Forget about Google... Facebook is gunning for Claritas and other profiling companies that have been doing this for years, though behind the scenes and not in real time (see <a href="http://epic.org/privacy/profiling/" rel="nofollow">http://epic.org/privacy/profiling/</a> for more about profiling).<p>Google may have (deservedly) gotten a black eye for the Buzz debacle, but they have a lot of cultural DNA that values privacy (their CEO aside) and at least some systems in place to allow management of personal data (as well as data exodus).<p>Facebook on the other hand is clearly all business and will bend privacy concepts till their either break or users are conditioned to accept lack-thereof as the new standard (all in the name of "sharing").
The author states...<p><i>Instant personalization means that if you show up to the Internet radio site Pandora for the first time, it will now be able to look directly at your Facebook profile and use public information — name, profile picture, gender and connections, plus anything else you’ve made public — to give you a personalized experience.</i><p>Is this true? A simple enable or opt-in prompt in the frame on the first visit to a site would be the expected behavior here.
"Facebook also introduced a way for certain sites to push this further than everyone else. Three carefully chosen launch partners — Microsoft’s Docs.com, Yelp and Pandora — have access to what Facebook is calling “instant personalization.” This is a powerful, inventive and creepy tool that the company hopes to extend to other partners but is testing the waters with these three first."<p>Wait a minute; Yelp? Isn't that the small business extortion site? What a weird outfit for anyone to want to associate themselves with.
What's the best way to block this entirely? /etc/hosts won't work because it's not on a subdomain (the iFrame loads from <a href="http://www.facebook.com/plugins/activity.php" rel="nofollow">http://www.facebook.com/plugins/activity.php</a>). This would make a nice Chrome/Firefox extension.
The biggest privacy issue here are the social plugins. They're easily embedded in existing sites using an iframe which is hosted by facebook.<p>As more sites adopt these, Facebook will be able to track every site you visit on the web. I don't know about you, but I'm not comfortable letting Facebook know which sites I visit.<p>Google adsense/doubleclick is fairly prevalent and has the same issue. You can opt out of it with Google though: <a href="http://www.google.com/privacypolicy.html" rel="nofollow">http://www.google.com/privacypolicy.html</a> -- the Facebook settings I have seen aren't clear about their data retention policies and what 'opting out' really means.
Even with instant personalization turned off, your friends can share your info on any service they get suckered into using. Given how many of my Facebook friends bombard me with quizzes and Farmville, I'm guessing that's going to happen a lot. You have to block each application individually.<p>Moreover, any site can display your profile information. <a href="http://cnn.com" rel="nofollow">http://cnn.com</a> even seems to combine it with what CNN stories they liked recently, which makes me wonder how much data they can read back. Has anyone taken a look at the Facebook social plugins to determine how much data, if any, you can get out of them?
This actually wasn't a surprise — I wrote about it a few weeks ago (<a href="http://techcrunch.com/2010/03/27/facebook-privacy-connect/" rel="nofollow">http://techcrunch.com/2010/03/27/facebook-privacy-connect/</a>) and it was hinted at in Facebook's new Terms of Service.<p>Facebook knows it could lead to some major backlash too, so they're being very conservative with the initial rollout. If you go to Yelp, it's actually hard to tell at first glance that any data sharing has occurred. Go to Pandora and it will know what bands you like, but who is going to get upset about that? And Docs.com doesn't appear to be open to the public yet.<p>As the program expands, though, there could be a pretty serious shitstorm. I don't think people understand what the 'Everyone' option means, and this could be the first time they realize what they signed up for during Facebook's privacy overhaul last December, when Everyone became the default.
Years ago, when caller ID was becoming commonplace, a company (I think it was American Express) started answering customer calls by name--- "Hello Mr. Jones, how can we help you."<p>This proved to be very unpopular with customers and they stopped doing it... they probably still use the caller ID but don't let you know that they are.
<i>The idea is that Pandora is a somewhat hard concept to explain to new users — before it existed, people didn’t have their own personalized radio stations based on similarities between artists and song.</i><p>Last.fm always generated you radio stations based on your scrobbles or by tags you type and predates Pandora