

Facebook’s Instant Personalization Is the Real Privacy Problem - hshah
http://gigaom.com/2010/04/22/facebooks-instant-personalization-is-the-real-privacy-hairball/

======
Adaptive
Forget about Google... Facebook is gunning for Claritas and other profiling
companies that have been doing this for years, though behind the scenes and
not in real time (see <http://epic.org/privacy/profiling/> for more about
profiling).

Google may have (deservedly) gotten a black eye for the Buzz debacle, but they
have a lot of cultural DNA that values privacy (their CEO aside) and at least
some systems in place to allow management of personal data (as well as data
exodus).

Facebook on the other hand is clearly all business and will bend privacy
concepts till their either break or users are conditioned to accept lack-
thereof as the new standard (all in the name of "sharing").

~~~
euroclydon
That is some really scary stuff in the link you gave!!! People need to realize
that it's not worth the $0.25 off a can of green beans you get by using a
loyalty card, if a sleazy merchant is going to swoop in at some vulnerable
time in your life and help separate you from hundreds or thousands of your
dollars.

~~~
acgourley
Can you give an example of how they are going to 'help separate you from
hundreds or thousands of your dollars'?

~~~
euroclydon
Did you read the document? They use psychological tactics combined with an
outrageous amount of your personal data in order to market to you. Let's
supposed you just had a child or spouse die, more specifically, you were just
widowed. They will be able to garner that fact from your spending habits or
public records (or perhaps FB data) and combine it with all the other info
they have on you, and then might try to sell you some shady investment or
insurance. Their job is to get you to buy something you don't need. They're
working on it while you sleep. Many people are not adequately equipped to
resist their tactics.

------
83457
The author states...

 _Instant personalization means that if you show up to the Internet radio site
Pandora for the first time, it will now be able to look directly at your
Facebook profile and use public information — name, profile picture, gender
and connections, plus anything else you’ve made public — to give you a
personalized experience._

Is this true? A simple enable or opt-in prompt in the frame on the first visit
to a site would be the expected behavior here.

~~~
qhoxie
Yes, that is basically the point and the reason they call it "instant" - they
don't want anything to be a click away.

The opt-out prompt is in the form of a blue bar at the top of the page. Once
you say "No thanks" they are required to remove any of your information and
not connect you on future visits.

~~~
hammerdr
Screenshot of the instant signin

<http://yfrog.com/iymcjp>

This was without prompt, as qhoxie states.

~~~
sp332
Man, talk about banner blindness! It took me 10 seconds to find the Facebook
bar in that picture, and I knew (approximately) where to look!

------
nfnaaron
"Facebook also introduced a way for certain sites to push this further than
everyone else. Three carefully chosen launch partners — Microsoft’s Docs.com,
Yelp and Pandora — have access to what Facebook is calling “instant
personalization.” This is a powerful, inventive and creepy tool that the
company hopes to extend to other partners but is testing the waters with these
three first."

Wait a minute; Yelp? Isn't that the small business extortion site? What a
weird outfit for anyone to want to associate themselves with.

------
jonknee
What's the best way to block this entirely? /etc/hosts won't work because it's
not on a subdomain (the iFrame loads from
<http://www.facebook.com/plugins/activity.php>). This would make a nice
Chrome/Firefox extension.

~~~
jarek
Any decent browser should be able to block content by URL. Use your adblocker.

~~~
jonknee
My adblocker (in Chrome) loads resources before removing them from the DOM. I
simply want to block this before the request is made.

------
mikebo
The biggest privacy issue here are the social plugins. They're easily embedded
in existing sites using an iframe which is hosted by facebook.

As more sites adopt these, Facebook will be able to track every site you visit
on the web. I don't know about you, but I'm not comfortable letting Facebook
know which sites I visit.

Google adsense/doubleclick is fairly prevalent and has the same issue. You can
opt out of it with Google though: <http://www.google.com/privacypolicy.html>
\-- the Facebook settings I have seen aren't clear about their data retention
policies and what 'opting out' really means.

------
aphyr
Even with instant personalization turned off, your friends can share your info
on any service they get suckered into using. Given how many of my Facebook
friends bombard me with quizzes and Farmville, I'm guessing that's going to
happen a lot. You have to block each application individually.

Moreover, any site can display your profile information. <http://cnn.com> even
seems to combine it with what CNN stories they liked recently, which makes me
wonder how much data they can read back. Has anyone taken a look at the
Facebook social plugins to determine how much data, if any, you can get out of
them?

~~~
jkincaid
We were told that third parties can't get any information from the social
plugins. The data is served directly from Facebook using an iframe.

~~~
aphyr
Ah, so CNN is handing its template and some fb query off to the plugin for
display, then?

~~~
cemregr
Exactly.

<http://developers.facebook.com/docs/reference/plugins/like>

------
jkincaid
This actually wasn't a surprise — I wrote about it a few weeks ago
(<http://techcrunch.com/2010/03/27/facebook-privacy-connect/>) and it was
hinted at in Facebook's new Terms of Service.

Facebook knows it could lead to some major backlash too, so they're being very
conservative with the initial rollout. If you go to Yelp, it's actually hard
to tell at first glance that any data sharing has occurred. Go to Pandora and
it will know what bands you like, but who is going to get upset about that?
And Docs.com doesn't appear to be open to the public yet.

As the program expands, though, there could be a pretty serious shitstorm. I
don't think people understand what the 'Everyone' option means, and this could
be the first time they realize what they signed up for during Facebook's
privacy overhaul last December, when Everyone became the default.

~~~
robotron
But you know what? There's a setting in Privacy Settings->Applications and
Websites called "Instant Personalization". Uncheck it and there you go. I
realize there are a lot of people who won't do this but the option is there.

~~~
pxlpshr
I did just that, and this is what it told me:

 _"Please keep in mind that if you opt out, your friends may still share
public Facebook information about you to personalize their experience on these
partner sites unless you block the application."_

~~~
jrmurad
But what does "public" mean there? If your privacy settings have information
access as "visible to friends only", can "these partner sites" access that
data if your friend doesn't opt out of this sharing?

~~~
jarek
See
[http://www.facebook.com/settings/?tab=privacy&section=ap...](http://www.facebook.com/settings/?tab=privacy&section=applications&field=friends_share)

For those who don't want to have to log in to find out:

"What your friends can share about you through applications and websites:

When your friend visits a Facebook-enhanced application or website, they may
want to share certain information to make the experience more social. For
example, a greeting card application may use your birthday information to
prompt your friend to send a card

If your friend uses an application that you do not use, you can control what
types of information the application can access. Please note that applications
will always be able to access your publicly available information (Name,
Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and
information that is visible to Everyone."

(I'm pretty sure at least current city wasn't on that list until fairly
recently.)

Checkboxes for lots of other information follow.

------
ams6110
Years ago, when caller ID was becoming commonplace, a company (I think it was
American Express) started answering customer calls by name--- "Hello Mr.
Jones, how can we help you."

This proved to be very unpopular with customers and they stopped doing it...
they probably still use the caller ID but don't let you know that they are.

~~~
maw
It probably also annoyed Mrs. Jones when she made calls using the Jones'
shared line which was in Mr. Jones' name.

------
metamemetics
_The idea is that Pandora is a somewhat hard concept to explain to new users —
before it existed, people didn’t have their own personalized radio stations
based on similarities between artists and song._

Last.fm always generated you radio stations based on your scrobbles or by tags
you type and predates Pandora

------
dantheman
To disable, Go To: Account > Privacy Settings > Applications and Websites >
and [UNCHECK] "Instant Personalization"

~~~
des
Unchecking that box only stops the personalization from happening
automatically. The floating toolbar still appears asking if you'd like to opt-
in (at least on yelp.com)

------
jambo
0.0.0.0 facebook.com www.facebook.com static.ak.fbcdn.net fbcdn.net ...

------
prabhu-pd
wont it be odd if you go to a website for the first time and u see that the
website knows more about u than you know about the website?

~~~
iron_ball
u r rite abt that lol

Or to be more precise, please use proper English. If English is your second
language, we are forgiving -- unless your _first_ language is AOLspeak.

