When Facebook made the decision to introduce their Beacon advertising system, it led to vocal complaints about the amount of tracking that the system was doing as part of providing the advertising. Fortunately for those upset by the system, Facebook has wound back some of the most concerning aspects of the program - mainly that it would not be sending information about users' Internet activities without explicit permission.
While only a vocal minority of Facebook users apparently took the time to complain, there probably would be many in the silent majority that are not happy with the proposed level of tracking and information disclosure. Even with only a vocal minority, it didn't take long for Facebook to wind back some of the features of Beacon. Having a major advertiser withdraw support for the system (overstock.com) until participation was made voluntary certainly helped make the decision. Having gift purchases highlighted to the intended recipients also doesn't help.
Even though Beacon could be considered to be exploitative of the Facebook userbase, a detailed reading of the Terms and Conditions for use of Facebook show that any information that users place on the site is provided to Facebook with a "irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise".
Not long after the above moves to wind back some of Beacon's features, it was discovered that it was still sending information back to Facebook even for users who are logged out of Facebook. As some observers have pointed out, Facebook's handling of the whole issue has not been the best, and it comes down to several key points:
- Despite assertions that it would be opt-in only, Beacon was launched as opt-out.
- Following the initial redesign, to an opt-in system, it still appears as if Beacon is opt-out only, due to the design of the user interface.
- User activity data collection is taking place without user knowledge on other sites, even when the user is logged out from Facebook.
- There is no global opt-out for all Beacon-enabled sites, with individual opt-in - it is a site-by-site case, and only when one of the partner sites is going to publish information on Facebook.
Finally, after a week-long period of vocal user complaints and poor press reports, Facebook modified how Beacon worked, allowing Facebook users to turn it off completely. Despite being a move to address the privacy concerns raised, some are concerned that it has taken so long for Facebook to recognise that it was a privacy-related issue - especially given the amount of information that Facebook already has on its users.
It doesn't necessarily seem that things are all good, though, with the suggestion that Facebook will still be collecting information from third party sites even if users have opted out from the system (based on user comments). Concerned users can base their decision on which sites to block on the following list.
30 December 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.