BanderasNews
Puerto Vallarta Weather Report
Welcome to Puerto Vallarta's liveliest website!
Contact UsSearch
Why Vallarta?Vallarta WeddingsRestaurantsWeatherPhoto GalleriesToday's EventsMaps
 NEWS/HOME
 AROUND THE BAY
 AROUND THE REPUBLIC
 AROUND THE AMERICAS
 THE BIG PICTURE
 BUSINESS NEWS
 TECHNOLOGY NEWS
 WEIRD NEWS
 EDITORIALS
 ENTERTAINMENT
 VALLARTA LIVING
 PV REAL ESTATE
 TRAVEL / OUTDOORS
 HEALTH / BEAUTY
 SPORTS
 DAZED & CONFUSED
 PHOTOGRAPHY
 CLASSIFIEDS
 READERS CORNER
 BANDERAS NEWS TEAM
Sign up NOW!

Free Newsletter!
Puerto Vallarta News NetworkTechnology News | December 2007 

Facebook's Beacon More Intrusive Than Previously Thought
email this pageprint this pageemail usJuan Carlos Perez - PC World
go to original



A Computer Associates security researcher says that Facebook's controversial Beacon online ad system goes much further than expected in tracking people's Web activities.

A Computer Associates security researcher is sounding the alarm that Facebook's controversial Beacon online ad system goes much further than anyone has imagined in tracking people's Web activities outside the popular social networking site.

Beacon will report back to Facebook on members' activities on third-party sites that participate in Beacon even if the users are logged off from Facebook and have declined having their activities broadcast to their Facebook friends.

That's the finding published on Friday by Stefan Berteau, senior research engineer at CA's Threat Research Group in a note summarizing tests he conducted.

Of particular concern is that users aren't informed that data on their activities at these sites is flowing back to Facebook, nor given the option to block that information from being transmitted, Berteau said in an interview.

"It can happen completely without their knowledge, unless they are examining their network traffic at a very low level," Berteau said.

The CA news comes after Facebook scrambled on Thursday night to tweak Beacon in order to calm complaints from privacy groups and Facebook users that the ad system is too intrusive and too confusing to opt out of.

Beacon is a major part of the Facebook Ads platform that Facebook introduced with much fanfare several weeks ago. Beacon tracks certain activities of Facebook users on more than 40 participating Web sites, including those of Blockbuster and Fandango, and reports those activities to the users' set of Facebook friends, unless told not to do so.

Off-Facebook activities that can be broadcast to one's Facebook friends include purchasing a product, signing up for a service and including an item on a wish list.

The program has been blasted by groups such as MoveOn.org and by individual users who have unwittingly broadcast information about recent purchases and other Web activities to their Facebook friends. This has led to some embarrassing situations, such as blowing the surprise of holiday presents.

On Thursday night, Facebook tweaked Beacon to make its workings more explicit to Facebook users and to make it easier to nix a broadcast message and opt out of having activities tracked on specific Web sites. Facebook didn't go all the way to providing a general opt-out option for the entire Beacon program, as some had hoped.

But Berteau's investigation reveals that Beacon is more intrusive and stealthy than anyone had imagined.

In his note, titled "Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in," he explains that he created an account on Conde Nast's food site Epicurious.com, a site participating in Beacon, and saved three recipes as favorites.

He saved the first recipe while logged in to Facebook, and he opted out of having it broadcast to his friends on Facebook. He saved the second recipe after closing the Facebook window, but without logging off from Epicurious or ending the browser session, and again declined broadcasting it to his friends. Then he logged out of Facebook and saved the third recipe. This time, no Facebook alert appeared asking if he wanted the information displayed to his friends.

After checking his network traffic logs, Berteau saw that in all three cases, information about his activities was reported back to Facebook, although not to his friends. That information included where he was on Epicurious, the action he had just taken and his Facebook account name.

"The first two cases involve the transmission of user data despite 'No thanks' having been selected on the opt-out dialog, and are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication," he wrote in the research note.

If a user has ever checked the option for Facebook to "remember me" - which saves the user from having to log on to the site upon every return to it - Facebook can tie his activities on third-party Beacon sites directly to him, even if he's logged off and has opted out of the broadcast. If he has never chosen this option, the information still flows back to Facebook, although without it being tied to his Facebook ID, according to Berteau.

Berteau wasn't able to determine where this data flows to in Facebook. "That's part of the concern here," he said in the interview. He repeated the Epicurious experiment with Kongregate.com, another Beacon-affiliated site, and got similar results.

In e-mail correspondence with Facebook's privacy department, Berteau was told, among other things, that "as long as you are logged out of Facebook, no actions you have taken on other websites can be sent to Facebook."

A similar statement was made by a high-ranking Facebook official on Thursday. In an interview with The New York Times, Chamath Palihapitiya, vice president of product marketing and operations at Facebook, was asked whether Facebook would receive information about a user's purchase if the user declined to broadcast the purchase to his Facebook friends.

His answer: "Absolutely not. One of the things we are still trying to do is dispel a lot of misinformation that is being propagated unnecessarily."

Facebook didn't immediately reply to requests for comment from IDG News Service.
Facebook Retreats on Online Tracking
Louise Story & Brad Stone - The New York Times
go to original

Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program.

Within the last 10 days, more than 50,000 Facebook members have signed a petition objecting to the new program, which sends messages to users' friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. The members want to be able to opt out of the program completely with one click, but Facebook won't let them.

Late yesterday the company made an important change, saying that it would not send messages about users' Internet activities without getting explicit approval each time.

MoveOn.org Civic Action, the political group that set up the online petition, said the move was a positive one.

"Before, if you ignored their warning, they assumed they had your permission" to share information, said Adam Green, a spokesman for the group. "If Facebook were to implement a policy whereby no private purchases on other Web sites were displayed publicly on Facebook without a user's explicit permission, that would be a step in the right direction."

Facebook, which is run by Mark Zuckerberg, 23, who created it while an undergraduate at Harvard, has built a highly successful service that is free to its more than 50 million active members. But now the company is trying to figure out how to translate this popularity into profit. Like so many Internet ventures, it is counting heavily on advertising revenue.

The system Facebook introduced this month, called Beacon, is viewed as an important test of online tracking, a popular advertising tactic that usually takes place behind the scenes, where consumers do not notice it. Companies like Google, AOL and Microsoft routinely track where people are going online and send them ads based on the sites they have visited and the searches they have conducted.

But Facebook is taking a far more transparent and personal approach, sending news alerts to users' friends about the goods and services they buy and view online.

Charlene Li, an analyst at Forrester Research, said she was surprised to find that her purchase of a table on Overstock.com was added to her News Feed, a Facebook feature that broadcasts users' activities to their friends on the site. She says she did not see an opt-out box.

"Beacon crosses the line to being Big Brother," she said, "It's a very, very thin line."

Facebook executives say the people who are complaining are a marginal minority. With time, Facebook says, users will accept Beacon, which Facebook views as an extension of the type of book and movie recommendations that members routinely volunteer on their profile pages. The Beacon notices are "based on getting into the conversations that are already happening between people," Mr. Zuckerberg said when he introduced Beacon in New York on Nov. 6.

"Whenever we innovate and create great new experiences and new features, if they are not well understood at the outset, one thing we need to do is give people an opportunity to interact with them," said Chamath Palihapitiya, a vice president at Facebook. "After a while, they fall in love with them."

Mr. Palihapitiya was referring to Facebook's controversial introduction of the News Feed feature last year. More than 700,000 people protested that feature, and Mr. Zuckerberg publicly apologized for aspects of it. However, Facebook did not remove the feature, and eventually users came to like it, Mr. Palihapitiya said. He said Facebook would not add a universal opt-out to Beacon, as many members have requested.

MoveOn.org started the anti-Beacon petition on Nov. 20, and as of last night more than 50,000 Facebook users had signed it. Other groups fighting Beacon have about 10,000 members in total. Facebook, they say, should not be following them around the Web, especially without their permission.

The complaints may seem paradoxical, given that the so-called Facebook generation is known for its willingness to divulge personal details on the Internet. But even some high school and college-age users of the site, who freely write about their love lives and drunken escapades, are protesting.

"We know we don't have a right to privacy, but there still should be a certain morality here, a certain level of what is private in our lives," said Tricia Bushnell, a 25-year-old in Los Angeles, who has used Facebook since her college days at Bucknell. "Just because I belong to Facebook, do I now have to be careful about everything else I do on the Internet?"

Two privacy groups said this week that they were preparing to file privacy complaints about the system with the Federal Trade Commission. Among online merchants, Overstock.com has decided to stop running Facebook's Beacon program on its site until it becomes an opt-in program. And as the MoveOn.org campaign has grown over the past week, some ad executives have poked fun at Facebook users.

"Isn't this community getting a little hypocritical?" said Chad Stoller, director of emerging platforms at Organic, a digital advertising agency. "Now, all of a sudden, they don't want to share something?"

Facebook users each get a home page where they can volunteer information like their age, hometown, college and religion. People can post photos and write messages on their pages and on their friends' pages.

Under Beacon, when Facebook members purchase movie tickets on Fandango.com, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends' pages. If a user saves a recipe on Epicurious.com or rates travel venues on NYTimes.com, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find. Mr. Palihapitiya said Facebook is making the boxes larger and holding them on the Web pages longer.

Mr. Green of MoveOn.org said that his group would be tracking the effects of the latest changes before deciding if it would still push for a universal opt-out.

The whole purpose of Beacon is to allow advertisers to run ads next to these purchase messages. A message about someone's purchase on Travelocity might run alongside an airline or hotel ad, for example. Mr. Zuckerberg has heralded the new ads as being like a "recommendation from a trusted friend."

But Facebook users say they do not want to endorse products.

"Just because I use a Web site, doesn't mean I want to tell my friends about it," said Annie Kadala, a 23-year old student at the University of North Carolina at Chapel Hill. "Maybe I used that Web site because it was cheaper."

Ms. Kadala found out about Beacon on Thanksgiving day when her News Feed told her that her sister had purchased the Harry Potter "Scene It?" game.

"I said, 'Susan, did you buy me this game for Christmas?'" Ms. Kadala recalled. "I don't want to know what people are getting me for Christmas."



In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving
the included information for research and educational purposes • m3 © 2008 BanderasNews ® all rights reserved • carpe aestus