Facebook’s behind-the-scenes tracker of your web behavior

Eric Eldon | December 1st, 2007

facebooklogo1201071.pngFacebook has already had a tough week. It’s not getting any better.

With the company already reeling from criticism about its privacy policies, a new report confirms that Facebook tracks your surfing behavior too in more extensive ways than you may realize.

It is something we at VentureBeat had already reported a few days ago, but now it is being documented with more detail.

This gets complicated, so let’s step back and explain clearly what is happening, starting with the controversy last week about a program called Beacon. The popular social network suffered a revolt against the feature, because it sends messages to your friends about your purchase and other online behavior, and did so without your approval.

So late last week, Facebook about-faced on its Beacon policy, and sends data to your friends only if you give your approval. So, for example, if you surf at a partner site, say Blockbuster, Facebook will send a message to your Facebook friends about the purchase you make there only if you check a box allowing it to — a message about your purchase then appears in your friends’ news feeds.

But now it turns out that Beacon tells Facebook what you are doing whether or not you are logged in to Facebook, and whether or not you have approved any data sharing, according to an independent report by a security analyst at IT company CA. (See example screenshot). In other words, while your behavior isn’t shared with your friends, its collected by Facebook nonetheless — and this is something you won’t have explicitly approved.

The report supports the findings of another technical report from this past week which describes the hidden data-sharing aspect of Beacon, but in less detail (we noted the secret data-tracking aspect here).

Facebook has responded, acknowledging the data transfer, although it says privacy safeguards are in place:

Before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well.

It’s worth noting that the company has been trying for years to use data from other sites to learn more about you. Here’s an old version of Facebook’s terms of service, from 2005 (pdf here).

Facebook also collects information about you from other sources, such as newspapers and instant messaging services. This information is gathered regardless of your use of the Web Site. We use the information about you that we have collected from other sources to supplement your profile unless you specify in your privacy settings that you do not want this to be done.

As the controversy continues, Coke has quit Beacon and so has Overstock.com. Travelocity, listed as a Beacon partner when it launched, has yet to implement it.

Tags:
Sphere It Digg this story!
Trackback URL

2 Trackbacks

  1. December 2nd, 2007
    11:22 am

    Facebook privacy concerns | Startup Addict Musings said:

    [...] steadily becoming an uphill battle with much more at stake than activist groups like moveon.org. Facebook’s Beacon and web-tracking tactics continue to have far too many unknowns and is starting to cost Facebook flag-ship clients like [...]

  2. December 9th, 2007
    7:57 pm

      Facebook Beacon attracts disdain, not dollars — Instant Web Meetings.COM - Video Conference, Collaboration, E Learning, Unified Communications said:

    [...] Eldon at VentureBeat writes that Facebook is dealing with “a revolt against the feature, because it sends messages to [...]

3 Comments

  1. December 2nd, 2007
    1:54 pm

    Jason Schramm said:

    Travelocity must have implemented it because I keep getting notified that a Facebook friend saved money on a ticket with travelocity. I was first notified a few weeks ago, and it pops back up every few days.

  2. December 3rd, 2007
    6:06 am

    Courtney Benson said:

    Many companies are collecting data on consumers that they are not aware is being collected and many companies have relationships that the public does not exist. Just take a look Paypal and Doubleclick. How many people know that when they go to the Paypal site and hit the button for the Paypal plus creditcard that they actually go to the DoubleClicks web site? This is just one example. I think the real issue here is that companies want to garner data so that they can sell but are afraid to ask their constituency for permission. I was involved in one of the early personalization/privacy companies (YOUpowered) some years back and we recognized early that people were concerned about their privacy but if you asked for permission to get this data they frequently said yes. What a concept “Ask and you may receive”. Just a thought.

  3. December 3rd, 2007
    6:08 am

    Courtney Benson said:

    Many companies are collecting data on consumers that they are not aware is being collected and many companies have relationships that the public does not know exist. Just take a look Paypal and Doubleclick. How many people know that when they go to the Paypal site and hit the button for the Paypal plus creditcard that they actually go to the DoubleClick web site? This is just one example. I think the real issue here is that companies want to garner data so that they can sell but are afraid to ask their constituency for permission. I was involved in one of the early personalization/privacy companies (YOUpowered) some years back and we recognized early that people were concerned about their privacy but if you asked for permission to get this data they frequently said yes. What a concept “Ask and you may receive”. Just a thought.

Add a Comment