Facebook Beacon privacy hubbub…

The Facebook Beacon privacy issues are swirling around blogospere today (here, here, here, here and here).

There’s a lot of technical analysis deconstruction Beacon behavior and some packet traces that confirm what’s actually happening on the wire.

One thread discusses the issues surrounding gathering affiliate interactions when a user is not logged into Facebook.

I think these all miss the point. The fundamental issue here is opt-in vs. opt-out, and their obfuscated variations. Not when tracking occurs.

That said, it seems to me that gathering affiliate activity while you are not logged in is the proper way to do this.

Assuming that I do want to share my on-line behavior with my friends I’d want that activity to be captured whenever it occurred regardless of being logged in or not. Then when I am logged in, I can opt-in/out per activity. Seems pretty logical if you as me.

Otherwise, I’ve got to be logged in all the time (which might be nice for Facebook), or remember to log in before I do anything to be sure that my activity gets captured. That’s silly.

Where would anyone get the idea that this kind of tracking activity would be contingent on being logged in?

If anyone needed another reason to block Facebook .js this is it. Here’s how.

UPDATE: I guess I should have actually looked at what Facebook’s FAQ said before I posted this. Right there, in the very first sentence it states:

If you are logged in to Facebook and visit a Beacon Affiliate, an action you take (like writing a review or purchasing an item), may trigger that website to want to publish a story to Facebook. Before that happens, a notification will display in the lower right corner of your screen. If you click “No Thanks”, no stories or information will be published anywhere on Facebook. If you click “Close” or ignore the story, the story will be sent to Facebook, but not yet published.

So, I guess that’s the answer to my question where someone would get the idea that their activity is contingent on being logged in.

Which makes this even more troubling. The actual behavior of the system seems quite logical to me, but this FAQ is clearly misleading. Furthermore, it is inconceivable to me that given the scrutiny that they are under right now these documents were not carefully reviewed, which signals to me that they’re parsing things too carefully. Trying to make things more palatable than they really are.

I find it even more astonishing that as of Sunday 2PM PST this document has not yet been updated!

  • Privacy-shmivacy, check out this paper: http://arxiv.org/PS_cache/cs/pdf/0610/0610105v2.pdf

    “We present a new class of statistical de-anonymization attacks against high-dimensional micro-data,
    such as individual preferences, recommendations, transaction records and so on. Our techniques are
    robust to perturbation in the data and tolerate some mistakes in the adversary’s background knowledge.
    We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous
    movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We
    demonstrate that an adversary who knows only a little bit about an individual subscriber can easily
    identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of
    background knowledge, we successfully identified the Netflix records of known users, uncovering their
    apparent political preferences and other potentially sensitive information.”