Facebook’s CEO and Founder Mark Zuckerberg has profusely apologized for missteps in the design and deployment of the Beacon ad system, but he remains unrepentant about what privacy advocates consider a particularly egregious feature.
Absent from Zuckerberg’s mea culpa Wednesday is any indication that Facebook plans to modify the system’s ability to indiscriminately track actions of all users on external sites that have implemented Beacon.
While Wednesday’s decision to allow Facebook members to completely decline participation in Beacon has been generally welcomed, privacy advocates will likely keep Facebook in their crosshairs until the system’s user tracking mechanism is scaled back.
Announced a month ago as part of what Facebook calls Social Ads, Beacon tracks certain actions of Facebook users on some external sites, like Blockbuster and Fandango, in order to report those actions back to users’ Facebook friends network.
For Facebook, these notices represent what it considers an innovative and ultimately more effective form of online advertising that leverages the deep social connections of its users.
In other words, by being intricately combined with people’s social circle via the actions of friends and family, these notices promote products and services in a more organic way than regular online ads, Facebook maintains.
Even critics of Beacon had generally assumed that the ad system limited its non-Facebook tracking and data reporting to Facebook members who were logged on to the site.
However, in the past week, CA security researcher Stefan Berteau stunned many when he reported that Beacon tracks all users in these external sites, including logged-off and former Facebook members and even non-Facebook members, and sends data back to Facebook. He also found that logged-in Facebook users who declined having their actions broadcast to their friends still had their data sent to Facebook.
Beacon, already blasted for weeks by privacy advocates like MoveOn.org and the Electronic Privacy Information Center, as well as by concerned Facebook users, has come under renewed attacks as a result of the findings from Berteau’s independent research.
Facebook confirmed that this broad user tracking function remains untouched in Beacon, despite the changes announced Wednesday, a spokesperson said in an e-mail.
“Facebook does not share profile data with Beacon partner sites. The partner site prompts Facebook to check whether a Facebook user has taken a Beacon-qualified action, and passes the action data to Facebook for potential sharing with friends if the user’s privacy settings permit it,” she wrote. “This checking process, which operates in a similar fashion to any embedding on a Web page of third-party content like YouTube videos or network advertisements, may collect information on logged-out Facebook users or non-users.”
Facebook has said that it deletes the data in all the cases flagged by Berteau: logged-in users who declined the broadcast; logged-off users; former members; and non-members. In his latest note regarding Beacon, published Thursday afternoon, Berteau, who is senior research engineer at CA’s Threat Research Group, commends Facebook for the most recent changes, but reminds the company that it needs to go further.
As long as Beacon silently tracks logged-off, former and non-members, people who use Facebook and the sites affiliated with Beacon face a privacy threat, Berteau wrote.
“The silent transmission of data about actions on third-party Web sites to Facebook poses a serious risk, and must be mitigated by both prominent notice to the user, and a binding commitment on Facebook’s part to handle the data properly,” Berteau wrote.
If a user has ever checked the option for Facebook to “remember me” — which saves the user from having to log on to the site upon every return to it — Facebook can tie his activities on third-party Beacon sites directly to him, even if he’s logged off and has opted out of the broadcast, Berteau reported in his first note on Beacon.
If the user has never chosen this option, the information still flows back to Facebook, although without it being tied to his Facebook ID. For non-members, Beacon captures addresses of Web pages visited, IP addresses and the actions taken on the site.
Berteau has said that it’s particularly concerning that people aren’t informed that data on their activities at these sites is flowing back to Facebook, nor given the option to block that information from being transmitted.
More than 40 Web sites have signed up for Beacon, although not all have implemented the system. Non-Facebook activities that can be broadcast to one’s Facebook friends include purchasing a product, signing up for a service and including an item on a wish list.
In addition to Wednesday’s changes, Facebook also modified Beacon last week, prior to Berteau’s revelations. In the first set of changes, Facebook responded to complaints that Beacon was too confusing to manage and opt out of. As a result, Facebook made its workings more explicit to Facebook users and simplified the way to nix a broadcast message and opt out of having activities tracked on specific Web sites.