Close encounter with Facebook Beacon
I put a lot of trust in sites like Facebook to do the right thing when it comes to privacy. After all, the only stuff that gets out into the public is the stuff that I actually put in.
Earlier this week, I bought a coffee table on Overstock.com. When I next logged into Facebook and saw this at the top of my newsfeed:
I was pretty surprised to see this, because I received no notification while I was on Overstock.com that they had the Facebook Beacon installed on the site. If they had, I would have turned it off.
I used my personal email address to buy the coffee table, so I was puzzled why and how this "personal" activity was being associated with my "public" Facebook profile.
(Since I was on Facebook, I updated my status to say that I was trying to figure out Facebook Beacon. And Scott Rafer instantly messaged me that he could explain all -- which he very succinctly did. Thank you Scott!)
Facebook Beacon is merely a small piece of script that allows the partner site to put a cookie on your browser. So when I bought the table, an Overstock cookie was created, which then transferred the information to Facebook. Facebook then checks to see that the same browser is logged into Facebook, and shows the information. I'm not sure of all of the details, but I suspect that if I had logged into my "personal" Facebook account first (yes, I have two Facebook accounts and unless you know my personal email, you won't find my truly personal Facebook profile), that Overstock activity would have been logged to that Facebook profile.
So there's no checking or verification of email address, name, etc. to verify that the activity on Overstock is being done by the same person logging into Facebook. Imagine my horror if items were added to my NewsFeed because my kids were using my computer ("Charlene played DragonFable last night for 3 hours").
So I'm joining a growing chorus of Facebook critics that Beacon has some serious problems. Facebook has made the point that Beacon isn't sharing information publically, but with your friends. That's correct, but I think both the critics and Facebook are missing the point.
The biggest problem is the lack of transparency. Facebook is right in that I would really like to have some things that I do on third party sites to conveniently appear in newsfeed, e.g. events I'm attending from Evite or eBay/craigslist listings so that my friends know about them. That's the promise of Beacon. But I need to be in control and not get blindsided as I did in the example above. I was seriously wigged out, but wouldn't have been if Overstock had simply told me that they were inserting a Facebook Beacon and given me the opportunity at that time to opt-in to Beacon.
And this is the problem for Facebook -- they aren't in control of what their Beacon partners do to notify people that this is happening. Facebook can only control this from their own interface, when the information has already been transmitted between sites, and without my explicit permission.
There's a fine line that gets crossed when behavior data slips from being a convenience to being Big Brother. This is one of those times. Give me back my control by letting me opt-in (not opt-out as is currently the case), or I'm installing the Beacon Blocker.
I'd love to hear your perspective on this issue -- and please send me examples and screenshots!
Update 11/23/07: The plot thickens. It turns out that my husband and I inadvertently both bought the same coffee table from Overstock.com on the same day (yeah, not the greatest spousal communication going on!). I suspect that the order that made it on to my Facebook profile was actually HIS order, because I had additional items in my order.
So that means when my husband purchased the coffee table, because the Facebook cookie on that machine was for my Facebook account (my husband is not on Facebook), the purchase was attributed to my profile. He also did not have any notification that Overstock.com was sending the information to Facebook.
Lastly, some of who have friended me noted that I bought Fandango tickets to Beowulf Wednesday night. I received a very clear pop-up notice at the end of the transaction, and had no problem with that information being added to my profile. Granted, I had advance notice that this would likely happen, so to some people's point, i think that this is a matter of people getting used to this feature, much in the same way that it took a while for Newsfeed to grow on Facebook users.
But remember that Facebook made some significant changes to Newsfeed after it was launched, namely, giving people the ability to control what items made it into the newsfeed, and who in your friends list could see it via limited profiles.
I think that Facebook Beacon will have to undergo some significant retooling -- it has a lot of potential in terms of tying together aspects of my online life, but as I wrote above, I need to be able to have total transparency and control on when this is happening. Reigning in and policing partners like Overstock.com will be an essential -- and tough -- thing to do, especially if Facebook switches Beacon to be opt-in.