Facebook Beacon Privacy Issues Worse Than Previously Thought?

An anonymous reader writes "Further developments in the Facebook Beacon affair ... According to PC World, a Computer Associates researcher claims that Beacon, when installed on participating sites, is sending data about users' activity back to Facebook, even when a user is logged out of Facebook - despite Facebook's claims to the contrary."

FredDC

<sarcasm>
No privacy on a social networking website? I am shocked!
</sarcasm>

Re:FredDC

no privacy OFF a social networking site.. you should be shocked. repeatedly.

Block the "Feature"

This [wikihow.com] might be useful for some people. It shows you how to block Facebook's Beacon.

Re:Block the "Feature"

Basically, it tells you to go to addons.mozilla.org, find blocksite, install, add "http*://*facebook.com/beacon/* to blocksite, and gold. Should work in AdBlock/ABP too, PeerGuardian, or whatnot.

Re:Block the "Feature"

This might be useful for some people. It shows you how to block Facebook's Beacon.

Not to demean the solution you gave, which I'm sure does its intended job well. However, it's really just a technical fix that is papering over one of the symptoms.

It doesn't- and can't- address the far more serious underlying cause. Namely that Facebook and the other companies involved are clearly totally contemptuous of their users' privacy and quite happy to screw them over in the name of a few quick bucks. And then hide this behind a weaselish and unclear "opt-in-by-default" agreement. (Yes, it's acceptable for them to make money from a free website; no, it's absolutely *not* acceptable for them to do it in this way).

Frankly, I'm glad I don't use Facebook. At one stage I may have believed that it was possibe to balance the invasion one's privacy by controlling what appeared on their page- and then some low-down **** like this comes along. It's one thing to have your Facebook information publicly available, quite another to have your activities on apparently unrelated sites made public.

I wouldn't touch Facebook with a ******* barge pole now. Your fix may work on the current problem, but what happens when the next moneygrabbing exploit comes along? What happens when these assholes figure out a totally different way to use the information they already have on you?

Seriously, fuck that, and fuck Facebook. Their behaviour was already unacceptable- regardless of how they snuck it into the legal agreement. With this latest news on top, I seriously hope that this marks a turning point in Facebook's fortunes. Joe Public isn't as concerned about his privacy as he should be, but when it comes to blabbing about his Christmas present purchases without his knowledge, it puts it in more concrete terms.

Re:

I've an account, while I don't use it much it has enabled me to get back in touch with friends I haven't seen for nigh on 20 years. People move to other countries and back in the day they didn't have email addresses or the like, so for some of us older fol

Microsoft and $$$

What were we to expect with money to be had? They need something to justify that ridiculous price tag they've given themselves. Users = dollar signs to them. It's funny how every time they add a feature that invades the users' privacy to make money, they release some statement like "Oh, once users calm down, they'll find these services to be useful." Putting in privacy controls and restrictions later means they get away with more and only have to patch what users find out and complain about. That being said, don't claim malicious intent where ignorance is just as likely the cause. (Full Disclosure: I was one of the users who has been banned from Facebook for posting negative comments ("spam") during the mini-feeds debacle. So I have some negative bias.)

Re:Microsoft and $$$

This is all a bit silly to me. Ok, so people are annoyed at Facebook, and I see the story has been tagged BigBrother. That's utter rubbish for a start, but of exactly the kind you expect from people who don't really know what big brother represents in 1984, or never read the bookt.

Why can't it be Big Brother? It's an elective free service, which is two things that the figure Big Brother in 1984 most definatelly does not represent. You are under no obligation to use it. That's all there is folks, don't like it? Don't use it, problem solved.

People do like it though, most of the people I know who are on it don't care about this new storm+teacup, which they view as, well, not worthy of notice. Facebook does what they want, end of problem. I use it too. Ok I block the sidebar beacon adverts, but otherwise I like it.

Oh yes, and online shopping is going to be tracked by everyone who can possibly manage it soon. It's big, big money. So Facebook are doing it now, well, give it a year or so and try to find a free online service of this type that doesn't do tracking, or promises not to in the future.

I think you better look up Diogenes for advice first mind.

Re:Microsoft and $$$

Why can't it be Big Brother? It's an elective free service, which is two things that the figure Big Brother in 1984 most definatelly does not represent. You are under no obligation to use it. That's all there is folks, don't like it? Don't use it, problem solved.

Now, if I remember correctly (I haven't read 1984 for a few years now), it is Big Brotherish. I mean, sure, it's not enforced, default, systematic spying by a government, but the Big Brother scenario did not get that way overnight in the book. It took many years of phasing in. I think it's discussed in the part where the main character is reading Emmanual Goldstein's highly illegal and very sensational alternative history of the world. (Even that bit is ringing true nowadays)

Re:Microsoft and $$$

You're going to seriously tell me that when all these people joined FB of their own volition that they wanted their web browsing habits to be tracked, stored, and probably acted on in some fashion? I think it's more likely that they joined so they could hook up with their friends...you know, kind of like what FB was actually about. The subsequent invasion of privacy, tracking and collation of personal habits certainly IS very 'big brotherish' if you want to participate in modern society in any meaningful form. Or you could sever all ties to the internet, "opt-out" and go and live under a rock, is that the choice that what you call 'capitalism' has given us?

Earning user trust requires honesty.

The problem here isn't just that Facebook is collecting private information. Any company could say "look, if you use our service, here's what we're going to collect and what we're going to do with it," make a good-faith effort to inform everybody what's about to happen and how it works, and then proceed.

The problem is that Facebook is lying about it, and doing so repeatedly.

1. Zuckerberg led the press and advertisers to believe [nytimes.com] that Beacon would be opt-in (it would publish only with the user's consent) but launched Beacon as an opt-out feature (it published without the user's consent).
2. Both the original design [facereviews.com] and the current design [facereviews.com] of Beacon announce to the user that a story is being sent to their profile. They do not present themselves as a choice; they do not ask for consent; they present themselves as a notification that something is already occurring.
3. Even though the new design is "opt-in", the notification has only one clearly emphasized button: "Okay". A design that offered a true choice would offer two equally clear buttons (e.g. "Publish" and "Cancel"). Again, the design is crafted to give users the impression that they have no choice.
4. Facebook collects information about its users' activities on other sites through Beacon despite public statements to the opposite. According to Stefan Berteau [ca.com], Facebook does this even when you are logged out and even when no notification is displayed.
5. Facebook did not give its users reasonable advance notification that it would start publishing information about their activities on other sites. It just went ahead and did it. And Facebook is still not being upfront about the fact that it is collecting this information.
6. Facebook continues to refuse to let users just turn off Beacon. Instead users have to individually refuse Beacon for each partner site, and they cannot do this in advance; they can only do it at the moment a partner site is about to publish a story on Facebook. Again, they are clearly trying to maintain as many obstacles as possible for users who simply don't want this information shared.
7. Facebook's official response [facebook.com] is disingenuous and insulting. The problem is not that Beacon "can be kind of confusing"; it is obviously designed to mislead. Facebook's Paul Janzer wrote:

   While we know "global opt-out" seems like the easiest solution, we believe that if we provide you with full control over your information, you and your friends can get the full benefit of sharing information and connecting on Facebook.

   Of course, if they really wanted to provide users "full control over [their] information" they would let users turn Beacon off.

How to avoid Beacon

From a comment on TFA:

Facebook users who also use Firefox to browse the we can prevent facebook's beacon from reporting by doing the following: download the BlockSite Add-on for The Firefox Browser. Under the tools menu, select "add-ons" Select the BlockSite Add-on and edit the preferences. Under the Blacklist, add a new site with the "add" button. enter the URL "http://*facebooks.com/beacon/* Hit return twice and you are good to go.

I wonder if he actually meant "*facebook.com" without an S, though.

Is *that* what that was?

I was playing some rinky-dink flash game on kongregate.com and all of the sudden a little DHTML window panned up from the bottom of the browser and said "Tower Defense has added a story to your Facebook profile."

At that point I had three questions:

1) What is a flash game site doing talking to Facebook?
2) How do you know what my Facebook ID is?
3) Where the fuck do you get off?

I had to go several menus deep in Facebook to figure out how to opt-out of this crap. I haven't been back to kongregate since. Absolute crap.

Re:Let them know

Um, why bitch at kongregate.com or other sites for using Beacon, instead of just ditching Facebook? Without a Facebook account, this won't a problem on any site.

Re:Let them know

Actually, you can't delete a Facebook account, only deactivate it. After reading the PC World article a couple days ago, I tried to delete mine, and was told that I could log back in any time and it would be ready and waiting for me. Something tells me they don't stop mining data from other sites just because you've deactivated the account, when they're not even willing to delete your favorite brand of toilet paper from your profile. I wiped every bit of information about me by hand, aside from my wall posts, which were simply too numerous.

Re: angry emails to facebook's sponsors

Don't do this because your angry rants can be linked with your facebook account and available for data mining. You do want a job after college I assume?

If you are non-technical:

1. send the sponsors a complaint letter in the post.
2. if sponsor runs a blog,

This would never happen

I'm sure Facebook would never monitor my activity on other si

It looks like you're writing a comment criticising Facebook! Would you like to:

- Delete the comment
- Tell everyone how great Facebook is?
- Add some more useless junk to your Facebook profile?
- Spam all your friends with a picture of a 'cute' travelling bear?

Uh-oh.

"Slashdot has added a story to your Facebook profile."

Get 'em young and innocent

This is just the next in a long line of privacy violations by social networking sites such as Facebook. They target a primarily young and non tech-savvy audience so they can get away with the most atrocious breaches in privacy until they overstep the boundary and do something that's blatantly egregious, even to the most innocent Internet users. With Beacon, Facebook allowed other users to see our online shopping habits. I feel that the latest revelation about Beacon "calling home" won't be as resonant with the general public. We've gotten used to a data-mining culture and don't worry about some faceless "they" having access to all this information. Perhaps if we imagined these personal details being broadcast on national TV, it would be a different story.

Re:Get 'em young and innocent

Yes, but in a culture built around American Idol and reality TV, people WANT to have the personal details of their lives broadcast on national TV! ;)

Facebook == new Google

Google stopped becoming a search engine and is now an advertising company that does a bit of searching on the side. Same will happen to Facebook. You might use it as a social networking site but it WILL become more concerned with getting ads on screen.

A Facebook Satement in Response

CA received a statement from Facebook [ca.com] following their blog entries, which speaks to the use of this data.

Re:Not sure how this works

I would presume that rather than removing cookies upon 'logout', they keep a note of the fact you're logged out, and continue to track that cookie, knowing that the last logged in user was you.

Re:

Probably 'web bugs'. These are usually 1x1 pixel images, placed on the 3rd party page but served from Facebook's domain. The web bug can then access all your Facebook cookies and pass details onto the 3rd party site.

A trick borrowed from spammongers, who e

Re:Not sure how this works

From the horse's mouth on their techniques (emphasis mine).

Third Party Advertising

Advertisements that appear on Facebook are sometimes delivered (or "served") directly to users by third party advertisers. They automatically receive your IP address when this happens. These third party advertisers may also download cookies to your computer, or use other technologies such as JavaScript and "web beacons" (also known as "1x1 gifs") to measure the effectiveness of their ads and to personalize advertising content.

See original here [facebook.com].