Facebook introduces better opt-out, apologizes for “Beacon”

Well, it’s a start: in response to what’s getting characterized as a firestorm of criticism, and Monday’s disclosure that the tracking extends to third-party sites (including IP addresses of people who haven’t even signed up for Facebook), they’ve now followed up last week’s shift to more of an opt-in model with the introduction of a global privacy control that lets users, um, opt out. At least that’s what it seems to me that Mark Zuckerberg’s blog post says:

Last week we changed Beacon to be an opt-in system, and today we’re releasing a privacy control to turn off Beacon completely. You can find it here. If you select that you don’t want to share some Beacon actions or if you turn off Beacon, then Facebook won’t store those actions even when partners send them to Facebook.

It’s a good thing, of course, and Facebook does seem to get it that they screwed up: “We’ve made a lot of mistakes building this feature, but we’ve made even more with how we’ve handled them. We simply did a bad job with this release, and I apologize for it.” Still, it’s just a band-aid; and especially since this is the second time in a year Facebook’s done something egregious from a privacy perspective and then backtracked slightly and slowly under pressure, I really wonder how much user trust they’re losing in the process.

What’s interesting and encouraging is that the opposition to this didn’t come just from privacy advocates or the tech community: there was significant mainstream coverage, and MoveOn getting involved takes things to a whole new dimension (although risks politicizing the issue). This is significant both because it alerts politicians to an opportunity here, and because it strengthens the hand of the consumer rights and civil liberties groups calling for stronger protections. If the call for a do not track list was the “first salvo in the war over behavioral targeting”, then this was the first skirmish — and it’s going in favor of the good guys.*

* in the gender-neutral sense of “guys”, of course


Comments

7 responses to “Facebook introduces better opt-out, apologizes for “Beacon””

  1. Thinking about this more … it would be interesting to look at the various sites privacy policies and see which (if any) of them allow sending data to Facebook without an opt-out. So for example, the New York Times privacy policy says they will not share information with third-party sites, and while IANAL it’s not at all clear to me that the indiscriminate sharing going on here falls within the exceptions they list.

    (cross-posted in the Slashdot discussion at http://yro.slashdot.org/article.pl?sid=07/12/05/2114247)

  2. […] there’s an interesting parallel to my as-yet-unanswered question in the thread about Beacon’s announcement of a global opt-out about whether Beacon caused advertisers to violate their privacy policies.  In the web 2.0 world, […]

  3. […] goes on to discuss the Beacon fiasco in terms of Facebook’s past behavior, quotes some of my faves (danah boyd and a CMU study […]

  4. […] MySpace on sex offenders, MySpace and MTV’s “presidential dialogs”, and of course the Beacon brouhaha).  OK, the first one is fairly standard startup stuff, but the others clearly illustrate social […]

  5. […] Facebook’s Beacon fiasco from last fall provides a backdrop: Privacy experts blasted the program for being confusing, and computer experts soon revealed that Beacon was tracking Web behavior and secretly sending data back to Facebook without notifying users. Facebook was forced to retool the product amid a firestorm of bad publicity. […]

  6. […] morning. Activism campaigns have led to Facebook changing policies at least twice, once with their privacy-invasive Beacon and once with the million-person petition to ban the inviting of friends to applications. Combine […]

  7. […] I’m very sympathetic with, such as Facebook’s creepy and Orwellian vibe and horrible privacy practices.  For that matter, a lot of people just plain prefer email.  So petitions are a […]