Do Facebook Connect users understand how extensively their profiles and activities are used by third parties?
Facebook has gone a long way to protect the privacy of users on its own site. But what happens when users share their Facebook profiles and friend lists with other sites? Are social networks responsible for defending data its members decide to take elsewhere?
Those questions have taken on added urgency following the introduction of tools by leading social networks, including Facebook and News Corp.'s (NWS) MySpace, that let users interact with their friends on partner sites. Facebook Connect, for example, lets a user instantly share a movie rating on Netflix (NFLX) with all or some of his or her pals on Facebook.
Privacy advocates warn that these services pose a whole new set of concerns about how user data are collected and shared among sites on the Web. Using these open-networking tools, thousands of companies can unearth a trove of new data about a visitor—age, gender, location, interests, and even what a person looks like. "I'm wondering if people really understand when they're using Facebook Connect that other sites get access to their whole user profile and social graph," says Pam Dixon, executive director of the World Privacy Forum.
Announced last July, Facebook Connect has already signed up more than 8,000 partner sites, many of which plan to use data collected on Facebook members for their own purposes. Joost, a video-viewing site that integrated with Facebook Connect in December, checks the ages of viewers entered on their Facebook profiles to give its own content partners—CBS (CBS), for example—a better idea of which Joost users are watching CBS programming. Digg.com will let users display their Facebook profile photos alongside comments they make on the social news-sharing site.
*snip*
Still, Web surfers may not understand exactly how their Facebook activity is being used by third-party sites. "It's about collecting your data, ultimately wherever you go, and being able to deliver targeted communications to you" based on that data, says Jeffrey Chester, executive director at the Center for Digital Democracy.
Digg Chief Executive Jay Adelson, who says his site has no plans to target ads based on users' Facebook profiles, concedes that the possibility exists. "There is the opportunity for using profile information for advertising," Adelson say
Opt In vs. Opt Out
Facebook has gotten into hot water in the past for what users considered overly eager sharing of information with advertisers. In November 2007 users were outraged when they learned of a new service called Beacon that automatically tracked user behavior on external sites and reported it to Facebook. Beacon was opt-out—meaning users had to take action to exit the program. Facebook Connect works in the opposite manner. Users have to ask to be included. "We've redoubled our efforts to give users control over their information," Kelly says.
People with a Facebook username can sign in to a variety of sites with that same name, enabling them to see which of their friends are also using those sites. They can also choose to have their activities around the Web published on their social-networking profile on Facebook. MySpace users can use MySpaceID, and Google (GOOG) users can use Google Friend Connect in similar ways.
One of the complaints about Facebook's Connect platform is that it's a closed, privately controlled storehouse of user data. "Bad things tend to happen when you have centralized identity stores," says WPF's Dixon. "The risk is that it will be seen as a honey pot for information requests from various parties," such as law-enforcement agencies, she notes.
Working with Google, Yahoo (YHOO), and a number of other partners, Facebook's social networking rival MySpace has developed an open-source framework for logging into multiple sites using one name and password. This standard, called OpenID, allowed the site to create MySpaceID, which its members can use on such sites as event planner Eventful and Flixster, a social site for film buffs.
There's already a push for regulation, or at least more standards that would apply to these services across the board. Says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington: "There need to be clearer safeguards for users of social-network services before there is a lot more transfer of personal data between platforms."
http://www.businessweek.com/technology/ ... 649562.htm