I Told You So: Blockbuster Sued over Facebook Beacon

In December, I wrote a post stating that Companies using Facebook Beacon as a marketing tool would get sued and demonstrated the privacy policies in effect at a number of the Beacon partners. One of those is Blockbuster, which as noted in the December post, was so over the top with it’s privacy policy. It’s, in fact, criminal, in my opinion.

Techcrunch is now reporting that Blockbuster is in fact being sued by a Texas woman who under the premise of a 1988 federal law called the Video Privacy Protection Act (18 USC § 2710) which was enacted after Supreme Court nominee Robert Bork was b0rked when video rental history was released during his confirmation hearing. The law prevents video rental companies from disclosing personally identifiable data regarding a member and his/her rental history.

Sidenote: Can someone do a LEXIS/NEXIS search for me and find out if this law has ever been upheld by the SCOTUS?

This is pretty important. Admittedly, I have not done any significant research into how Beacon works with partners since late last year, but at the time, the data was shared by identifiable email addresses. How else do you associate a users partner activity with a Facebook account?

This flew in the face of their privacy policy which stated:

Blockbuster will not provide User or Member e-mail addresses to business partners, unless the User or Member has provided express permission to Blockbuster.

Regardless of whether a Facebook user has opted in or out of Beacon advertising within Facebook, express opt-in is required on the Blockbuster side. And at the time, and pertinent to this lawsuit, even with consent it is criminal for video rental companies to share this kind of data, per 18 USC § 2710.

Stick around Technosailor for more of what you need to know. ;-)

Update: Online Media Daily writes, “But the Beacon platform still allegedly transmits information about people’s activity from Blockbuster to Facebook, unless they have checked a box telling Blockbuster to never send such information.” Enough said.

Ubica a tus Amigos con Livecontacts

FindWhere lanza el beta de Livecontacts.

FindWhere, proveedor de servicios de ubicación y seguimiento via GPS, lanzó hoy la versión beta de su herramienta social de ubicación.

LiveContacts.png

Livecontacts funciona en cualquier red celular GSM y eventualmente funcionará en teléfonos sin GPS. Según la compañía, pronto podrás incluir data de ubicación en tu mensajería de texto, juegos y redes sociales desde tu celular. El sistema de ubicación puede ser activado por el usuario según su preferencia.

La posibilidad de ubicar a tus amigos en tu celular (y que estos te ubiquen a ti) abre interesantes posibilidades (dodgeball ha intentado algo parecido), pero también nos obliga a pensar más a fondo en nuestra privacidad y hasta donde estamos dispuestos a cambiarla por comodidad.

Hasta ahora hemos estado dispuestos a compartir mucho de nuestra vida profesional y cotidiana via redes sociales como Twitter y Facebook con perfectos extraños que sólo conocemos por referencia (a veces de otros extraños). Aplicaciones como Livecontacts nos permitirán compartir nuestra ubicación física con nuestra red social… fomentando encuentros en el mundo físico. Se cierra de esta forma el círculo social, usando la internet para encontrarnos fuera de ella. Espero que esto sea para bien de los usuarios y nadie salga lastimado.

Technorati Tags:
, , , , , , , , ,

Google File System: Much To Do About Nothing

Google had a much-hyped announcement tonight that, frankly, I’m missing the point of. Techcrunch covered it. Scoble Qik’d it live. I was one of numerous who took the bait out of curiosity and watched the announcement live until Scoble turned off his camera, or something.

honestly, folks, I don’t see what the point is. The product manager for this new service began the party by talking about how Google App Engine (Link dead until launch time) would be “easy to use and easy to scale”. The presentation then showed a very nervous developer trying to write up a simple Hello World script in Python.

Ok, here’s my problem. For the growing number of non-technical entrepreneurs, python is neither easy to use and the demonstration does not demonstrate easy to scale. At some point, the presenter stated that anyone could build applications using Google’s infrastructure that could be as big as Google’s own apps.

Forgive my cynicism.

This, my friends, is an Amazon S3 “me too”. There is not innovation here. There is nothing ground breaking here. It is yet another case of Google deciding that it can do things better than everyone else but with the exception of Search, Gmail and Google Adsense (the latter being questionable these days), I wonder how many of Google’s initiatives are really all that groundbreaking.

Then there’s the question of privacy. Google’s ever present incursion into deeper parts of lives should make every privacy nut cringe, and turn those who are not privacy nuts into privacy nuts. With the adoption of OpenSocial and now providing a platform for application development, Google’s hand continue to delve deeper into our deeply guarded private lives.

I’m skeptical here folks. From what I’ve seen, nothing is easy to get into here. Companies are not necessarily better off for using this infrastructure. The concept of threaded processes and optimized platforms for optimized content goes out the window with an S3 or a Google App Engine. And… The privacy concerns are very real.

Hold the phone. Let’s see what happens here.

Ask Takes Your Privacy Seriously

There was an old story I was told as a kid about boiling a frog to death. As the story goes, you can’t boil a frog to death by dropping him in a pot of boiling water. But put him in cool water and bring the water to a boil, and he won’t know the difference. Eventually, the water will get so hot that the frog will die happily in the water.

In today’s age of the internet and privacy concerns, the proverbial frog is us and we are getting more forgiving and giving regarding our personal lives. We are voyeurs online, sharing photos on Flickr, making friends on MySpace, buying stuff online and finding it “cool” to see those purchases show up in Facebook.

Perhaps the most dangerous of all precedents is what our friends at the search giants are doing. Desktop Search clients documenting everything on your computer – to make finding data easier. All our mail and other data in one place – but easily given to the government without subpoena. Personalized search based on personal trends – but those trends must be extrapolated from stored data regarding your behavior.

Fortunately, there is one search engine who recognizes the dangerous precedents set my the search giants and have taken steps to remedy the problem. At least on their end. It’s unclear if this move will serve to push more users to Ask.com, but it can’t hurt.

Users have the ability to turn AskEraser on at the cost of personalizing Ask.com. Hey, does Ask really need the data they use to personalize it for you anyway?

So in a world where our privacy is going farther away, Ask is taking a sane approach and making sure that we have the choice in the matter.

La Privacidad como Moneda

Alex Rudloff escribe un interesante artículo (en inglés) sobre el uso de nuestra privacidad como moneda, pudiendo cada quien intercambiar partes de su privacidad por servicios.

De esta forma podemos indicarle a Facebook nuestra fecha de cumpleaños a cambio de que nuestros amigos estén al tanto y puedan felicitarnos. A mint podemos contarle nuestros hábitos de consumo personales a cambio de información y recomendaciones para ahorrar. A LinkedIn le informamos en dónde trabajamos y así podemos conectarnos con nuestros colegas. A Google le permitimos almacenar nuestros correos, a cambio de la comodidad de tener acceso a ellos desde cualquier conexión. A Amazon le dejamos estudiar nuestros gustos a cambio de mejores recomendaciones. Y así sucesivamente.

Lo interesante de este modelo, es que es dinero renovable. A cambio de la misma información podemos obtener múltiples servicios, siempre y cuando uno de los proveedores de servicio no comparta nuestra información.

Cuando un proveedor de servicios decide compartir nuestra información sin nuestra autorización, esta pierde valor. ¿Si todos los websites conocen nuestra fecha de nacimiento, por qué darnos algo a cambio de ella?

En el caso particular de Facebook, ya han violado la privacidad de sus usuarios en dos ocasiones. Pero al parecer, el servicio que ofrece Facebook, o mejor dicho, el valor que obtienen sus usuarios es lo suficientemente alto para que la mayoría permita estos abusos. Eso, o simplemente no se dan cuenta de lo que está ocurriendo.

Cuando activaron el Mini-Feed, Facebook compartió información de las actividades de sus usuarios con el resto de sus amigos en Facebook. Y ahora con el caso del Beacon, Facebook y sus socios comerciales compartieron información entre ellos sobre las actividades de los miembros de Facebook en otros websites.

En ambas ocasiones Facebook ha recapacitado, explicado y ofrecido una solución. Pero también en ambas ocasiones Facebook ha preferido comenzar con la versión más abusiva de la privacidad de sus usuarios, rectificando solamente después de una reacción de estos.

Es sólo cuestión de tiempo para que los datos de más de 50 millones de usuarios estén comprometidos. Y entonces nuestra privacidad se habrá devaluado.

Zuckerberg, Quit Insulting Our Intelligence

Mark Zuckerberg, the founder and CEO of Facebook has taken one more step in the Beacon war. As we’ve noted, Facebook is wrong to not fully make Beacon an opt-in program, partner companies are wrong for releasing customer data to Facebook and by the way I made a Firefox extension that will help consumers know when they are on a site that is using Beacon technology and will send data about their customers to Facebook, regardless of whether the consumer has a Facebook account or have the program turned off.

So, back to Zuckerberg. Mark posted an entry today on the Facebook blog apologizing for Beacon, admitting that the program was mismanaged from the start and that the response to the outcry were abysmal:

We’ve made a lot of mistakes building this feature, but we’ve made even more with how we’ve handled them. We simply did a bad job with this release, and I apologize for it. While I am disappointed with our mistakes, we appreciate all the feedback we have received from our users.

Zuckerberg continues on to outline how to turn off Beacon altogether – and that’s where this is still breaking down. First, Beacon is still “opt-out”. That is, users still have to proactively turn the “feature” off. I’m guessing that most Facebook users are not paying attention to this whole Beacon uprising, and thus probably have no idea that there is something that can be turned off and how it would be turned off. The majority of Facebook users, I’d venture, are purely using the site to keep up with their circle of people. No one is paying attention to these higher-level issues – something I admit I’m disappointed in as I think these issues affect all users.

The reality is that Beacon is damaged goods and I will be surprised if partners don’t continue to drop the technology. It’s a huge mistake to send data to Facebook and let Facebook determine if the user 1) exists or 2) has not opted-out.

Someone I talked to recently described Facebook and Beacon as, “[Facebook] is like inviting the devil into your home by accident and now [Beacon] is seen as angel of death.”

No, despite Facebook’s steps to “right the wrong”, they have not gone far enough. At the very least, they need to make it completely opt-in and let their marketing department “sell” opting-in to their users. In an ideal world, Beacon is completely abandoned – something that might very well happen if the backlash doesn’t stop soon.

Freakin' Beacon Firefox Extension

I took the dive into Firefox extension development today whipping out an answer to the Beacon is broke sentiment that is popping up all over the net, including here on this blog. This extension puts a little icon in the status bar that lights up in blue when on a page using Beacon technology. In theory, this will help users make educated decisions about which sites to shop at, or rent games, movies or otherwise engage in activity with.

Get the details and install the extension here. And pass the word.

Companies Using Beacon Will Undoubtedly be Sued

Privacy policies. They are the walls of separation that protect users from the over-indulging nature of companies and provide strict legal protections for both the user and the company. Privacy policies are generally penned by lawyers who like writing obscure documents that do these things.

Facebook Beacon, as we talked about, is a major privacy violator. Facebook’s official policy on this states that:

When you send an action to Facebook, the user is immediately alerted of the story you wish to publish and will be alerted again when they sign into Facebook. The user can choose to opt out of the story in either instance, but the user doesn’t need to take any action for the story to be published on Facebook.

Putting aside the obvious problems surrounding Facebook’s opt-in/opt-out policy, the real problem lies in the fact that partner companies are sending data to Facebook without permission in the first place. Undoubtedly, it is a violation of their own privacy policies. This begs the question: will some big-shot lawyer come along and file a class action lawsuit on behalf of the 50M+ Facebook users who have fallen victim to this conspiratorial betrayal of their trust and privacy?

Let’s explore some privacy policies to see what these companies are allowed to do as it pertains to third parties and user data.

Hotwire has a policy that allows for third party release of info for specific purposes but stipulates that the firms cannot share the data with other organizations:

Hotwire will also share your information with business firms contracted to provide specific services to us, in a manner consistent with this Privacy Policy. For instance, if Hotwire were to hold a sweepstakes offer on our Site, we may choose to hire a Sweepstakes Administration firm to handle the legal requirements surrounding entrant and winner selection and validation. We also share complete booking data for registered coolExtras members with Affinion Group, a loyalty marketing firm that administers coolExtras rebates. In situations such as this where your data is shared with a third-party firm, these firms are contractually obligated to only use your personal data for the purpose for which the relationship exists. These firms do not have the right to share your data with other organizations or contact you outside the bounds of their contract with us.

GameFly expressly forbids itself from transferring personally identifying data to anyone except in the case of a merger or acquisition or in the case of subpoena or cooperating with law enforcement:

Disclosure and/or Transfer of Personal Information

We may disclose any and/or all personal information about you in the good faith belief that we are required to do so by law, including but not limited to requests pursuant to subpoena or court order, and/or disclosure to local, state, or federal law enforcement, or other government officials pursuant to investigations they are conducting. In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, GameFly’s customer information may be transferred to our successor or assign.

Aggregate Information

We may provide our prospective partners, advertisers, and other third parties with aggregate data about members and visitors to the GameFly Website. However, such data is anonymous, and we do not disclose personally identifying information about specific users.

eBay has not introduced Beacon yet, but appears to be angling to do so and also protect itself and its users, something I applaud. Furthermore, their privacy policy explicitly allows for such sharing of information.

Web beacons

A web beacon is an electronic image placed in the web page code that can serve many of the same purposes as cookies. Web beacons are used to track the traffic patterns of users from one page to another in order to maximize web traffic flow.

How eBay protects your privacy with third parties

eBay may work with other companies who place cookies or web beacons on our websites. These companies help operate our websites and provide you with additional products and services. They are subject to confidentiality agreements with eBay and other legal restrictions. eBay does not permit any of these companies to collect personal information using cookies or web beacons on our websites.

While eBay may be angling to protect itself, OVerstock.com has no excuse considering purchases are explicitly banned from being disclosed to third parties not involved in closing the transaction (e.g. credit card companies):

We may collect information actively generated by the purchase of a product or service, such as a payment method. We use this information to process your order and analyze and support your use of the Overstock.com web site. This information may be disclosed only to our staff and to third parties involved in the completion of your transaction, the delivery of your order or the analysis and support of your use of the Overstock.com web site.

Blockbuster is over the top with their privacy policy readily admitting to sharing personally identifiable information:

Blockbuster, its affiliates and franchisees (if permitted by Blockbuster) on occasion may disclose to their business partners certain data, such as names and addresses and the genre of products rented or purchased by Users or Members, so that the business partner may send their own direct marketing communications to Users and Members. Blockbuster will not provide User or Member e-mail addresses to business partners, unless the User or Member has provided express permission to Blockbuster. If you would prefer that Blockbuster not use disclose your personal information to its business partners for direct marketing purposes, subject to legal, or contractual restrictions and legal notice you may opt out of such uses and/or disclosures by (a) checking the appropriate “Opt Out” box in any applicable e-mail communication or e-newsletter, (b) sending an e-mail to blockbuster@custhelp.com (c) writing to us at 1201 Elm Street, ATTN: Online Customer Loyalty, Dallas, TX 75270 or (d) visiting your local BLOCKBUSTER store.

So the problem here is not only Facebook. Facebook pledges to protect these company’s users privacy. My question is… why is Facebook doing the job these companies should be doing in accordance with their own privacy policy. I will go out on a limb right now and say for the record that I will gladly sign on to any class-action lawsuit on behalf of Facebook’s 50M+ users who have had their privacy violated on account of this program. Companies like Coca-cola have wisely decided not to get involved. Others have foolishly determined that they will stay involved.

I guess we’ll let the dust settle on this.

The Only Answer to Facebook Beacon is a Deleted Account

Marc Orchant, the other day, announced he was deleting his Facebook profile. For him, it came down to a matter of usefulness. I am considering also deleting my Facebook profile for completely different reasons – Facebook Beacon.

In case you’ve been under a rock for the past few weeks, Beacon is the program that Facebook marketed as a B2C advertising platform. Companies utilizing Beacon would benefit by automatically getting postings in the profile of a user utilizing the company’s website in some way, whether for purchase or otherwise. It was marketed to businesses as completely “opt-in” but as turned out to be exactly opposite.

The privacy concerns that have been demonstrated by the Beacon program is well documented. One guy bought his girlfriend a an engagement ring on Overstock.com and she found out about it by reading his Facebook profile where Overstock had posted this fact on the guy’s profile without him knowing. Personally, I’ve been dismayed to find my Gamefly activity documented as well as a car rental I purchased through Hotwire for later in the month.

Lots of people have proposed methods of “blocking” Beacon, but the fact is that whenever you are logged in, Beacon companies can (and will) post data to Facebook. Even if you opt to never show these details on your profile, Facebook still collects the data and quite possibly shares that demographic data with interested companies. Dare Obasanjo has detailed how broke Beacon really is

Awhile ago, I wrote an article entitled “The Art of War: Facebook’s Strategy for Ultimate Victory“. In that article, I outlined how I thought Facebook had made all the right decisions and as a result would eclipse MySpace and other social networks as the premiere network around.

I am taking that article back. Facebook has not only violated all sense of trust on this matter, but faced with the problems, they’ve only made matters worse. (Sidenote: If you have a few hours, go through these court docs and tell me at the end if you trust Mark Zuckerberg or find him to be completely slippery. Also read this lengthy “pieced together account” of Facebook’s origins).

The real question here is there any real way to opt out? I don’t think there is.

  1. The Privacy tab in Facebook – good for taking companies that use Beacon and that you’ve already engaged with out of a newsfeed – but what about future companies that I do business with?
  2. Companies still sending data to Facebook regardless of if I’ve turned the privacy level way down. What is Facebook actually doing with this data? Telling me that it will be deleted is not a good enough answer for me. Beacon should be opt-in ONLY at the Facebook AND vendor levels.
  3. The firefox extension for blocking sites. This is a good idea in principle but I shouldn’t have to do anything to maintain my own privacy!

To me, the only option here is deleting your Facebook profile – something I am very close to doing.