Forget about Google... Facebook is gunning for Claritas and other profiling companies that have been doing this for years, though behind the scenes and not in real time (see http://epic.org/privacy/profiling/ for more about profiling).
Google may have (deservedly) gotten a black eye for the Buzz debacle, but they have a lot of cultural DNA that values privacy (their CEO aside) and at least some systems in place to allow management of personal data (as well as data exodus).
Facebook on the other hand is clearly all business and will bend privacy concepts till their either break or users are conditioned to accept lack-thereof as the new standard (all in the name of "sharing").
That is some really scary stuff in the link you gave!!! People need to realize that it's not worth the $0.25 off a can of green beans you get by using a loyalty card, if a sleazy merchant is going to swoop in at some vulnerable time in your life and help separate you from hundreds or thousands of your dollars.
Did you read the document? They use psychological tactics combined with an outrageous amount of your personal data in order to market to you. Let's supposed you just had a child or spouse die, more specifically, you were just widowed. They will be able to garner that fact from your spending habits or public records (or perhaps FB data) and combine it with all the other info they have on you, and then might try to sell you some shady investment or insurance. Their job is to get you to buy something you don't need. They're working on it while you sleep. Many people are not adequately equipped to resist their tactics.
You got it. I worked in marketing for years and was always shocked at how much personal data we could get our hands on. It makes the recent dust ups about online privacy look (almost) tame in comparison, yet these profiling companies get away with it because no one realizes what's going on.
If you're worried about it, get a loyalty card and provide fictitious information on the form. I've never been asked to provide any proof of identity to get a supermarket loyalty card.
Though if you use your loyalty card and then pay with a credit card I guess they could link back to the "real" you.
Instant personalization means that if you show up to the Internet radio site Pandora for the first time, it will now be able to look directly at your Facebook profile and use public information — name, profile picture, gender and connections, plus anything else you’ve made public — to give you a personalized experience.
Is this true? A simple enable or opt-in prompt in the frame on the first visit to a site would be the expected behavior here.
Yes, that is basically the point and the reason they call it "instant" - they don't want anything to be a click away.
The opt-out prompt is in the form of a blue bar at the top of the page. Once you say "No thanks" they are required to remove any of your information and not connect you on future visits.
"Facebook also introduced a way for certain sites to push this further than everyone else. Three carefully chosen launch partners — Microsoft’s Docs.com, Yelp and Pandora — have access to what Facebook is calling “instant personalization.” This is a powerful, inventive and creepy tool that the company hopes to extend to other partners but is testing the waters with these three first."
Wait a minute; Yelp? Isn't that the small business extortion site? What a weird outfit for anyone to want to associate themselves with.
What's the best way to block this entirely? /etc/hosts won't work because it's not on a subdomain (the iFrame loads from http://www.facebook.com/plugins/activity.php). This would make a nice Chrome/Firefox extension.
The biggest privacy issue here are the social plugins. They're easily embedded in existing sites using an iframe which is hosted by facebook.
As more sites adopt these, Facebook will be able to track every site you visit on the web. I don't know about you, but I'm not comfortable letting Facebook know which sites I visit.
Google adsense/doubleclick is fairly prevalent and has the same issue. You can opt out of it with Google though: http://www.google.com/privacypolicy.html -- the Facebook settings I have seen aren't clear about their data retention policies and what 'opting out' really means.
Even with instant personalization turned off, your friends can share your info on any service they get suckered into using. Given how many of my Facebook friends bombard me with quizzes and Farmville, I'm guessing that's going to happen a lot. You have to block each application individually.
Moreover, any site can display your profile information. http://cnn.com even seems to combine it with what CNN stories they liked recently, which makes me wonder how much data they can read back. Has anyone taken a look at the Facebook social plugins to determine how much data, if any, you can get out of them?
That's true for the social plugins, but if you've authenticated with the site (e.g., click the "log in" button at the top of any CNN page and log in with FB), any 3rd party running javascript on the page will have access to all of the data you've allowed the parent site to access.
Facebook uses their parent-child-parent iframe tricks to assign a first-party cookie for the host ___domain. This cookie contains the Facebook user id and the OAuth access token used to make requests to the Graph API.
Any javascript running on the page can snatch that cookie and send the data back up to its mothership, which can then impersonate the host ___domain to make API requests on behalf of the user. Fun stuff.
Facebook knows it could lead to some major backlash too, so they're being very conservative with the initial rollout. If you go to Yelp, it's actually hard to tell at first glance that any data sharing has occurred. Go to Pandora and it will know what bands you like, but who is going to get upset about that? And Docs.com doesn't appear to be open to the public yet.
As the program expands, though, there could be a pretty serious shitstorm. I don't think people understand what the 'Everyone' option means, and this could be the first time they realize what they signed up for during Facebook's privacy overhaul last December, when Everyone became the default.
But you know what? There's a setting in Privacy Settings->Applications and Websites called "Instant Personalization". Uncheck it and there you go. I realize there are a lot of people who won't do this but the option is there.
"Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application."
But what does "public" mean there? If your privacy settings have information access as "visible to friends only", can "these partner sites" access that data if your friend doesn't opt out of this sharing?
For those who don't want to have to log in to find out:
"What your friends can share about you through applications and websites:
When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card
If your friend uses an application that you do not use, you can control what types of information the application can access. Please note that applications will always be able to access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and information that is visible to Everyone."
(I'm pretty sure at least current city wasn't on that list until fairly recently.)
Yeah, you're correct. It's gotten to the point that if you're a Facebook user you either have to not care if your data is shared or remove anything you may have added and care about.
That's sort of beside the point. If people start freaking out about this, they aren't going to see that setting and say "Oh, I guess this is OK then". They're going to be angry that they were signed up for it in the first place without realizing what was going on.
Years ago, when caller ID was becoming commonplace, a company (I think it was American Express) started answering customer calls by name--- "Hello Mr. Jones, how can we help you."
This proved to be very unpopular with customers and they stopped doing it... they probably still use the caller ID but don't let you know that they are.
The idea is that Pandora is a somewhat hard concept to explain to new users — before it existed, people didn’t have their own personalized radio stations based on similarities between artists and song.
Last.fm always generated you radio stations based on your scrobbles or by tags you type and predates Pandora
Unchecking that box only stops the personalization from happening automatically. The floating toolbar still appears asking if you'd like to opt-in (at least on yelp.com)
Google may have (deservedly) gotten a black eye for the Buzz debacle, but they have a lot of cultural DNA that values privacy (their CEO aside) and at least some systems in place to allow management of personal data (as well as data exodus).
Facebook on the other hand is clearly all business and will bend privacy concepts till their either break or users are conditioned to accept lack-thereof as the new standard (all in the name of "sharing").