I previously complained about Facebook’s Beacon and Social Ads, and last week Facebook appeared to back down (at least from Beacon) by changing its policy and having users opt-in before their activities on other websites is broadcast on their profiles. I applauded Facebook’s change of heart.
But there are more disturbing aspects of Beacon that have not been changed. According to Macworld:
If you think that just because you have never signed up for Facebook you’re immune to the tracking and collecting of user activities outside of this popular social networking site, think again.
Facebook’s controversial Beacon ad system tracks activities from all users in its third-party partner sites, including from people who have never signed up with Facebook or who have deactivated their accounts, CA has found.
Beacon captures detailed data on what users do on these external partner sites and sends it back to Facebook along with users’ IP addresses, Stefan Berteau, senior research engineer at CA’s Threat Research Group, said Monday in an interview.
However, it is well-known that IP addresses provide a variety of information about users, and have in some cases been used to identify individuals.
The information captured by Beacon in these cases includes the addresses of Web pages visited by the user and a string with the action taken in the partner site, Berteau said. . . .
Over the weekend, Facebook confirmed that Berteau’s report on Friday was accurate, but said that it deletes the data it gets under these circumstances.
Still, Friday’s findings deepened the privacy concerns surrounding Beacon since its introduction several weeks ago. And the admission Monday added to the concerns, since it contradicted what had, until then, been the official company line about this issue.
For more, see Michael Zimmer’s post.
A while back, DoubleClick generated many privacy complaints. DoubleClick used information about people’s websurfing habits to target ads on various websites. Facebook’s Beacon appears to be a related incarnation of the DoubleClick advertising model.
Facebook is not the only one to blame with Beacon. About 40 websites participate in the Beacon program, including:
* CBS Interactive (CBSSports.com & Dotspotter)
* National Basketball Association
* Sony Online Entertainment LLC
* Sony Pictures
For a more complete list of these companies, see this post on the Consumerist blog.
Hat tip: Pogo Was Right
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.