A progressive voice of the digital age, we are fighting for our digital freedoms in software, hardware and on the Internet. We watch for corporate abuse as well as promote knowledge and educate people about the dangers our rights currently face such as DRM and software patents. We do this with a focus on the Free Software movement and the ideals presented by the EFF, FSF, ACLU, and the hacker ethic.
Please support our social mission.

*Subscribe to our discussion list (med traffic) here
*Stay updated and get action alerts delivered to your inbox here
*Come to our meetings here .
*Subscribe to our local Boston list here
All of our decisions are made through direct democracy and collective decision making. For more information about us, please go here.
Solidarity

 

A Letter to TRUSTe Regarding Facebook

rkamens's picture
Submitted by rkamens on Mon, 2007-11-26 03:39.

Dear TRUSTe,

As you may know, a huge uproar has erupted over Facebook's new Beacon program. Facebook's new beacon program violates the privacy rights of users and furthermore it violates Facebook's own privacy policy. This story has been featured in the New York Times, Associated Press, CNN, and almost every other major news outlet. In less than a week, over 20,000 people have signed an online petition to Facebook, asking them to make the Beacon program opt-out.

How Beacon Works
Beacon was developed by Facebook so advertisers could reach new audiences. One example of a participating advertiser is Ebay. If a Facebook user buys something on Ebay, a small frame pops up from the bottom right corner of the page giving the user an option to share that information with the facebook friends. This window is only there for a few seconds so there is a strong possibility that the user would miss it. Users with Javascript disabled would also not be provided the opportunity to see the window. After this, the data is posted in the users "news feed". In Facebook, every user has a "news feed" which updates their friends on what they have been doing on Facebook (such as posting pictures, sending messages to friends, and joining Facebook groups) in accordance with the user's privacy settings. Until this point, news feeds have only included the user's activity on Facebook.com and feeds have respected a user's privacy settings. Facebook's beacon program does not respect the user's privacy settings. When the user logs in again, the user is given an option to remove the news feed item. This is located in a small text box on the page that only appears once and it is often overlooked because users go directly to their pictures, friends list, etc.

Facebook has made it extremely difficult to opt-out of the Beacon program. They have provided users with two small windows, one of which is time sensitive. Users have the option to opt-out of posting news feed items from a particular site but only once their privacy has already been violated unless they clicked no on the time-sensitive frame (which only opts them out for that particular action, requiring them to opt-out every time they visit a participating site). So a user could opt-out of Ebay but Facebook already has dozens of participators in this program including online shopping sites and recipe sites which could reveal to all of a user's friends that they have bought sensitive materials such as medications, adult materials, and donations to political parties. This kind of information could put a user's job at risk. There is no way to completely opt-out of the Beacon program and as a result users have to constantly watch for the floating time-sensitive window and enable javascript, which internet security experts have cited as being a security risk.

Beacon violates Facebook's own privacy policy and settings. Under the privacy settings, users may opt-in certain actions to be displayed in their news feed. Beacon and actions from external websites are not included in here so it leads the user to assume that they will not be published in their news feed. Facebook states in their privacy policy that one of their two core operating principles for privacy is that "You should have control over your personal information". It is obvious through their deliberate configuration of beacon making it hard to "control your information" that they are violating their own privacy policy.

TRUSTe serves as an important tool to people on the internet, enabling them to make educated decisions about how much trust they put into a particular site. TRUSTe is recognized as a symbol that is placed on websites that deal with personal information in an honest way. In order to receive the TRUSTe seal, sites must comply with certain guidelines. The guidelines that Facebook violates include:

"An opt-out function limiting the sharing of personally identifiable information (PII) with outside parties" (One of these does not exist for Beacon)

"A privacy statement, including the following disclosures: The use of any tracking technology" (They do not mention Beacon or any similar programs in their privacy policy and furthermore when they mention third parties they say there is an opt-out process which there is not.)

A copy of Facebook's privacy policy is located at
http://hs.facebook.com/privacy.php

What Facebook has recently begun doing represents a serious invasion of privacy that dilutes the TRUSTe seal and violates Facebook's own privacy policy. I urge you in the strongest terms possible to take swift action investigating these claims and the concerns of the 20,000 other users who have them.

Sincerely,
Ringo Kamens

My complaint number is #39420

I encourage you all to submit complaints about Facebook's blatant disregard for user privacy at https://www.truste.org/pvr.php?page=complaint. You are free to use and build off my letter. You may also reference my complaint number and send emails to privacy@facebook.com.

»