|Facebook and Privacy
||[Dec. 11th, 2007|05:03 pm]
Jen's Sweetie and Code Poet
[Still not dead ;) The recent privacy issues with Facebook Beacon have inspired me to post.]
The Beacon sounds like a neat idea. I like being able to share my (dubious) tastes with other people automagically. I like Amazon's wishlists, Last.fm's automatic music tracking, I've flirted (briefly) with twitter, and played around with some interesting mobile phone tracking tools.
Clearly, I don't mind sharing :) So what's wrong with beacon?
The problem is that they don't give their users (or anyone) a way to control information leakage. It works roughly like this:
- Purchase a product or perform a 'trackable' operation at an affiliated site. (a list of these is available in my first link)
- Some Facebook-provided script is included in the page by the affiliate. This script sends a message to the beacon web service. It looks something like: "A movie called 'The Matrix' was purchased".
- If the user has ever logged into Facebook, the message will have a cookie attached. The message becomes "A movie called 'The Matrix' was purchased by 'Adam'".
- If the user has never logged into Facebook, the person associated with the purchase is unknown. However, they will get a cookie of their own. The message becomes "A movie called 'The Matrix' was purchased by '12345'".
This doesn't seem too invasive for the case of a single 'leaked' purchase. However, it becomes more interesting once many different 'beacons' are sent out. Instead of having a single pseudo-anonymous entry ("Someone purchased 'The Matrix'"), they now have a lot more data to work with:
- Ebay is participating. Now you've leaked your ebay ID if you've posted any auctions. That's much easier to link to a real-world identity.
- Travelocity is also participating. Now you've leaked your travel plans.
They claim that data from users that aren't Facebook members is just discarded. This still isn't acceptable:
- Check out the link for a more complete list.
- It requires that we trust a company that doesn't have any reason to have access to personal information anyway.
- It assumes that they won't change their mind in the future.
Want to disable this completely? Some helpful person wrote a quick howto for firefox.