Caveat Emptor - let the buyer beware - once meant watch out that the seller of the goods wasn't going to foist dodgy stuff on you. In Facebookland it means not just that but that Big Brother (Frater Magna) is watching you.
And, as we noted in
an earlier post, our understanding was that it doesn't switch off just because you opt out (We couldn't see how it would work otherwise).
We were first concerned about this when we were
thrown off Facebook (because we are a small blog), since the implication of the way this technology works is that once you have a Facebook Profile, you can still be tracked
even if you are deleted or delete it.
This point was missed by most of the blogosphere, but now those
smart guys at CA have tested it and found it to be so:
Third party sites which affiliate with Beacon are given javascript code to place on specific pages. From a high level perspective, this code and the further code it pulls in from Facebook.com takes the following actions:
1. Prepares a series of variables to be sent to Facebook. These include a request to queue information, the url of the item viewed on the affiliate site, modified to include a Facebook tag, a random number, the "source id" (presumably a unique affiliate number), and the referring URL, including any variables.
2. Calls a page on facebook.com (http://www.facebook.com/beacon/auth_iframe.php), passing as parameters the variables which were previously prepared.
3. If the browser has previously been used to access facebook.com, a Facebook cookie is sent as well. This contains a randomly generated ID, and if the user has ever selected "remember me" while logging into Facebook, it will also contain their Facebook login ID.
4. At this point, if the user is currently logged in to Facebook, a javascript function is called to pop up an alert window, asking if they want to publish this item to their feed. If they opt out, the feed is not updated, but by this point all the information mentioned above has already been transmitted to Facebook.
To test this in real life, I created an account on epicurious.com, and tried saving three recipes as favorites. The first recipe was saved while logged in to Facebook in the same browser session. An alert appeared allowing me to opt out of Facebook's publishing this as a story on my feed, which I did. The second one was saved after I had closed the Facebook window, but had not logged out or ended the browser session. The same alert appeared, and I opted out again, selecting "No thanks". I then closed the browser entirely and launched a new session. After confirming that I was not logged in to Facebook, I saved the third recipe. No alert appeared.
I then checked the network traffic logs, and was dismayed to find that in all three cases, data about where I was on Epicurious, what action I had just taken, and what my Facebook account name is was transmitted to Facebook. The first two cases involve the transmission of user data despite "No thanks" having been selected on the opt-out dialog, and are are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication.
We have written to Facebook asking them to confirm that we would not be tracked, and that our data would be deleted in accordance with UK Data Protection Law, but to date (some days later) we have still not received an answer.
Not surprising really, given this evidence.........
Update...it seems that even the Advertisers fear to tread where Facebook is rushing in....Coke has as near as damn it damned them. For Facebook, it is no longer the case that "
Res melius evinissent cum Coke"
Not only that, but Facebook has tried the "Merda taurorum animas conturbit" PR gambit, with this a typical example (courtesy
The Henry Blodgett):
Matt Hicks, a Facebook spokesman, said Mr. Zuckerberg had meant that users would be given the opportunity to opt out of having information sent out by Beacon, and the company had assumed that anyone who didn’t say no meant yes.
Update...Dare Obasanjo thinks that even non Facebook users' purchase data
goes to Facebook! I'll wait for confirmation from one of the security teams that this is true, but as far as I understand UK (and European) data protection law, this is probably illegal.
If all this doesn't break the trust users have in Facebook, we can only assume that P T Barnum was correct, but in our view Facebook has now blown it - They greedily jumped from a rational "Opt-In" to an "Opt-Out" system at the 11th hour, hung on far too long despite genuine user protest, gave way with ill grace and were cheating via the backdoor anyway. We said they
didn't have a cluetrain when Beacon came out, and their
monkeying around since has only made things worse.
And what now of the $15bn valuation then - Non Gradus Anus Rodentum!
