12 thoughts on “BeaconGate:Send-Receive Question Almost Answered”

  1. Om, this is definitely good news. That’s been the question that’s been lingering in my mind.

    Beacon isn’t a bad idea, the initial implementation was flawed. Facebook’s reason for existence is to distribute information about your personal life to your friends. That’s what has made it popular to the tune of more than 40 million users and a lofty $15 billion valuation. People clearly want to share their information with their friends. Facebook Photos significantly reduces the friction in viewing photos; as a result it has quickly become the number one photo sharing site on the Web.

    I wrote an analysis on the tradeoffs between different approaches to data collection that your readers might be interested in:

  2. I’m surprised by the sole focus on Facebook. Why isn’t anyone asking what Overstock, Blockbuster, etc. are doing sending data (any personal data) to Facebook without getting permission from their customers first.

    Any reasonable service should require:

    1. Approval to send my purchase information to Facebook (a responsibility of the e-commerce sites, not Facebook).

    2. Approval for Facebook to make the information “public”, with the option to remove it at any time.

  3. I’ve been wondering how many of the partner sites are violating their own privacy policy by transmitting the data to a third party without consent.

    A quick look at the privacy policy for Overstock doesn’t seem to address this.

    This section from Blockbuster comes close:

    “Third Party Features. From time to time Blockbuster may include additional features and functionality from third parties on our Web Sites. Certain of these features and functions, may require Blockbuster to send selected information about you, such as information about your movie queue, to the third party. If you do not wish for Blockbuster to share this information, you will have a reasonable opportunity to opt-out of these third-party features and functions.”

    Of course we know that as of yet there is no “reasonable opportunity to opt-out,” because the data are transmitted regardless.

    Fandango specifically mentions Beacon:

    “Sharing with Social Networks or Other Sites You May Authorize.

    If you are a member of a social network service (such as Facebook, MySpace, etc.) or you use other Internet sites where you have authorized them to gather information about your online behavior on Fandango (for instance, to notify your friends that you have viewed a video or bought movie tickets), including participation in any behavioral reporting program that they may operate on or off of their own site (i.e., Facebook Beacon, etc.), Fandango may share information regarding your activities on our Site or other Service with those third parties pursuant to your authorization, and they may associate that information with Personally Identifiable Information they already have about you (such as your Facebook Profile) and use it to improve their site or services or for other purposes. Fandango does not control the privacy policies of such third parties, and their privacy policies will govern their use of your information once it has been transmitted by Fandango. Fandango assumes no responsibility or liability for the actions of such third parties with respect to their use of your information or otherwise. Accordingly, make sure you are aware of and comfortable with the privacy policies of any third parties that you authorize to gather information from Fandango.”

    It may sound like I’m splitting hairs here, but the technical implementation of Beacon seems to violates this:
    “If you … have authorized them to gather information about your online behavior on Fandango … Fandango may share information regarding your activities.” Again, the data are transmitted regardless of whether you’ve authorized it.

    The right way to do this (in my mind) is to have each site on the confirmation page ask the user if they want to transmit the data. They could have an “always do this” option.

  4. Notification was only the first issue. The collection issue is bigger. Their justification of distributed user profiling should center around user value and control — full user control.

    If I cared about this enough, I’d take the time to compare this to the DoubleClick fiasco of 1999 which, as I recall, also centered around the marriage of personally identifiable information (PII) with browsing behavior data collection. That was a big, big deal — how different from the FB data collection efforts of today?

    Media companies have indeed been profiling us for years — no question. But what has changed with beacon is the marriage of PII (you can’t really get more personally identifiable, can you?) with widely distributed collection of browsing behavior. Many spyware companies of 2003-2004 didn’t have it this good.

    One other note, Facebook’s data collection opportunities aren’t limited to their beacon partners. They can collect valuable user browsing behavior anywhere they want simply by running ads — perhaps even through the MSFT ad network!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.