When Facebook Chief Executive Mark Zuckerberg recently announced a "Like" button that publishers could place on their Web pages, heit would make the Web smarter and "more social."
What Zuckerberg didn't point out is that widespread use of the Like button allows Facebook to track people as they switch from CNN.com to Yelp.com to ESPN.com, all of which are sites that have said they will implement the feature.
Even if someone is not a Facebook user or is not logged in, Facebook's social plug-ins collect the address of the Web page being visited and the Internet address of the visitor as soon as the page is loaded--clicking on the Like button is not required. If enough sites participate, that permits Facebook to assemble a vast amount of data about Internet users' browsing habits.
"If you put a Like button on your site, you're potentially selling out your users' privacy even if they never press that button," says Nicole Ozer, an attorney with the ACLU of Northern California. "It's another example of why user control needs to be the default in Facebook."
In the last few months, scrutiny of the privacy practices of the Internet's second most popular Web site has reached an all-time high, withand privacy activists . In response to the outcry, Zuckerberg last week at Facebook's Palo Alto, Calif., headquarters, where he pledged to make privacy "simpler."
Publishers like "Like"
Facebook itself confirmed that after only a week, "more than 50,000 sites across the Web have implemented" social plug-ins. SearchEngineLand.com said Like buttons are "recommended" for virtually all Web sites; one blogging how-to guide reported that "small, blue Like buttons are now multiplying across the Web faster than you can say 'pandemic.'"
Marc Rotenberg, director of the Electronic Privacy Information Center, said that if his group had been aware of how the Like button was implemented, it would have raised this topic in a request for a Federal Trade Commission investigation of Facebook's privacy practices. (The statement sent to the FTC says, in part, that social plug-ins "violate user expectations and reveal user information without the user's consent.")
"The recent Facebook changes are too complex and too subtle for most users to meaningfully evaluate," Rotenberg said. "And it's not obvious that the recent announcement from Facebook has addressed all of these problems."
Social plug-ins "work the same basic way all widgets across the Internet do," said Barry Schnitt, a Facebook spokesman. "The URL of the Web page the user is viewing must be sent to Facebook for Facebook to know where to render the personalized content."
Schnitt said Facebook does not correlate pages viewed with advertising, so someone who spends a lot of time reading articles about German sports cars on caranddriver.com will not receive Porsche 911 or Mercedes C63 AMG ads on Facebook.com. "Of course, if the user actively 'likes' that page, then it is added to their profile and they might see a related ad on Facebook," he said.
"We use the information to help improve the service," Schnitt said. "We need to see how many people see a certain Like button to know what the click-through ratio for that button is, for example. If something has a really low rate, maybe something is wrong with the site, the implementation, or our product. If it is really high, maybe something fishy is going on."
The way Facebook has implemented its Like button resembles an advertising network: Code on Facebook's systems is executed whenever someone loads a page on, say, Mashable.com, one of the Web sites that quickly adopted the button. And advertising networks have come under significant regulatory scrutiny before, in part because they have the ability to create dossiers on what Internet users are doing across thousands or millions of different Web sites.
Ozer, the ACLU attorney, said she would caution sites to be careful before adopting Like buttons: "If an organization puts a Like button on their site, they're potentially telling Facebook about everyone who visits their Web site, every time that person visits their Web site."