I put a lot of trust in sites like Facebook to do the right thing when it comes to privacy. After all, the only stuff that gets out into the public is the stuff that I actually put in.
Until now.
Earlier this week, I bought a coffee table on Overstock.com. When I next logged into Facebook and saw this at the top of my newsfeed:
I used my personal email address to buy the coffee table, so I was puzzled why and how this "personal" activity was being associated with my "public" Facebook profile.
(Since I was on Facebook, I updated my status to say that I was trying to figure out Facebook Beacon. And Scott Rafer instantly messaged me that he could explain all -- which he very succinctly did. Thank you Scott!)
Facebook Beacon is merely a small piece of script that allows the partner site to put a cookie on your browser. So when I bought the table, an Overstock cookie was created, which then transferred the information to Facebook. Facebook then checks to see that the same browser is logged into Facebook, and shows the information. I'm not sure of all of the details, but I suspect that if I had logged into my "personal" Facebook account first (yes, I have two Facebook accounts and unless you know my personal email, you won't find my truly personal Facebook profile), that Overstock activity would have been logged to that Facebook profile.
So there's no checking or verification of email address, name, etc. to verify that the activity on Overstock is being done by the same person logging into Facebook. Imagine my horror if items were added to my NewsFeed because my kids were using my computer ("Charlene played DragonFable last night for 3 hours").
So I'm joining a growing chorus of Facebook critics that Beacon has some serious problems. Facebook has made the point that Beacon isn't sharing information publically, but with your friends. That's correct, but I think both the critics and Facebook are missing the point.
The biggest problem is the lack of transparency. Facebook is right in that I would really like to have some things that I do on third party sites to conveniently appear in newsfeed, e.g. events I'm attending from Evite or eBay/craigslist listings so that my friends know about them. That's the promise of Beacon. But I need to be in control and not get blindsided as I did in the example above. I was seriously wigged out, but wouldn't have been if Overstock had simply told me that they were inserting a Facebook Beacon and given me the opportunity at that time to opt-in to Beacon.
And this is the problem for Facebook -- they aren't in control of what their Beacon partners do to notify people that this is happening. Facebook can only control this from their own interface, when the information has already been transmitted between sites, and without my explicit permission.
There's a fine line that gets crossed when behavior data slips from being a convenience to being Big Brother. This is one of those times. Give me back my control by letting me opt-in (not opt-out as is currently the case), or I'm installing the Beacon Blocker.
I'd love to hear your perspective on this issue -- and please send me examples and screenshots!
Link to original post
