From http://www.ideashower.com
Nate Weiner November 30th, 2007 18 Comments
Today Facebook announced new updates to Facebook Beacon, which you can read about here. However, the thing that struck me most was an answer from an interview by the New York Times with Facebook’s Chamath Palihapitiya, vice president of product marketing and operations at Facebook.
Q. If I buy tickets on Fandango, and decline to publish the purchase to my friends on Facebook, does Facebook still receive the information about my purchase?
A. “Absolutely not. One of the things we are still trying to do is dispel a lot of misinformation that is being propagated unnecessarily.”
Now that… is not exactly true. And I tested it this morning.
Using the Firefox Plugin, FireBug, you are able to look at all of the requests that your browser makes. It also shows you the data and response that is sent along with each request.
So I went back onto Kongregate (sorry Jim), and opened up a game. After a few minutes the Facebook Toast popped-up (This is the little window that appears in the corner) letting me know it was sending the data to Facebook. I clicked ‘No Thanks’.
So, by all means I ‘declined to publish my action on Kongregate’. Regardless of this, Facebook absolutely received data on my action.
See for yourself, here is a list of all the requests that are made when Beacon fires up the Toast.
But what you have to look at is the data is sent with all of those requests. I’ll just show you one of the scripts. The bold name (such as ‘action_name’) is the name of the variable, and the text to the right of the variable is the data for each variable that was sent.
As you can see, regardless of the fact that I clicked ‘No Thanks’ the data of my action as well as the url of the page I viewed was indeed sent to Facebook. In fact, clicking ‘No Thanks’ sends no additional data to Facebook, all it does is run javascript to close the Toast window.
As I said previously, just because we can’t see the data (by opting out), this doesn’t necessarily mean that the data is not there. I’m not saying that Facebook is storing this data, there is no way for me to know. But they are without a doubt receiving it.
So the question that Facebook absolutely needs to make clear is simply: “When we click ‘no thanks’ or opt-out of a site, is that data then being deleted and therefore not stored anywhere?”
All / General / Reviews / Support / Suggestions
I honestly don’t understand the BFD people are having with Beacon. There wasn’t close to this much of an uproar (some but not much) when Gmail came out and was effectively “reading” your email.
Does facebook need to fix Beacon to ensure that EVERYONE gets the chance to opt out of the Toast pop-up? Yes, of course. But Facebook is about sharing, networking, all of that fun stuff– and I am afraid this uproar may kill off early one of, in my opinion, the coolest advancements on the web to come around in a while.
November 30th, 2007
madthoughts
@madthoughts:
I agree, it’s a very cool system. But one which has many implications in regards to people’s privacy and therefore should be as open and clear as possible. We should know exactly what it saves, and we should all have the option to not use it. It shouldn’t have to be a BFD.
Also, Facebook is about sharing, but it’s about sharing things you choose to share. There is nothing that appears in your profile that you did not opt to enter yourself.
November 30th, 2007
Nate Weiner
I would hope that when you click “no thanks” the information isn’t even being created. Deleted is good, but if it never existed, it can never be stored.
November 30th, 2007
Andrew
@Nate I totally understand your point of view, although I never opt’d in for the “What’s Popular in Your Network” ads that pop-up in my newsfeeds. But something about this controversy strikes me as Facebook “hatin’” or Anti-Zuckerberg zealousness.
But as I stated before– look at Gmail. Reports have shown that Google saves email long after I’ve ‘permanently’ deleted them and their servers comb through everything I send looking for contextual keywords to place ads. They are reading my emails. [I love gmail BTW :)]
Beacon is a simple statement: Your friend, XXXX bought/looked at/added/ YYYY. Add to that you can simply click ‘No, thanks’.
To me its far less invasive and actually quite innocuous compared to the data other sites keep.
Their recently announced solution, not adding it to the news feed until you’ve logged in and told it to do so, sounds like a fair enough comprimise.
November 30th, 2007
madthoughts
“No thanks” should mean “don’t collect any information about what I just did online” not “don’t publish any information about what I just did online”.
While it’s great that the XXX movie I just (hypothetically) purchased online won’t appear in my Facebook newsfeed for all to see, what I want is for Facebook to never know about that purchase at all without my permission. Not “publishing” data about my online activities is not the same as not collecting data about my online activities. So, good for Facebook for not publishing private data about my online activities for all the world to see without my permission. Now, they need to take it a step further and stop collecting private data about my online activities without my permission. If they don’t, I’ll be disappointed!
I was never concerned about my FRIENDS knowing about my third-party interactions without my permission, I was concerned about FACEBOOK knowing about my third-party interactions without my permission. And I still am.
November 30th, 2007
George
I agree that this is a major concern. Facebook’s privacy policy is pretty scary. (ie; you have none and they can do anything they want with your information in perpetuity). If they are collecting information against your expressed wishes via third parties, what control do you have over your information at all?
I would think that those third parties seriously need to look over their own privacy policies. They may well be in violation of them.
Regardless, this process is creating a maze which will make it more and more difficult to maintain control over our information as well as making it more difficult to to action when legal boundaries are breached.
This is skating very close to the line, in my opinion.
November 30th, 2007
cerebralmum
@madthoughts
I can’t believe that you are so ignorant (still) about Gmail. They are NOT “reading your emails” for heavens sake. It is electronically and automatically scanned to target advertisements! This scanning of email is done by every single email provider with spam protection!
Also, the issue here is that even though you may say “no thanks” and opt out of Beacon, Facebook still takes your data… even though you said no.
November 30th, 2007
Anonymous
“there is no way for me to know. But they are without a doubt receiving it.”
If you look you can view the _POST_ data and _GET_ data with firebug. There is a way you “know”.
November 30th, 2007
ben lemasurier
Although I agree that privacy is a big deal. I don’t see why this is… Does it only pop this thing up when you are logged into facebook? I have a facebook account, but can’t be stuffed testing, although I have never seen this pop up… But if that is the case, then can’t you just not log in to facebook while browsing other sites. That way there is no way for facebook to collect information about you… Who stays on facebook for more then 5 minutes anyway? It is so boring…
November 30th, 2007
ediblethoughts
How do they know that it is *you* who is shopping on *your* computer? What if a bunch of people use the same computer? Is it from the email you use on, say, Amazon? Or is it just cookies on the computer? Becuase this is all a problem…
November 30th, 2007
hank
@ediblethoughts & hank:
Beacon works by accessing your Facebook cookie when you are browsing other websites. You don’t have to be logged in to Facebook at the time. There could be a cookie from a previous login on your computer and that’s all it needs .
November 30th, 2007
Nate Weiner
You can actually opt out of sending Facebook any info at all in Kongregate’s notification settings.
November 30th, 2007
Chris Pasley
anyone ever realized that what our computers broadcast on the internet is essentially words that we say ourselves, with regard to slander//lible suits?
if we inform our computer that we do NOT want something to be said, anything that our computer says that we say not to is essentially slander/lible.
so.. what is it that we do about this?
November 30th, 2007
Mike
@Anonymous
Semantics: Gmail does “read” your email. It is unwanted and for benefit of marketers. Versus scanning for spam or viruses which nis done for my benefit and my desire.
same concept for facebook: expectations, desires and benefits. Maybe is time we redefine some concepts.
November 30th, 2007
Frederik Pohl
Use the BlockSite add-on for Firefox and add the following to the blocked sites list:
http://*facebook.com/beacon/*
November 30th, 2007
Carnivore
@madthoughts: All reputable systems providers keep backups for long periods of time, and there are legitimate reasons for doing so. The real question is what sorts of controls a provider has in place to protect the data they have, whether that data is stored in a live system or on a backup tape. As for gmail, there is no comparison between it and Beacon. I don’t know much about the technical details of gmail, but if ALL it does is scan email for keywords — that’s a big IF — but if that’s all it does, it seems harmless. As has already been pointed out, this is no different, as far as invasion of privacy goes, from spam filters. For that matter, it’s not different in any important way from what the system has to do just to deliver the email to your screen so you can read it.
@Ben: Nate said that he had no way of knowing whether Facebook was *storing* the information it received (e.g., in a back-end database). POST and GET won’t tell you that.
November 30th, 2007
Lee Shepski
One thing that you people are completely overlooking with respect to your analysis of Gmail is that all of your e-mail is read by means of spam detection software. It happens through text scanning and data mining. This has been happening for years. Gmail’s ads system most likely works in the same way. It’s automated.
As for Facebook, this is a direct conveyance of user actions and preferences. It matters. Whereas Gmail uses aggregate data for analysis and ad suggestion, this is informing of your specific purchasing suggestions. It’s pretty scary. Outside of this, it’s pretty evil on the part of Facebook. It should have been opt-in from the start.
As for anti-Zuckerburgisms, one thing you must understand is that this is a backlash against Facebook and Zuckerburg’s hubris. It’s not irrational. It’s a case of an immature company making unwise decisions.
December 1st, 2007
John Yuriks
oh boy. here we go again…
well, as it was obviously expected, Facebook already issued a statement explaining that this is due to their technological implementation of login (obvious: it was based on cookies, people!). More details here: http://community.ca.com/blogs/securityadvisor/default.aspx
Yeah, we need to keep an eye on those guys, but I’m tired of people making up conspiracy theory stories just to to attract traffic to their blogs. gmail is much more a concern and no one complains anymore. Behavior targeting is slamming at our doors and has much worse implications, Cell phone operators have a ridisculous rich amount of information about all us, and we quietly take it for granted.
let’s grow up and face it. We should worry more about with what the company DOES with the data, than with the amount of information they have.
December 1st, 2007
guilherme ambros
Anonymous
Leave a Reply
Name (required)
Mail (will not be published) (required)
Website
Type of Comment:
Posted in: Blog • Comments Feed: RSS 2.0 • You can leave a response, or trackback from your own site.
Ideas
No comments:
Post a Comment