MoveOn.org is a good example. It has been staging a running protest against Facebook’s Beacon, the company’s new advertising system. The issue has been featured on CNN (video here) and in articles in mainstream publications such as the LA Times, the New York Times, the Wall Street Journal and in the blogosphere (Techmeme examples here, here and here).
Nearly a week into MoveOn’s privacy campaign, however, only around 25,000 users have signed up. A a little over a day ago, that number was at 21,000.
Before we explain how small that number is, there is a bigger issue. Facebook uses the cookie it requires for logging into its site to track what you do on other sites, from what we can tell. These cookies are unique identifiers — code sent to each user’s computer from Facebook, and tracked by Facebook when they visit web pages. We covered the basics of Facebook’s cookie plans last month.
Back to those thousands of anti-Beacon Facebook users. MoveOn group members represent only 0.04% of Facebook’s active user base. Last year, groups created to protest Facebook’s “news feed” attracted hundreds of thousands of members within a couple of days — the news feed is now one of the site’ most popular features, and widely imitated. Given Facebook’s active user size at the time, that number made up several percentage points of the total, meaning it generated a considerably greater response than Beacon has so far.
Note: Some might say the news feed was more fundamental to users’ experience than Beacon at this point, and that’s why the News Feed protests last year spread more quickly and vehemently. Still, if users were actually concerned about Beacon, you’d expect more members to have joined MoveOn’s Facebook group by now — with all the publicity.
How Beacon works, why MoveOn has beef, and our analysis
When you purchase a movie ticket on Fandango, for example, the site’s purchase confirmation page prompts a small window to appear on the bottom of the page asking if you want to share this information with your friends in Facebook.
If you don’t respond within a minute or so, the window disappears.
However, Facebook learns about what you’re doing before you even see the opt-out box, as this software developer describes in technical detail.
Facebook apparently uses the cookie it already requires for logging into the site to send a message from Fandango to Facebook about your movie ticket purchase. The cookie appears to allow Fandango to recognize your Facebook identity so it can send this information to your Facebook friends.
Meanwhile, if you ignore the box, the next time you log in to Facebook, you’re asked if you want to share your Fandango purchase on your news feed. No information will be shared about your Beacon activity in your friends’ news feed unless you explicitly approve it to appear.
But to say Facebook doesn’t let you opt out is hyperbole: If you missed seeing the window on Fandago, you are asked to approve Fandago’s request for sharing when you log into your Facebook account. You can choose to opt out, just not as conveniently as MoveOn would like.
[Update: Here’s one report about none of the above opt-out options working. We don’t know what caused this person to have a different experience with Beacon than other Facebook users.]
It is not clear if Facebook somehow retains the data gained through Beacon, before you even have a choice to opt out.
Meanwhile, MoveOn’s complaint doesn’t mention the cookie issue.
But here’s where MoveOn has beef. Facebook presents its “opt out” box at every site a users visits (or at least those that are participating in Beacon’s program). MoveOn says Facebook should let users opt out of Beacon completely, with the click of a single button — allowing users to never have to see the option again. In fact, this was option seen in early, leaked Beacon screenshots. MoveOn also suggests the small, opt-out box on sites should be more visible, by making it larger or having it appear in the middle of the page, or leaving it there longer.
Here’s a solution to MoveOn’s complaints. Third-party websites should try to figure out what information to send back to Facebook through Beacon that users will actually want to see (Facebook’s program gives them some discretion in this regard). These companies are just as responsible as Facebook for how users perceive them. Over time, users will become educated to look for the box and make a decision – similar to how users deal with Facebook news feeds. If you are really concerned about companies spying on you, however, cookie tracking is perhaps the biggest threat to your privacy.
If you want to block Beacon (and you’re a Firefox user), go here.
By the way, if you’re worried about other ad networks or Web sites tracking you (aside from the Facebook/Beacon prgrom), here are your general options:
You can delete and disable cookies on your web browser (every web browser has lthis option).
You can pinpoint and delete all ad-tracking cookies here, not only Facebook’s.
Doug Sherrets contributed to this article