All Annotations of Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in. - CA Security Advisor Research Blog - CA [Preview]

saved by6 people, first byMichel Roland on 2007-12-01, last byTao Lu on 2008-08-03

As follow-up to Ben's look at Facebook's Beacon system, I began investigating the extent of its privacy implications. What I found is extremely disconcerting. Facebook is collecting information about user actions on affiliate sites regardless of whether or not the user chose to opt out, and regardless of whether or not the user is logged into Facebook at that time. The evidence I present below directly contradicts both public statements made by Facebook, and direct email correspondence from their privacy department, demonstrating that Beacon is a serious threat to user privacy.
How can this transfer of data be prevented? The blocking method from Ben's blog will continue to be effective against Beacon, whether you are logged on to Facebook or not. In addition, deleting your facebook.com cookies and avoiding the "remember me" option when logging in will keep Facebook from being able to track you while not logged in. Your data will still be sent if you are logged in to Facebook, however, regardless of the choice you make when presented with the opt-out dialog.

All Annotations of Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in. - CA Security Advisor Research Blog - CA[Preview]