The backlash against Facebook’s Beacon advertising program just gets worse every day. First, advertising partner Coca-Cola got cold feet over privacy issues. Now Overstock is bailing from the program, and Travelocity is having doubts. What’s more, all of this lack of confidence from the major advertising partners Facebook launched with is coming after it revised its policy to make Beacon opt-in instead of opt-out.
Beacon is a social form of advertising that shares your purchases or other actions you take on an advertiser’s site with all your friends on Facebook through their News Feeds. What has privacy advocates up in arms, and advertisers skittish, about Beacon is the way it seems to be spying on you as you surf the Web and then, on top of that, reporting what you just did to everyone you know.
This objection was doubly true when Beacon was being forced down every Facebook member’s throat whether they wanted to be tracked this way or not. And it was the main reason that MoveOn.org made killing Beacon its Cause Du Jour. Since then, Facebook has addressed most of the initial concerns by wisely forcing people to deliberately and repeatedly choose to participate. But there are still some serious issues with the way the whole system works technologically.
According to one security engineer’s analysis, Beacon partners transmit data to Facebook in bulk about members who visit their site. This is true even for those who opt out of Beacon by clicking on “No Thanks” when asked if the data can be shared with Facebook. The data is sent anyway. Facebook clarifies that it does not do anything with this opted-out data, and in fact deletes it from its servers. But the deletion occurs on Facebook’s servers, not the advertisers’. [Update: It gets even worse. Beacon partners are sending data indiscriminately about every single visitor to their sites back to Facebook, whether or not those people are even Facebook members. This includes very detailed user behavior. Again, Facebook says it deletes most of this data. But what are the partner sites thinking? They might as well be giving Facebook access to their bank accounts.]
From a technology perspective, it is much more efficient for Facebook to manage these deletions and permissions. Most advertisers don’t want to shoulder the burden of figuring out who is participating and who is not. They just send all the data to Facebook and let it deal with the mess.
But from a privacy perspective, this arrangement is all wrong. If I tell the New York Times, which happens to be a Beacon partner, that I do not want to share my travel ratings or the articles I save on the NYTimes.com with Facebook, then the New York Times should not be sending that information out to Facebook under any circumstances and trusting that Facebook will dispose of the information properly. Not to pick on the New York Times. The same is true of any advertising partner. That data should never be transmitted in the first place.
After all, who am I going to blame if I am embarrassed by something disclosed on Facebook because it was inadvertently triggered by an action I take on another site? Well, besides myself. You can be sure it won’t just be Facebook that is going to take the heat. It will also be the offending partner site. Consumer trust is a very fickle beast.