PCWorld is running an article saying that facebook’s beacon is more invasive than previously thought:
“The first two cases involve the transmission of user data despite ‘No thanks’ having been selected on the opt-out dialog, and are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication,” [Stefan Berteau, a Computer Associates senior research engineer,] wrote in the research note.
Berteau’s claims directly contradict public statements by facebook representatives, including Chamath Palihapitiya, vice president of product marketing and operations. Berteau’s note can be found here, where it looks like they’ve updated to mention that Facebook now claims that it does not retain or use data receives from logged-out users. Facebook’s short statement can be found here. I’m having trouble understanding how it can be ‘technologically’ necessary for a partner to send data to facebook silently. A slashdot commenter sums it up nicely:
The problem is that Facebook is lying about it, and doing so repeatedly.
- Zuckerberg led the press and advertisers to believe [nytimes.com] that Beacon would be opt-in (it would publish only with the user’s consent) but launched Beacon as an opt-out feature (it published without the user’s consent).
- Both the original design [facereviews.com] and the current design [facereviews.com] of Beacon announce to the user that a story is being sent to their profile. They do not present themselves as a choice; they do not ask for consent; they present themselves as a notification that something is already occurring.
- Even though the new design is “opt-in”, the notification has only one clearly emphasized button: “Okay”. A design that offered a true choice would offer two equally clear buttons (e.g. “Publish” and “Cancel”). Again, the design is crafted to give users the impression that they have no choice.
- [...]
- [...]
- Facebook continues to refuse to let users just turn off Beacon. Instead users have to individually refuse Beacon for each partner site, and they cannot do this in advance; they can only do it at the moment a partner site is about to publish a story on Facebook. Again, they are clearly trying to maintain as many obstacles as possible for users who simply don’t want this information shared.
- Facebook’s official response [facebook.com] is disingenuous and insulting. The problem is not that Beacon “can be kind of confusing”; it is obviously designed to mislead. Facebook’s Paul Janzer wrote:
While we know “global opt-out” seems like the easiest solution, we believe that if we provide you with full control over your information, you and your friends can get the full benefit of sharing information and connecting on Facebook.
Of course, if they really wanted to provide users “full control over [their] information” they would let users turn Beacon off.
{ 1 } Trackback
[...] made a play for more attention by re-rolling their previous story, this time focusing on the potential that beacon has for harvesting data from people who [...]