I have always been a huge fan of Facebook. I’ve come to their defence many times. Over the News Feed controversy, I sided with them (if you don’t want people to see something, why are you posting it on Facebook?). While people were complaining about Facebook opening its doors, I welcomed the change (networks and privacy settings overcome any issues there). When people were afraid of the API and Facebook “selling your personal information to third party companies,” I came to its defence by explaining the nature of an API to non-programmers.
But this time, they’ve gone too far.
The news on Facebook Beacon just keeps getting worse and worse. Facebook Beacon is a service that runs on third-party sites, publishing user actions to the news feed. For example, if you go to eBay or Blockbuster and make a purchase, this will show up in your Facebook mini-feed. This is problematic for many reasons, for example, Christmas shopping or embarrassing personal purchases. It’s one thing if a user has taken an action on Facebook.com – that is expected to be shared in some way. But this is on third-party websites.
Furthermore, Beacon tracks Facebook users when they’re logged-off and it even tracks non-users and users with deactivated accounts. Whose bright idea was that? This was discovered by security researchers, not announced by Facebook.
Facebook initially responded by changing Beacon to request a user’s permission before publishing a story, but calls for a universal opt-out have been ignored.
Until now. As I am writing this post, I am stumbling upon news of Zuckerberg’s post from this morning on the Facebook blog. An apology and a universal opt-out was certainly in order and has now been delivered.
We’ve made a lot of mistakes building this feature, but we’ve made even more with how we’ve handled them. We simply did a bad job with this release, and I apologize for it.
At first we tried to make it very lightweight so people wouldn’t have to touch it for it to work. The problem with our initial approach of making it an opt-out system instead of opt-in was that if someone forgot to decline to share something, Beacon still went ahead and shared it with their friends. It took us too long after people started contacting us to change the product so that users had to explicitly approve what they wanted to share. Instead of acting quickly, we took too long to decide on the right solution. I’m not proud of the way we’ve handled this situation and I know we can do better.
Is this becoming a pattern? Once was commendable, but you’d think they might have learned their lesson. There is a lot of potential for Facebook to provide value for users and monetize itself in the process, but it has to take privacy more seriously. Whose bright idea was it to make Beacon opt-in by default? And with no opt-out? If you look at Google, they’ve been successful at making money off people’s personal data (e.g. Gmail contextual ads) without compromising privacy or being intrusive. At the very least, Facebook needs to learn to err on the side of caution.
Let’s hope this is the last time Zuckerberg needs to blog an apology.