This past week has not been very good to Facebook and specifically their Beacon system has been under quite a bit of scrutiny. The privacy backlash spearheaded by MoveOn.org around Thanksgiving continues to escalate as Techmeme is inundated with discussions on this topic. As we now know the gist of the issue was Facebook members began to notice their purchasing habits on third party affiliate sites would automatically appear in their friends news-feed and on their own profile’s mini-feed without the explicit consent of the member. After MoveOn.org got involved and thousands of petitions were filed FaceBook released Beacon 2.0 allegedly fixing the privacy problem. The fix involves a toaster pop-up that appears at the bottom of the beacon affiliate site whenever a defined action was performed by the user - like registering on the website or purchasing items online etc. The pop-up basically gives the user a chance to opt-out of the service i.e not have their actions broadcast on news-feed and mini-feed.
Apparently the pop-up is not behaving as expected. In spite of the user clicking on “No Thanks” or not logging in, the user’s actions are still sent over to Facebook. CA Security Advisor Research Blog did an extensive test to prove the point. I followed the exact steps outlined in the post and was able to reproduce it as well. When they looked at their web server logs they were able to see the HTTP GET request to a FaceBook PHP page with a bunch of parameters or variables set with the user’s information like the URL they visited and the action performed.
Lets not forget, Facebook may be a U.S based company but it’s membership is global. A user in Seoul, South Korea for example may not be too concerned if their purchasing habits are mined without their permission. Lets face it the “right of privacy” and specifically the 5th Amendment’s privilege against self-incrimination, which provides protection for the privacy of personal information, as expressed in the Bill of Rights applies to only U.S citizens and residents. As a matter of fact I’m not even too sure if U.S. citizens care that much especially if the information being collected involves only websites visited and the actions taken. Over the weekend I conducted an unscientific poll while attending a gathering of friends and only one person out of the seven I talked to seemed to have a slight concern. Having said that I’m not condoning or defending Facebook’s actions especially if they were intentional. Social networking sites are hugely user-centric and therefore gathering peoples personal information (without their consent) to be used later for advertising and hence indirectly profiteering from it is blatantly misusing the users trust and quite frankly it wreaks of filth.
However IMO this has gone way beyond the concerns of perhaps a few legitimate complaints about privacy to essentially a media blitz on Facebook.
UPDATE: No word from Facebook yet. Looks like they are hoping this will go away. Robert Scoble talks about this today…..
UPDATE (12/5/07): Ok he has apologized - Lets Move on.
UPDATE(12/6/07): And the attacks continue - I don’t think I’ve ever seen this many discussion threads to one post on Techmeme.