In another example of its "Better to apologize than ask permission" approach, Facebook launched Beacon, a system that allows participating merchants to notice when a purchaser is a Facebook user and send "alerts" back to the Facebook newsfeed announcing the purchase to all of one's friends. Like the newsfeed itself, Facebook may have underestimated the privacy backlash and will be forced to modify the system. On the other hand, all the publicity, including a campaign by MoveOn.org will raise Facebooks profile among potential advertisers. Once they get the privacy settings right they will have added an important innovation to online marketing. I'll have to say I admire their approach. Instead of agonizing around the conference table about each new feature (opening up the membership, the newsfeed, the F8 platform) they launch things into the world and see what happens. As long as they are responsive to their users they will retain the old users while continuing to innovate and build their business which, after all, is free to users and needs advertising to keep it that way.
The most controversial aspect of Beacon is that it that the permission dialog at the merchant site is opt-out instead of opt-in and that at the Facebook site the opt-out is on a site-by-site basis, with no way to opt out of the entire program. As David Weinberger points out, the defaults are kind of creepy, especially the opt-out toast that assumes you mean "yes" if you don't respond within a few seconds. [See the comments in Weinberger's post for a really interesting discussion of privacy.] For those who find all this too daunting, Nate Weiner has a simple and elegant solution: install the BlockSite add-in for Firefox and tell it to block access to http://*facebook.com/beacon/*. That will prevent the merchant site from executing the http://www.facebook.com/beacon/beacon.js.php that sends your data back to Facebook. Fred Stutzman explains how this works, which is that when you log into Facebook, Facebook stores your login ID in a cookie. When the merchant site runs the beacon script that sends Facebook the ID, along with your IP address and the URL of the page you are visiting, thereby giving Facebook a complete picture of where you have been and what you've done there. Cameron Marlow points out that this is what DoubleClick and Google AdSense have been doing for years, although with DoubleClick makes it easier to opt-out and to delete the data. Wendy Seltzer thinks part of the problem is that Facebook has taken cross-site correlation to a new level, although they are at least being open about it.
Ethan Zuckerman likens it to cookie-theft Cross-Site Scripting attack, although in this case it's the result of a legitimate, if unprecedented, cooperation between Facebook and the merchant site.
I suspect the real reason the tin-foil-hats are upset and the rest of us are queasy is that Facebook shares this information with your friends, while DoubleClick only shared it with corporations. Personally, I don't care if my friends know what video I rented, but I am concerned about the proclivity of insurance companies to make underwriting decisions on the basis of lifestyle choices, as they are threatening to do in Massachusetts.
Companies using or planning to use Beacon: AllPosters.com, Blockbuster,
Bluefly.com, CBS Interactive (CBSSports.com, Dotspotter), eBay, Epicurious, ExpoTV, Fandango, Gamefly, Hotwire, IAC (CollegeHumor, Busted Tees, iWon, Citysearch, Pronto.com, echomusic), Joost, Kiva, Kongregate, LiveNation, Mercantila, National Basketball Association, New York Times, Overstock.com, Red, Redlight, SixApart(LiveJournal, TypePad, Vox), Sony Online, Sony Pictures, STA Travel, The Knot, Travelocity, TripAdvisor, Travel Ticker,
viagogo, Yelp, WeddingChannel.com and Zappos.com