)

      by mugnyte (203225)

      Your questions are common to this situation, but I believe it comes down to the control over the online persona, as it is used on each site individually - and sharing to another without your knowledge or permission. If you post something here on slashdot, would you want the opinions, language, tone or anything else discernible from your specific writing to be used at another site you browsed?

      The "AC" capability of the web is an ever-growing facade, so having a vendor reveal each little piec

    • You don't seem to understand how Beacon worked. This wasn't some kind of cross-publishing of blog posts -- it was covert publishing of transactions you made in online stores!

      That said, even if it were only covert cross-publishing of already public information such as blogs: Did it occur to you that perhaps people choose to publish some information under their real name and some under an alias? As a hypothetical, perhaps you would like to keep your posts on a sexual health message board separate from convers

      • by PyroMosh (287149)

        You're right, I did misunderstand. I thought this was a technology that would allow Facebook partner companies to parse what you posted on Facebook, not a technology to allow partner companies to identify your ID on Facebook, then phone home auto-magically and tell Facebook "post this".

        That is icky. Also, counter-intuitive. I'm not sure under what scenario this would bea useful feature to have.

        • by Brandee07 (964634)

          After they first introduced it, there wasn't even a confirmation "post this/don't post this;" it just got posted. So the fact that I bought a pair of Heely's from Zappos.com three weeks before Christmas got posted to my Facebook, for all the world (including one boy yearing for a pair of Heely's) to see. So much for Christmas surprises, eh?

          And that's why I don't use Facebook anymore.

    • Re: (Score:3, Insightful)

      by Darkness404 (1287218)
      Because of the separation between online and reality. For example, your Facebook is more in the reality section, you generally only accept people you know, can keep a tight control on your profile, etc. On the other hand, you have your online profiles, things such as perhaps your /. account, various online games, forums, etc. And most of the time without technical interference they stay separate. I have little doubt that someone could identify me between accounts by looking at my word choice, writing styles
      • by Inda (580031)
        Amusing because selecting your name > right-click > Search Google, tells us all so much. It didn't take any time. I did it because you said I couldn't.

        Do you like Fanart and eBay that much?
        • Actually, with the exception of the posts mentioning me on /. , the other accounts were completely unrelated to me. Which is actually quite funny to see the many accounts with similar user names to my /. account. Especially the one on EBay from Germany, the Habbo Hotel one with an avatar that looks nothing like me, and the various fan art pages. The actual name from my account started out from a very short lived and poorly planned MMO that me and a few friends were "developing" (I use this in the loosest se
    • by nacturation (646836) * <nacturation@@@gmail...com> on Tuesday December 08, 2009 @09:42PM (#30373148) Journal

      Why would one go publishing info about themselves that they didn't want out there?

      Beacon was opt-out only. If you were logged in to Facebook at the same time you visited a third party site, that third party site could publish a story 'PyroMosh purchased the Deluxe 12" Ass-Ramming Dildo from Anal Enterprises' without having to ask your permission. Oh sure, you could opt-out after the fact, but only for each individual third party once they had published to your profile.

      • Re: (Score:3, Interesting)

        by PyroMosh (287149)

        'PyroMosh purchased the Deluxe 12" Ass-Ramming Dildo from Anal Enterprises'

        Have you been reading my facebook? I have to remember to set that to private.

        Seriously, though I gravely misunderstood what this beacon was. I thought it was just some API hooks that would let advertisers run queries against facebook posts presumably to deliver targeted ads or some other such nonsense. I had no idea it was what it was.

        That said, from what I understand, it uses a cookie to identify one's ID. Since the cookie only

    • Re: (Score:2, Interesting)

      by mdwh2 (535323)

      So you think ordering something from a website - perhaps using a secure page - now counts as "publish info in the internet about themselves" and it's therefore fair game for them to broadcast that to all and sundry without your consent?

    • by Eskarel (565631) on Wednesday December 09, 2009 @03:18AM (#30374850)

      The thing is that there's a middle area between publishing nothing about yourself and publishing everything about yourself. Beacon sort of pushed a little too close to everything for some people. I use facebook to keep in touch with my friends overseas, it's useful for that purpose, and I will message them or write on their walls or whatever I deem appropriate whatever information I want to share with them. The key here is "I WANT". There are things I'm happy to publish, there are things I don't want to publish. I'm happy to announce to my friends(and pretty much everyone on my facebook is actually a real friend because I don't give a crap about friend counts IRL or on facebook) some of the events in my life I want to share with them. I don't really need them to know exactly what I bought from that on-line retailer or what I've just done in a video game. Aside from it being none of their business, I don't care what other people are doing and so I don't believe they should care what I'm doing.

      Just because some idiots share every second of their lives on facebook, or myspace or twitter or their blog or whatever doesn't mean that everyone who uses those services does.

    • Re: (Score:2, Insightful)

      by hopkid (756933)
      I presume that many slashotters use facebook & are pro privacy. They see ./ as a forum to express their views and impact the social viewpoint to their favor. This is good, even though it leads to many argumentative discussions that devolve into semantic arguments. This is a form of social consciousness.

      Personally, the only thing that I can say is that sometimes I value my privacy more than my social connectivity. During these times, I tend to add content to my facebook page. At other times, I remove
  • Beacon (Score:3, Informative)

    by mugnyte (203225) on Tuesday December 08, 2009 @08:55PM (#30372804) Journal

    "Beacon" let a site send your personal information and activity to Facebook, so that they could post it to your friends.

    So review a movie at blockbuster, then see it offered on your fb page as a post ready to publish.

    Exchanging information in this way may or may not be legal where the user lives, but it's certainly not open and explicit.

    I'm not sure how many people this will quiet, since nobody is revealing what actual info was shared (contact info? payment info?) and what was done with it (sold?).

  • by trentblase (717954) on Tuesday December 08, 2009 @09:06PM (#30372902)
    Did the settlement notification email set off anyone else's "phishing spider sense"? The email was sent from "root+5_-hkmdi@facebookmail.com" -- why not send it from facebook.com?
    • Ok, I realize that all facebook mail comes from facebookmail.com, but the question still stands, and the email text looked extra phishy.
      • I never got the settlement notification (I never used Beacon) but all FB notifications typically come from a similar address. For example: notification+km-m-d_i@facebookmail.com So I'm really not sure what your point is. If you look up the facebookmail.com domain, it's clearly owned by Facebook.
        • Re: (Score:2, Insightful)

          by trentblase (717954)
          My point is that an email purportedly from Foo, that never once contains the string foo.com in body or headers, sets off my phishing alarm. While this particular email was legitimate, I think it is poor practice for Facebook to send official mail from facebookmail.com, when facebook.com, mail.facebook.com, official.facebook.com, etc. are more intuitive and save me the trouble of a whois lookup. I have this problem with Citibank as well, which tries to direct me to accountonline.com to check my credit card
    • Yes! And when I got it there wasn't much info about it online - I'm still not 100% convinced that it is real, even seeing it on Slashdot. It *screams* phishing - it's from domain that sounds similar to facebook, but isn't and it entices you to go somewhere that presumably will ask for personal information (the opt-out part). I'm not touching it with a ten foot pole until I hear more about it.

      Having said that, I *would* like to opt out of the settlement. While I don't feel that any of my privacy rights were
      • Damn skippy, I demand a refund at least!

        I don't gain anything by agreeing to this settlement, and I'm too lazy to read the agreement to see what rights I'm giving up (possibly the right to sue Facebook in the event I later discover egregious Beacon-related privacy violations), so I too will be opting out.
    • by mdwh2 (535323)

      I don't seem to have got one of these notices at all...

  • silly lawsuit? (Score:1, Informative)

    by Anonymous Coward

    One might think it is, until you read that counsel for this lawsuit intends to collect the standard 33% fee (plus costs) for their righteous action in defense of this grand breach of privacy they committed. Nice way to earn $4mil. Way to stick up for the little guy.

  • By doing nothing, you will be giving up the right to sue

    Is this legal?

    • It is common for your right to sue to lapse due to inaction. See, e.g., statute of limitations.
    • I don't know... you could sue, though, if it was illegal... ;)
    • Re: (Score:3, Informative)

      by Trepidity (597)

      That's the entire theory of class-action lawsuits. Normal lawsuits are opt-in: the plaintiffs' attorneys can only claim to represent any plaintiffs that have explicitly retained them as representation in the case. Other plaintiffs therefore retain the right to sue separately, but unless they actually do so, they are not represented in the lawsuit. In class-action lawsuits, plaintiffs' attorneys can ask to have a class certified, and they will be taken to represent all members of the class, except insofar as

      • by mdwh2 (535323)

        That would make sense if everyone in that class was receiving some of the settlement, but in fact only those who sued them are receiving anything, according to TFA. How can I give up my right to sue, because someone else sues, profits from it, when I'm not even aware of it?

        If I'm included by default, I'll have my share of the settlement. If not, then Facebook agree to pay me $1,000 unless they opt out...

        • by Trepidity (597)

          Under most U.S. states' rules for class actions, the Representative Plaintiffs (those who initiated the action and retained the attorneys) can be given something additional as a reward for initiating the case.

    • By doing nothing, you will be giving up the right to sue

      Is this legal?

      Class action suits are like Facebook's Beacon: opt-out only. From http://en.wikipedia.org/wiki/Class_action [wikipedia.org]:

      "Due process requires in most cases that notice describing the class action be sent, published, or broadcast to class members. As part of this notice procedure, there may have to be several notices, first a notice giving class members the opportunity to opt out of the class, i.e. if individuals wish to proceed with their own litigation they are entitled to do so, only to the extent that they give timely notice to the class counsel or the court that they are opting out."

  • by Mr. Freeman (933986) on Tuesday December 08, 2009 @09:33PM (#30373084)
    If you read this post, you owe me me $1000. By doing nothing you agree to pay this money, in full, within 1 (one) business week. You must opt out of this by filling out a ream of paperwork which I will not provide you if you wish to avoid paying this money. If I do not receive this money in a timely manner, further legal action will be taken.

    Sincerely,
    Mr. Freeman.
    • by rdnetto (955205)

      That fails the consideration requirement of contract law. If you were providing a service or something of value, then it would probably have a similar legal status to EULAs (which AFAIK have not been tested in court).

    • Re: (Score:3, Funny)

      by Lavene (1025400)

      If you read this post, you owe me me $1000. By doing nothing you agree to pay this money, in full, within 1 (one) business week. You must opt out of this by filling out a ream of paperwork which I will not provide you if you wish to avoid paying this money. If I do not receive this money in a timely manner, further legal action will be taken. Sincerely, Mr. Freeman.

      I don't want any trouble so I will comply with uttermost urgency. Please post Your name, address, date of birth, SSN, bank and credit card information. This is for identification only so we can verify You as the lawful Recipient of these founds.

      Your Humble Servant Mr Ali Issa.The Director Bank of Africa (BOA) in Ouagadougou,Burkina Faso .

  • maybe I wouldn't have opted out as soon as I figured out what Beacon was ;-P
    • It doesn't look like there's any settlement money for normal Facebook users.

      The settlement provides that the $9.5 million will be spent on:

      • (i) setting up a non-profit Privacy Foundation
      • (ii) paying settlement-administration costs
      • (iii) paying plaintiffs' attorneys fees and expenses, plus approximately $2,000 to each of the 19 Representative Plaintiffs who initiated the suit
      • Indeed - and it would surely make sense for everyone else to opt out of this settlement, since none of us gain anything from it. At worst, there's no difference, and at best, maybe another class action from people who opt out will do better :)

        Of course, since I haven't received an email, I don't even have a clue how to opt out - I don't see how that can be legal.

      • It doesn't look like there's any settlement money for normal Facebook users.

        The settlement provides that the $9.5 million will be spent on:

        * (i) setting up a non-profit Privacy Foundation

        So opt-out, and sue facebook yourself. If you need help, I hear there's a non-profit Privacy Foundation that has $9.5 million in their legal coffers...

  • That was fast (Score:3, Insightful)

    by neoform (551705) <djneoform@gmail.com> on Tuesday December 08, 2009 @09:40PM (#30373138) Homepage
    Sounded like a bad an intrusive idea when it was launched.. glad FB only took 2 years to figure that out.. It took MS a lot longer than that to axe their passport crap.
  • Good trick (Score:1, Funny)

    by Anonymous Coward

    By us sending you this settlement, you agree to receive no compensation, and will be giving up the right to sue. Our clicking the send button constitutes your agreement.

    Great. It's like opting out of responsibility.

  • by tonycheese (921278) on Tuesday December 08, 2009 @11:14PM (#30373734)

    I honestly, honestly thought it was spam. In fact, I had just marked it as spam before I came over here and read about it.

    Facebook is sending you this notice of a proposed class action settlement that may affect your legal rights as a Facebook member who may have used the Beacon program. This summary notice is being sent to you by Court Order so that you may understand your rights and remedies before the Court considers final approval of the proposed settlement on February 26, 2010.

    This is not an advertisement or attorney solicitation.

    This is not a settlement in which class members file claims to receive compensation. Under the proposed settlement, Facebook will terminate the Beacon program. In addition, Facebook will provide $9.5 million to establish an independent non-profit foundation that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security.

    For full details on the settlement and further instructions on what to do to opt out of, object to, or otherwise comment upon the proposed settlement, please go to http://www.beaconclasssettlement.com./ [www.beacon...lement.com]

    Please do not reply to this email.

    That was the entirety of the email. No signature, no hello, that was it.

  • by trawg (308495) on Tuesday December 08, 2009 @11:20PM (#30373766) Homepage

    ..if they'd just given that $9.5 million to the EFF.

  • by SashaMan (263632) on Tuesday December 08, 2009 @11:37PM (#30373846)

    If you read the settlement carefully, it says that 1/3 of the settlement goes to the lawyers. Our legal system is such a fucking scam.

    Over the past decade I've been a member of the class in about 10 class action lawsuits. The majority of the time I don't even bother to collect - filling out the paperwork isn't worth it to get a 5 dollar coupon. I guess I've sure made a lot of lawyers rich, though.

    • Re: (Score:2, Interesting)

      by hopkid (756933)
      I was once amused to discover that I had been entitled to a few dollars for seeing a sony movie that was falsely advertised, as well as for buying a dvd that wasn't cropped properly. I too didn't collect on my bounty.

      To me, the purpose of such settlements isn't necessarily to benefit me, the wronged consumer, for past transgressions by the offender. It is to prevent offensive behavior in the future, which will benefit me in the future, as I won't be subject to such offenses then.

      This does seem weird
      • It would be pointless. Why choose the architect of one of the largest fraud schemes in history when you can choose from thousands of brokers that might be honest? He wouldn't have any customers.

        I guess it might be better to make him drive a cab or something, but a lot of people like the punishment aspect of prison.

  • by mantis2009 (1557343) on Wednesday December 09, 2009 @12:53AM (#30374198)
    To opt out of the settlement: [www.beacon...lement.com]

    10. What If You Want To Exclude yourself (Opt Out) From The Settlement? If you do not want to be legally bound by the settlement, you must exclude yourself by February 1, 2010, or you will not be able to sue, or continue to sue, the Defendants and certain other parties for the claims listed in the Settlement Agreement. To opt out, you must mail (email is not permitted) your original, signed exclusion request to: Facebook Settlement Administrator Exclusion Requests P.O. Box 6177 Novato, CA 94948-6177 Your request for exclusion must contain your name and address, be signed by you, and include the reference “Lane et al. v. Facebook, Inc. et al., Civil Action 5:08-CV-03845-RS.” Your original, signed request for exclusion must be RECEIVED on or before February 1, 2010.

  • If there was ever a case for a PSA, this is one...

    "Hello, I'm the president of Facebook, and I am complete idiot. It never occurred to me that ordinary people might actually use the Internet for anything other than entertainment, and so might have real life medical conditions that I would be broadcasting to all their friends without even so much as asking them. Honest, I get my secretary to do all that stuff for me, I forgot not everyone has teams of enablers to take care of the little stuff..."

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...