Thursday, November 22, 2007

Beware Facebook: New advertising scheme is a privacy nightmare

I use Facebook. I've found it's a nice way to keep in touch with my family and friends. I originally started using it because I thought I could leverage the social networking utility to bring in more readers to my blogs.

So far, I think I've failed in that respect.

Imagine my horror, however, when I started reading posts about people who had purchased something online, only to find that minutes later, their purchase was being announced on Facebook.

Facebook employs a "beacon" that other web sites use to share information about buying habits of its users. You buy something online, the retailer you purchased from shares the data with Facebook. I have no idea how Facebook knows who you are if you're not signed into Facebook, but it seems as though there are people out there who have had their purchasing history shared with Facebook when they weren't signed in. They might simply be using IP addresses, which brings up a whole host of other issues (as innocent as my children buying something online to something as whacked as somebody I don't know spoofing my IP and then buying a giant dildo on an adult site).

Facebook claims that no privacy issues are taking place because only your "friends" see these notices.
User privacy is extremely important to Facebook. We designed Facebook Beacon to enable effortless sharing, but we've also put in features to protect user privacy. When you send an action to Facebook, the user is immediately alerted of the story you wish to publish and will be alerted again when they sign into Facebook. The user can choose to opt out of the story in either instance, but the user doesn't need to take any action for the story to be published on Facebook.
First of all, that policy could change. Privacy policies and other policies of companies largely are one-way agreements where the company holding the agreement holds all the cards, and if you want to use the site, you have to agree with the policy.

Second, the key to Facebook success (or any other social networking site like MySpace) is getting as many friends as possible. Many of these folks are not friends, but internet acquaintances that could turn out to be stalkers, creeps, or other sorts of miscreants. Maybe even killers.

Thirdly, now the "beacon" shares purchasing history. But it could share browsing history. Imagine how you might feel if you type in the wrong URL and instead of going to visit the White House, you instead visit a porn site (typing in "" used to take the surfer to a porn site, now it takes you to an election-type site that is in no way affiliated with the White House).

In any event, I, for one, do not wish to share what I do outside Facebook with Facebook, true friends or not. This newfangled advertising money grab is just too creepy for me to accept. So, I stumbled upon the Idea Shower, a site whose author, Nate Weiner, dreams up solutions to problems. Sometimes, he devises the solution himself, like in Read it Later; other times, he finds an existing mechanism that then may need to be tweaked a bit.

"Block Facebook Beacon" is one of those instances where Nate employs an existing piece of code and applies it to a specific use. The details, and how-to solution, are featured in this post.

I highly recommend you install the Firefox extension in every computer you use. I also recommend setting up your Facebook preferences (External Websites) to not share any third-party information with Facebook.