So, I’ve been hearing a lot recently about Facebook’s new Beacon advertisement deal. By deal of course I mean you get nothing and they get money, sounds like a deal. So apparently the deal is, if you were to do or buy something at a non facebook site, facebook would somehow be notified of it and it would appear in your news feed. This can do all kinds of great things, like give away secrets and make you look foolish and it is hard to opt out. See the above link for more info. Now there has been all kinds of uproar, but I’m yet to see any of this occur in person. I’m also curious as to how in the world facebook knows that you just bought something or whatever from some other site. So I did some testing.
So the first hard thing about testing this was finding a participating site! With all of the outrage in the bolgosphere, I still had to search a bit to find out that Yelp.com, an restaurant review site is participating. Ok so I signed up for a fresh new yelp account with my them, and reviewed a bad Indian place near me that refuses to serve me spicy food, low and behold the little box shows up from facebook, and I opt out, cause well I don’t need to spam my news feed even for testing purposes. Ok, so how did they know, facebook doesn’t have that email, but I did tell yelp my real name, lets change that to a fake one, as per usual, but something random, not just liryon like I usually do. Humm, after reviewing Chipotle, facebook still knows. Ok, lets get a new account with a brand new email, no ties to me at all, oops still knows, this must be using cookies. Well i could have assumed that but I really wanted to know if they were trying to look things up on other information. Clear the cookies and active web sessions and bam, after another test review facebook does not know about it.
So the lesson here is that nothing interesting is going on at all, other than that facebook now counts as malware that you must protect yourself against. I was really hoping that they were doing something interesting to determine that you are you, but cookies aren’t interest. Anyways, you can protect yourself by doing this or just by logging out of facebook before you go do other things. It turns out that the little remember me check box, with its oh so helpfully annoying tool tip explaining what it does is a whole lot more sinister than it seems.
If a user has ever checked the option for Facebook to “remember me” — which saves the user from having to log on to the site upon every return to it — Facebook can tie his activities on third-party Beacon sites directly to him, even if he’s logged off and has opted out of the broadcast. If he has never chosen this option, the information still flows back to Facebook, although without it being tied to his Facebook ID, according to Berteau.
This according to a PC world writer with more time to research than myself. Now, hes a bit misleading on the ever part: if you clear your cookies, and browser sessions, the methods by which remember me works, then it resets the “have ever checked” part. Of course, it is trivial to say on the internet that information is transmitted, as the simple loading of a URL transmits the information to the host of that resource that you have requested to load it. And any given site, say this one, linking too an off site resource such as this image:
is a perfectly begin way in which it appears that you have requested an image of bunny when in fact you only meant to request this blog post, and you didn’t know it contained a bunny. Facebook is taking just taking this same sort of thing a lot too far, by sending requests that identify you and what you are doing, this is just blatantly over the line.
As Paul points out, the is a simple solution, just don’t use facebook. He has espoused this position for some time for a variety of increasingly convincing reasons.