Nick has written a lot about Beacon and seems keen on a global opt-out. That would help the user experience, but to the privacy campaigners the ability to turn it off is not crucial - having it turned on in the first place, without being properly notified, is what really riles them. And quite right too.

Some commentators have unhelpfully suggested that if you don’t want to use Beacon, just don’t use Facebook. That works… but in the arrogant aftermath of “there’s no opting out of advertising”, users weren’t given any warning to make a run for it.

If Facebook insists that the cost of using the service is full participation in Beacon, then that’s fine. But give us more than 40 seconds of screen-corner popup to make up our minds. Anyway - whoever heard of a form that disappears? You were always supposed to visit the bathroom while Overstock streams your credit card across the internet, but you can’t risk that anymore.

Are they afraid that users might not be interested in using it? Maybe so, and they should feel free to insist that their users participate. Just don’t blink after 40 seconds. Designing the system to trip users into it is unfriendly.

Now we know what Facebook want to charge users for their site, how should they go about collecting their dues? Ever pragmatic, might I suggest a possible user interface component, that Facebook could display when you visit the site following a Beaconed purchase:

I’d be clicking “Yes”, by the way. But thank you for asking.

On Monday I argued that Facebook would soon change Beacon to provide a global opt-out feature. According to Business Week, “Executives of the three-year-old company were in deep talks over proposed changes late into the afternoon on Nov. 28, according to a person familiar with the matter. At issue is the Beacon program, which alerts members’ Facebook ‘friends’ to purchases and other activities on third-party Web sites.”

Following the rumored discussions last night, Paul Janzer of Facebook, posted on the MoveOn.org Facebook group that is petitioning against Facebook Beacon privacy violations:

Thanks for your feedback about Facebook Beacon, it has definitely helped us make some changes to the product that we hope will provide you with a better experience on Facebook. Beacon was designed to help you share all the interesting things that you are doing outside of Facebook with your friends. Just like you have full control over your information on Facebook, you decide whether or not you want Beacon stories to be published and from which site.

Your feedback has made it clear that Beacon can be kind of confusing. To fix this, we are clarifying the way we inform you about a Beacon story before you decide whether or not you’d like to publish it on Facebook. We’re also working on making the sites that offer Beacon more visible to you, both on Facebook and through visual cues, so you can determine which specific sites you can publish stories from. Also, we’re providing more information on how Beacon works through a new tutorial and expanded help pages.

We’re sorry if we spoiled some of your holiday gift-giving plans. We are really trying to provide you with new meaningful ways, like Beacon, to help you connect and share information with your friends. Thanks for taking the time to express your opinions about our products. Please keep the feedback coming as we continuously work to improve your Facebook experience.

The response by Janzer fails to mention anything regarding a global opt-out feature that many have been calling for. While Facebook may argue that users have agreed to the Beacon service by becoming members of Facebook, opting-in users by default is not only controversial but it’s wrong. It sounds as though Facebook will be changing the design of the Beacon alerts so that they are more obvious. I think this is a great first step but Facebook needs to suck it up and add the global opt-out feature. What do you think about Janzer’s comments?

Caroline McCarthy has posted about a second offensive being launched by MoveOn.org. Apparently their statements last week were not enough. After Caroline wrote about MoveOn.org’s post, Facebook posted a response stating:

Facebook is listening to feedback from its users and committed to evolving Beacon so users have even more control over the actions shared from participating sites with their friends on Facebook. Facebook already has made changes to ensure that no information is shared unless a user receives notifications both on a participating website and on Facebook.

What this sounds like is that Facebook will soon respond by making changes to Beacon. MoveOn.org immediately responded stating that Facebook has not actually changed anything to Beacon. While they haven’t, I’d be willing to bet that Facebook is going to add the global opt-out option that was present on early screenshots of Facebook Beacon.

While most users haven’t been overly vocal about the Facebook Beacon service, bloggers definitely have. I can guarantee that the bloggers are not going to shut up until Facebook either makes Beacon an opt-in service or adds a global opt-out option. Do you think Facebook should change their Beacon system?

This afternoon, Peter Kafka proposed how to solve the Facebook Beacon issue. In order to solve a problem, you first need to assume that a problem exists. I for one, think that there is somewhat of a problem that exists. The problem is not Facebook Beacon though. The real issue is privacy. The web has forced upon us a new system in which you can be completely transparent or completely closed off.  Fortunately there are some areas that reside in between but that area is for those that understand the tools they are using and have some common sense.

Ultimately, I have no idea how the Facebook Beacon situation is going to end up but what I do know is that Facebook is at the forefront of testing the limits of individuals’ privacy. This is a delicate issue and I’m starting to believe that it may in fact be a dangerous one. At what point do we really say enough is enough? Ultimately we have the ability to turn off the computer, put down the video camera or turn off any other technology that can be used to monitor ourselves.   The issue becomes blurry though when it comes to those that don’t understand the technology that they are using.

If my mom goes and makes a purchase at Amazon.com and her purchase, is there a guarantee that it won’t show up in my newsfeed? Currently there isn’t. There is also the chance that my mom didn’t choose to not have the purchase displayed. While Chris Kelly, Facebook’s Chief Privacy Officer, says that a box appears after individuals make a purchase, that box can disappear. I have already spoken with a number of individuals who have made purchases and the box didn’t show up (or at least they didn’t see it). If you make a purchase, don’t see the Facebook alert notification and suddenly your friends are notified, is that acceptable?

This accidental problem is going to be one that Facebook will be forced to resolve whether they like it or not. Peter Kafka suggests making the entire system opt-in. I’m not quite sure that will work but I’m also not sure what will. We are witnessing a test of individuals’ privacy limits and there are a few people that (as I have interpreted) are telling others to basically sit down and shut up. This will blow over they say.

While I don’t necessarily think that Facebook’s Beacon program is the ultimate test of individual privacy, I do believe that we are rapidly moving in a direction where some of us need to stand up and ask where the line will be drawn. While I will not suggest where that line falls in this post, we do need to figure it out. Otherwise we will sit down and watch someone else make that decision for us, the same way we so frequently (in this country at least) allow others to make major decisions that we aren’t happy with. The implications of a lack of privacy are significant and slightly frightening.

For Facebook Beacon, I think the question is: does this really makes our life better? Facebook in general has made most of our lives better. We all love connecting. Developers have enjoyed developing. Now marketers can enjoy marketing … in a pretty controversial way. Is this something that you want?  Ultimately, the users can decide.

Caroline McCarthy has posted a great story about MoveOn.org’s launch of an anti-Facbeook Beacon campaign. The campaign consists of a paid ad campaign on Facebook protest group and an online petition. Just yesterday I was speaking with a journalist who pinged me for more details about Facebook’s Beacon system. He had purchased a new pair of shoes for his daughter at Zappos.com and that purchase was transferred to his Facebook newsfeed. If this purchase had been intended as a gift, his daughter would soon know about it thanks to the new Beacon service.

The biggest contention surrounding Beacon is the default opt-out setting. If you shop at a participating partner’s site, your Facebook account will automatically be notified. You have to then proceed to Facebook where you will have to opt-out of alerts being sent to your firends. If you don’t opt-out, your friends will soon be alterted to your purchase. The same thing goes for a few select game sites on the web where alerts of your gaming activity are inserted into your personal newsfeed.

This is ultimately a test of the limits of privacy on the web. Facebook started testing those limits with the launch of their newsfeed last year which resulted in a PR disaster. Our lives are becoming increasingly trasparent on the web and the real question is where will the line be drawn? We have gone pretty far down the path of transparency but I’m not quite sure that we’ve gone as far as we can go. You can bet that Facebook will be at the forefront, testing the privacy limits of their users.

Thanks to a Channel 4 viewer, Facebook is now facing an investigation by a U.K. privacy watchdog. The story of the viewer resembles many others. After using Facebook, the user decided that they wanted to disable their account and no longer use the site. Not a problem on Facebook, simply login to the site, click on “Account” and then click “Deactivate.” Your done! Well, you are done as long as you don’t mind Facebook retaining all of the data you’ve ever created on the site. Wall posts, photo uploads, profile data, friends, group memberships and more are all kept on Facebook’s servers just in case you ever decide to return to the site.

If you want all of that data to be removed you need to go through and manually delete all of that data. Remove every friendship, unjoin every group, remove every wall post you’ve made, delete every photo you’ve uploaded and more. This can take days or even weeks if you are as active as I am on Facebook. According to a Channel 4 article, this Facebook policy “could violate the UK’s Data Protection Act.”

Facebook has been facing scruitiny regarding their policies including the new Social Ads system which may in fact violate a New York privacy law. In both instances, Facebook has denied that they are in violation. Whether or not they are violating the law, Facebook has been put on the defensive and chances are the public allegations won’t be going away anytime soon.

With the blog chatter surrounding privacy issues of Beacon, it makes me think back to my earlier post: perspective.  As Caroline McCarthy pointed out earlier this morning, Facebook SocialAds may not be “kosher.” Sure, there are some slippery slope questions to be answered about the rights of fans consenting to pages and the direct/indirect consequences following a Page addition but this shouldn’t be our primary focus in the early days of the Facebook internal testbed for advertising monetization. Over the next few months, perhaps Q1 2008, Facebook will begin to roll-out the international platform with Microsoft’s help.

I feel we are experiencing the privacy woes of Gmail all over again. A friend of mine in law school made an interesting argument:

“It’s borderline whether or not FB is violating its users’ right to publicity and there certainly a lot of arguments that it isn’t technically doing so [read: consent to FB's Terms of Service] but the obvious question is if it is borderline why alienate your users by doing something that they perceive violates their rights, regardless of whether a court perceives it in the same way?”

I’m a Facebook user because I trust what their doing in Palo Alto. Once it’s gone, the social graph breaks down and users will undoubtedly leave.

There’s a lot of chatter in the blogosphere about Nate Weiner’s recent experience with Facebook Beacon. Nate was playing the desktop tower defense game by Kongregate when the following alert box popped up on his screen:

I guess Nate has finally seen what Facebook Beacon is. While it was clearly stated a couple of days ago what Facebook Beacon is, people are just starting to interact with it. The real question is if Beacon will receive as much backlash as the newsfeed did when it was initially introduced. My bet is that it won’t initially, but the new service definitely has significant privacy implications. The concept that Facebook is tracking our actions across the web is a somewhat scary concept.

Let’s be honest though, Google is doing the same thing. In thinking about the new Facebook Beacon service I began wondering if Google is tracking what sites we visit via their adwords system. According to the Google privacy policy:

When you use Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

The cookie technology that I previously suggested Facebook would eventually use appears to be something that Google is already using. Google is in the business of indexing as much information as humanly possible and you can bet that they are tracking where you are surfing. For those that have Gmail, Google Reader or any other Google service, you have to assume that Google is tracking information about each site that you visit that uses Google adwords for monetization purposes.

Given that Google is the industry standard for site monetization, you can bet that Google knows a lot about your site traffic patterns. While they might not attribute that traffic information to you personally (e.g. Nick O’Neill visits Feld Thoughts frequently), they do know what sites you frequent as a generic entity (e.g. user 933523435 visits The Webpreneur regularly). While this is not confirmed by Google, they have every right to do this under their privacy policy.

My point here is that this is not a new practice. What needs to happens is some sort of privacy bill or rights for internet users. Otherwise, large behemoths like Google (and eventually Facebook) can tell you to go use someone else’s services if you don’t want to be tracked. I would argue that it is a challenging task (if not impossible) to avoid interaction with Google while browsing the web. A similar situation may occur if Facebook’s growth stays constant. Do you think we should develop a privacy bill of rights for internet users?