Facebook grooming us for intrusive marketing?

Whether or not Facebook kills its much-derided Beacon program, the controversy surrounding intrusive marketing surveillance deserves to flourish.

You remember the old story about the frog placed in a pot of water that was slowly heated up, until it was cooked? When I read the about Facebook's reaction to the anti-Beacon protests, my first impression is that Facebook's concessions are essentially along the lines of, "OK, we turned up the heat a bit too much on this one, so we'll turn it back down a little bit--for now." Are marketers counting on the fact that we'll get used to the warm bath, then the hot tub, calibrating their fine-tuned ability to stop just short of the lobster pot?

CNN.com contributes a story, "Ad targeting improves as Web sites track consumer habits," which covers the Facebook issue among other case studies. Marketers are studying the sensitivity level of consumers to intrusive advertising and adjusting their programs accordingly. For example, CNN.com reports, "Most Web sites and marketers have been shunning the ultimate targeting--ads that greet you by name. Yahoo could easily do that using registration information, but 'I'm not sure people would like that or not,' said Richard Frankel, Yahoo's senior director of product marketing."

The CNN story continues:

"Users' comfort with data profiling has indeed shifted over the years. Google faced criticism when it introduced an e-mail service that paired ads with the words inside private messages. Millions of people now use Gmail with scarcely a blink.

Users will eventually embrace the latest tactics, too--and by then, they'll complain about even deeper levels of intimacy yet to be invented, said Tracy Ryan, professor of advertising research at Virginia Commonwealth University

'You want to have enough targeting that a consumer notices the message and pays attention, but you don't want it to be so obvious that they are thinking (there) is targeting,' she said. 'That would be scary.'"

My second reaction to the Beacon program is to ask about the privacy policies, or lack thereof, of all the commercial sites that are partnering with Facebook. Ellen Nakashima of The Washington Post (November 30, registration required) reported that Beacon broadcast Facebook members' transactions involving sites including Overstock.com, Travelocity, eBay, Fandango, Blockbuster, and Zappos. Even if Beacon went away tomorrow, what right do these participating online retailers have to share personal transaction information with Facebook in the first place? It is time for someone to develop a clear, voluntary standard of privacy protection so that we as consumers don't have to study a 10-page legalistic privacy policy every time we want to buy shoes or order movie tickets. I'd much rather be able to easily check whether a site has a "Private Shopping" seal of approval. If any such programs are in the works, please leave me a comment.

I commend the MoveOn.org protest and other user revolts against Facebook, but I am surprised there hasn't been a legal challenge against Beacon yet. I am not a lawyer, but common sense suggests that this program is a ridiculous invasion of privacy. It is unsafe, first of all. I spent three days this week working to bring Internet safety training to families in my community. We talked a great deal about the care that needs to go into which information we care to reveal about ourselves to the public. (And yes, I consider a Facebook page "public" when it comes to safety concerns.) We would tell a teenager that it's unsafe to brag about getting a new flatscreen television for Hanukkah or Christmas. What will Facebook do when it broadcasts "Joe Schmo just bought a 50-inch plasma TV" and then Joe Schmo's house is burglarized?

As it stands now, Facebook's greatest concession is to make the Beacon broadcasts opt-in on a case-by-case basis. The changes Facebook is proposing are far too weak. Facebook members still do not have the clear and simple option to permanently opt out of Beacon altogether, and we should settle for nothing less. And it gets worse than that. Further investigation by Stefan Berteau on the CA Security Advisor Research Blog reports that Facebook is tracking users who opt out or are not logged in. You can read Stefan's entire report, including many technical details, and read a less technical summary on the WRAL news Web site, which also reports that Coke and Overstock.com have quit the Beacon program.

As this story evolves, consumers need to be the ones to keep the heat turned up on businesses to insist that they respect our privacy.