Facebook super creeped me out tonight
Update: Even though I clicked the remove button and unchecked the checkbox beside "always publish stories" before clicking the okay button (see second image below), Facebook went ahead and published the ticket purchase to my profile. Apparently, their interpretation of Okay is "go ahead and share my private information" whereas my expectation was "remove, don't do this anymore - dismiss dialog." It's obviously designed to be purposely misleading.
Original post:
I knew about Beacon. I knew how it worked and what it did (mostly). I knew about the uproar around Beacon. I thought Facebook had toned it down, made it opt in.
But I was still super creeped out tonight when I saw this at the top of the Facebook home page:
A couple of hours earlier, I had purchased tickets to see Dark Knight at the Fandango Web site - Fandango.com. Fandango - not associated with Facebook.
Yet, Fandango shared the details of my credit card transaction with Facebook. They did this despite the fact that I gave Fandango my personal email address and I'm registered on Facebook with my work address.
So, sure - Facebook was giving me a choice as to whether to publish my purchase to my 297 Facebook friends. But despite my awareness of Beacon - and my 13 year history developing Web applications, I was creeped out in a visceral way.
Like, this is really creepy Facebook and it makes me very uncomfortable using your service.
As for Fandango, I don't remember seeing anywhere that you were going to match me to Facebook through a cookie or a credit card number or a name - don't remember seeing that my transaction between you and MasterCard wasn't exactly going to be private. I wonder whether Fandango is even in compliance with their MasterCard service agreement.
I've had the sense for a long time that actual privacy is illusory and that all of us are going to gradually adjust to different expectations of privacy (don't agree - check out loopt). But this is a real eye opener to me. It made the privacy issues at stake a bit more real to me tonight.
Apparently, a woman is suing Blockbuster for participating in the Beacon program because it's allegedly illegal to release video rental information.
Fandango, Facebook - you suck.
It's probably a cookie drop. They cross-match the cookies and that's how they know who you are. Take a look at your stored cookies and peruse the fandango and facebook.com ones. This is going to be more prevalent as advertisers want a way to track your purchasing habits.
You could always turn on that annoying "prompt me when accepting a cookie" nonsense when using Firefox.
Posted by: MGJ | Jul 16, 2008 at 10:53 AM
MGJ is completely right, external site notifications are based on the presence of Facebook cookies. If you're logged onto a Facebook account, interactions with Beacon-integrated sites will be treated as having been performed by that account (even if, say, someone else uses your computer to buy tickets).
I haven't looked at Beacon's code in depth or anything, but I doubt Fandango was ever specifically aware that your interaction had been successfully recorded by Facebook, let alone published. They probably get aggregated statistics at best.
Posted by: B. Seward | Jul 23, 2008 at 07:16 AM