Facebook: Shut down that privacy-invading ad program!

The social network tells your friends what you're doing on other Web sites. How is that OK?

Published November 29, 2007 8:00PM (EST)

Business Week says that Facebook executives are huddled in "deep talks" to consider changes to Beacon, an ad program that many of the site's users say invades their privacy. Improvements to the system could be introduced today, the magazine reports. Considering the hoots of criticism -- including a petition put out by MoveOn.org -- the move can't come a moment too soon.

To understand how Beacon works, imagine this scenario: You load up your Web browser and, as usual, log in to Facebook to see what's going on with your friends. Then, after a few hours, you surf over to Epicurious.com to look for some harvest-festival recipes.

When you find one that you like, you click to add it to your Epicurious recipe book. Now, a small pop-up bar appears on the lower right-hand corner of the Epicurious page.

In the pop-up there's a notice from Facebook alerting you to an entry that will be added to your Facebook feed: "Bob added Roasted Butternut Squash and Caramelized Onion Tart Recipe to their queue on Epicurious.com." (In this hypothetical scenario, you're named Bob; and yes, grammar mavens, Facebook makes a possessive pronoun error there.)

In other words, all your Facebook friends will be alerted of your activity on Epicurious. And not just Epicurious: Since it launched the program earlier this month, Facebook has been contracted by dozens of sites, including eBay, Fandango, Blockbuster, Overstock.com and others, to tell your friends what you buy, watch, rate or are otherwise interested in while you click through the Web.

As long as you've previously logged in to Facebook in your browsing session, these sites -- and any others that pay Facebook -- can effectively hijack your social network, turning you into a spokesperson for their products.

Facebook maintains that this is OK because users can control the messages that fly out to their friends. Whenever an item is to be added to your feed, you are shown, first, that pop-up notice on the site you're surfing, Facebook points out. And when you go back to Facebook, you see another notice there alerting you that a message will be sent to your friends.

In both places, you're given the option of backing out -- you can click to remove the item, and your friends will get no message.

True, but that's not the whole story. The pop-up appears for only a few seconds, after which it shrinks away. And here's the important thing: If you do nothing, Facebook assumes your consent. So if you don't click "No thanks" on the Epicurious page and don't click "Remove" on Facebook, after a couple days, Facebook sends out the item.

Worse, Facebook does not let you fully opt out of the program. On your Facebook privacy settings page, you are allowed to ban specific sites from adding stuff to your feed -- you can say, for instance, Never let Epicurious send messages about my activity there. But you can't say, Never let any site add items to my feed. You have to do it site by site.

How Facebook, whose only real asset is the trust and respect of its users, could show so little respect for people's private actions staggers comprehension. What you do on the Web is private; it's simply astonishing that Facebook will refrain from broadcasting those actions only if you ask it to do so in this piecemeal fashion.

Business Week points to one Facebook user whose Christmas was ruined because Facebook told his friends all the gifts he'd bought them from Overstock.com. Another user tells the magazine, "I feel duped ... If I wanted to share something with my friends I'm pretty sure I could tell them myself."

He's right. As MoveOn says, there is only one condition under which this program could conceivably be OK: Opt in. Facebook must give people the option of joining the program, and then of specifically adding each site you'd like to ping people about your activity -- and if you do nothing, that should be taken as a no, not as a yes.

There are billions of reasons why Facebook might be reluctant to do this: In order to meet the high hopes of its investors, the site needs to find some kind of ad model that will turn people's friends into money. If people are allowed to opt in rather than opt out, Facebook could conceivably lose a lot of paying advertisers.

On the other hand, while duping your users may work for a short while, it is likely not a lucrative long-term business model.

By Salon Staff

MORE FROM Salon Staff

Related Topics ------------------------------------------