Friday, November 30, 2007

Facebook's Beacon: It's Easier to Ask Forgiveness Than Permission

Facebook recently released a new feature that it calls Beacon. Basically what this feature does, is when you shop online (or interact with a website in some way, such as posting a review, etc.) at a site that has signed up with Facebook, that site sends information about what you do to Facebook, and Facebook updates all of your friends. The idea being, that the sites that send your information to Facebook get referral business from people learning that you visited their site, and Facebook gets to hone its consumer profile of you, and serve you more relevant ads, and collect better market research about you. (Facebook is big on data mining.) Sounds great, right? In order to placate your privacy concerns, Facebook gives you two opportunities to opt out:
  • Before the site sends your information to Facebook, a small pop-up appears in the window. If you don't click it, or if you wait too long (20 seconds), it assumes you have no objection, and sends the data to Facebook.
  • The next time you log in to Facebook's site, it presents you with the opportunity to not display the information to your friends. If you don't exercise this opportunity (like, say, you simply go and do what you went to Facebook to do in the first place), the information is added to your feed for all your friends to see.
Do you feel violated yet? You should. First of all, under no circumstances (except in cases where I specifically opt-in) do I want any information whatsoever sent to Facebook about any of my online activities external to Facebook. I do not want them to know my Amazon.com shopping habits, nor do I want them to know that I even have an Amazon.com account, unless I tell them specifically, and then I want explicit control over exactly what information is sent, when, and how. The opportunity to opt-out is unacceptable. This should be an entirely opt-in system. Amazon should not be sending any information to Facebook, until I permit them to do so by telling Amazon that I want the information sent. I have strong objections to Facebook's "it's easier to ask forgiveness than permission" philosophy (think Application invitations/notifications/annoyances), especially when it comes to collecting user data. Any site that tries to send its users' data to Facebook without their express "opt-in" consent will not be getting any of my business, and I intend to tell them exactly why they are not getting my business. Second, automatically displaying a user's online activities for all their friends to see is just a bad idea. We can all imagine situations where this would be a bad thing, from buying gifts, to embarrassing purchases, to information that you simply don't care to broadcast to your entire acquaintance. Now, there are times when I want the whole world to know that I bought a ticket on Fandango, or wrote a review of a product, or joined this-or-that forum, or participated in this-or-that discussion. In fact, the RSS/Atom feed to this blog is automatically posted to my Facebook profile as notes. There are certainly things that I have chosen to publish to all of my Facebook friends, including the information on my public profile. The point is that I took the initiative: I specifically chose to share these things. They are under my control, by my choice. So, what is my course of action? Any website that participates in Beacon, and does not do so with the users' explicit permission and control (i.e., they ask whether or not to contact Facebook in the first place, before Facebook's servers are contacted) will not get any of my business. I will not shop/participate there, and I will in stead send them a short e-mail message telling them exactly why I refuse to do so until they allow the user to control when and if Facebook is contacted. Also, I am using Firefox's AdBlock plug-in to block "facebook.com/beacon/*", which should prevent the servers from being accessed in the first place. If Facebook continues its cavalier attitude towards user privacy, I will delete my account and tell them to remove absolutely all data associated with my account (because, apparently, deleting one's account does not accomplish this).
Update: Apparently, Facebook has responded to the consumer backlash regarding their Beacon service, and so they will be requiring a user's "opt-in" consent on a site-by-site basis. However: they are still collecting all of this information for themselves. This is still an unacceptable solution, and is designed to get sites not to prompt a user before sending the information.

Thursday, November 22, 2007

Viva La ResolutiĆ³n

Terrestrial exodus? Death? Oh, please. Mostly I blame my dearth of bloggy effluence on the time leech that is Liz, but it's not as if I haven't been busy before, and still found time to blog. I've been doing lots of memorable things; hanging out with great friends 'till all hours of the night: solving the world's problems, and bearing consternation at our own before the Throne. I haven't been dancing as much lately. It is both a symptom and partial catalyst of my mental discomfort. I miss it physically; my body is anxious for exercise, but tomorrow morning, I will satiate it well enough with paintball. I think the main reason I haven't been posting to my blog lately is that my mind hasn't been settled: I write about what I think about, but often, I cannot write my thoughts, particularly if they are unresolved. Certain breath-bated of my readers will be happy to know that resolution is at hand0. As a P, I tend to thrive on a certain level of uncertainty, ambiguity, and cavalierness, much to the chagrin1 of the Js in my life. This, however, only extends to a point2. My free-spirited intuition must have its basis in truth, and I cannot remain permanently in a state of flux3.
0And, presumably, as a consequence, more frequent posts. 1And intrigue, admit it! 2Or it might be considered a fault, which would be inconceivable. 3The monotony of it would be terribly boring.