By now many of you will have read accusations that Facebook has "ruined Christmas". The story being promoted by MoveOn.org is that because "Project Beacon", a component of Facebook's new advertising platform, publicizes purchases at participating sites on a user's Facebook "news feed", friends and loved ones are inadvertently being told what they can expect for Christmas.
For those who've been following the "Beacon" story, here's a quick recap of how the ad-system works. If you're currently logged-in to Facebook, then certain interactions you make on any of the 44 participating sites (from Blockbuster, Joost, to Overstock.com) have the option of being published on your Facebook mini-feed, so that any of your Facebook "friends" will be alerted of such actions. For example, "Person X" has purchased "Product X" from Overstock.com.
The problem is that while publishing such information is optional, you have to explicitly opt-out (per site or per interaction), rather than choosing to opt-in, in the first place. There is also uncertainly that if you do in fact opt-out, whether or not Facebook still gets sent your third-party interactions, even if they are not published (this would provide the social networking site with additional valuable marketing data about each member, in Google-like fashion).
The controversy surrounding "Beacon" opens up the privacy "can of worms" that is Facebook. The site already publicizes lots of personal volunteered information and online interactions in a user's min-feed, leading to concerns around identity theft and Big Brother-esque marketing and data mining. Below I want to address two of the recurrent defenses and questions I've seen raised in regards to Facebook and privacy.
Facebook users volunteer their information, and since they're not forced to use the service, what's the problem?
The problem here is two-fold. Firstly, Facebook keeps evolving and rolling out new features -- many of which appear to push the boundaries of privacy one step further e.g. the FB Platform, and now Beacon. Before that it was the advent of the mini feed. The Facebook you signed up to and invested time in today, may be very different to the one that exists tomorrow. Beacon makes matters even worse because of its opt-in default status. Furthermore, Facebook is able to push these privacy boundaries from a position of strength, garnered through network effects. Its harder to leave a service that all of your friends use.
The second issue is a broader one which doesn't just apply to Facebook -- and that's social networking literacy. Users need to be educated on the privacy issues related in particular to identity theft or how your online life can affect future job prospects. At the same time, social networking vendors such as Facebook, need to do a lot more to make it easier for users to fine-tune their privacy settings and be aware of what the implications are when they accept a friend or join a group etc. At times it feels like many sites obscure privacy settings (such as opt-in by default) on purpose because it suits their short term business plans. As a consequence, it maybe that a high-profile privacy breach, followed by a lawsuit is what's needed to raise social networking literacy and force vendors into making this a priority.
Google is far more "evil" when it comes to data retention and privacy. Most users don't care about Google, so why the outrage with regards to Facebook?
While it's true that Google knows a lot more about us -- or heavy users of its services -- than Facebook, I think the Google issue obscures Facebook's inherent problem with regards to privacy. Google can know lots about our online behaviour (through search, analytics and gmail, for example) but doesn't inadvertently or explicitly share that information with the outside world. Imagine if your Google searches showed up in your Facebook mini feed. That's much more akin to how many interactions on Facebook, and now its Beacon partners, work.