Update: Three weeks is a long time on the Internet. It was on Nov. 6 that I raised the question: Is Facebook Beacon a Privacy Nightmare? Three days later, my next post, Facebook’s Cruel Intentions elicited some response from the Palo Alto, Calif.-based company, which responded and clarified their position. But soon after, the situation got a bit out of control. MoveOn.org got involved and the whole thing started to look like a major PR disaster.
In a classic example of marketing doublespeak, the company saw privacy concerns as an issue in the minds of pundits. (Never heard them complain about pundits praising their “innovations.”) A few hours later, the Palo Alto-based company outdid John Kerry when it came to flip-flopping and announced what are being perceived as big changes to the Beacon system. Why? Because it was not the pundits, but instead Facebook users who were up in arms about it. Facebook finally backed down, more or less acquiescing to the demands of those concerned about its seemingly blatant abuse of privacy of its fast-growing user base. Now you are explicitly asked whether to publish or not publish the information that is being innocuously called “stories.” There doesn’t seem to be a universal opt-out, however.
Regardless, I think it is laudable that Zuckerberg’s crew is at least listening to its community and responding accordingly. [FAQ on New Beacon] Of course, the cynical take on this would be: it isn’t the last time they are going to test the outer limits and see what they can get away with. And how much of these changes were instituted to ensure that the potential advertising partners don’t get scared, putting the future revenue streams at risk? (Maybe the Beacon flip-flop was influenced by the fact that Facebook was negotiating to get a $60 million investment from Li Ka-Shing, the Chinese tycoon who has previously made a killing with his tech investments.)
There is one issue that remains unanswered. During my initial inquiries, when I asked the company executives if Facebook continues to collect data even if that data (stories if you may) wasn’t published. They assured me that is not the case, and gave me written and verbal assurances. Those doubts have resurfaced, largely because of the language used by Facebook in their statement regarding changes to Beacon.
If a user does nothing with the initial notification on Facebook, it will hide after some duration without a story being published. When a user takes a future action on a Beacon site, it will reappear and display all the potential stories along with the opportunity to click “OK” to publish or click “remove” to not publish.
Following their argument, unless they are storing information being sent to Facebook from the partner sites, it is unlikely that “all potential stories be published at a later stage.” It can’t be auto-magically recreated from thin air.
Users will have clear options in ongoing notifications to either delete or publish. No stories will be published if users navigate away from their home page. If they delay in making this decision, the notification will hide and they can make a decision at a later time.
If you decide to opt out completely, you are in the clear, but if you forget to do so, and take no action, then the Facebook system will keep collecting data. In other words, Beacon continues to do its job — collect information from partner sites and also fine-tune the advertising system. From that perspective, nothing has really changed. Except perhaps the public perception that Facebook listens to its community.
(Dan Farber’s take on changes in Beacon is smart and worth reading.)
Update: CA Security Advisor Research Blog has tangible proof and details on information flowing back to Facebook from partner sites.
22 thoughts on “To Save Its Bacon, Facebook Weakens Beacon”
Not quite…opting out doesn’t seem to put you completely in the clear either. The whole thing is very well-worded, but the most you can do, even in your privacy settings, is stop things from getting published to your profile. Nowhere do they let you completely cut off the flow of data from an external site to Facebook (unless the external site gives you such an option).
So yes, you can prevent everyone from seeing everything you’re doing on external sites, but Facebook still gets to gather that info and do as they please with it (i.e. sell it).
Mark has always been very concerned with the feedback of the new features. Facebook somehow manages to handle all these criticism gracefully, just like they did it when they launched news feed.
Is it that Facebook will modify, not spike Beacon ads??? Confusing though…Well its looking like Facebook is up for making some serious changes..Finally, if users fail to approve or decline the Facebook alert on the partner site, Facebook will no longer assume the user is agreeing by omission. Instead, they will offer another, more visible opportunity to opt-out to users on Facebook itself. If no action is taken within two days, Facebook will assume the user complies and will publish the action in the news feed.
Are they trying to catch users off guard??? Or they jst trying an explicit way to know what has happened and for them to publish.
Technology is available for users to realize a distributed social network and own their data. There is no need to depend on an external party.
congrats, officially best title for an article. ever.
Great headline and analysis, Om.
I agree that the fact that this move does nothing about the collection of the data is problematic. It essentially brushes the real privacy issues under the rug.
Beacon CAN be really powerful, in a way that’s meaningful for both me and my social network. But the way it was done made it look like purely a data grub for marketers, with little direct benefit to consumers.
I was using other applications to pull in my reviews from Yelp, shared items from Google Reader, etc. on to Facebook before Beacon existed. That worked great because it was my choice.
To be fair they did put in the limitations on the news feed that everyone wanted, I.E. you could tell Facebook what to publish and what not to. that qwelled the tide, because it was enough to appease privacy concerns (the site was still handeling data internally)
This is the same issue over again for most people, a a few of us are also sketched out that we know that facebook is collecting information even if we opt out of the postings on the wall.
So they’re using cookies + Beacon to collect my shopping history? To tell the truth, I think it’s damn bold. Other companies out there are collecting the clickstream wisdom of crowds. FB will be able to collect the actual purchases + reviews of the crowds. With the user-provided demographics, this purchase information will be pure gold for Facebook. FB can use it for better targeting of ads on FB, as the best behavioral targeting ad network ever built or as market data for marketers.
My only concern is that they keep this information anonymous and/or aggregated. No personally identifying info exposed outside of FB.
Well, as long as Facebook has to make money out of the user data, you won’t be able to solve this problem. Fortunately, there is now a social network called Kaioo (http://www.kaioo.com/), which is funded by donations. All incomes are donated as well. The network has no interest in selling user data, because it doesn’t has to earn money. Maybe you should check this out as an alternative to Facebook & Friends…