Published:
December 03 2007, 07:43 PM
by
Benjamin Googins
In addition to the statement we received this past Friday, we have received further communications from Facebook's privacy department, this time directly addressing the silent data transfer to facebook.com.
Hi Stefan,
Thanks for clarifying your concerns. You can prevent stories from
being generated for actions you take on external websites, but this is
different from the data that is shared between Facebook and the
external site. If you prevent a certain partner site from publishing
stories about you through Beacon, the information about the action is
still sent to us. Please note that it is sent for the
purpose of generating the notification on the partner site. However, if your
options are set such that the story won't be published, we discard that
information almost as soon as we receive it. While we do receive this
information, we do not store it in our system. Let me know if you have
any further questions or concerns.
Thanks,
[name removed - Stefan]
Customer Support Representative
Facebook
We have also been contacted by Facebook, and have spoken with them about the privacy issues surrounding Beacon. We are very glad that they are taking this seriously, and are communicating more accurate information to their users about the data flow to facebook.com. We hope that they will take steps to mitigate these issues in the near future, because while the statement that this data is not currently being stored or used is reassuring, the fact that the data continues to be sent to facebook.com continues to pose a risk to user's privacy until a binding, public mechanism is in place to assure that the above policy stays in place, and that users are notified if it ever changes. Facebooks privacy policy is such a mechanism. Officially stating in their policy that they will not store or use data which is not associated with a logged in Facebook account which opted in to Beacon would go a long way towards providing clarity and an assurance of privacy towards their users.
At the present, continuing testing of the Beacon affiliate sites kongregate.com and epicurious.com reveals no change in its operation. We still observe the data being sent when not logged in. If a machine has never been used to access facebook, or has not been logged in with "remember me" selected, then the affiliate data will be sent, but no facebook ID will accompany it. Otherwise, both a facebook ID and the affiliate data will be sent. While logged in to Facebook, user actions taken on epicurious.com continue to be sent to Facebook, including (but not necessarily limited to) saving a recipe, rating a recipe, and reviewing a recipe. This test was repeated 4 different times with different recipes.
The fact that change has not yet occurred is not necessarily a negative indication. Changes to privacy policies should always be carefully thought out, and we are hoping to see Facebook act promptly, but also responsibly. In the coming days we hope to see our privacy concerns addressed by a combination of changes to the Facebook privacy policy, the user interface for opting in/out of the program, and possibly the functionality of Beacon. We will continue to monitor all publicly visible aspects of the Beacon system, and will report any updates here.