Well, it’s a start: in response to what’s getting characterized as a firestorm of criticism, and Monday’s disclosure that the tracking extends to third-party sites (including IP addresses of people who haven’t even signed up for Facebook), they’ve now followed up last week’s shift to more of an opt-in model with the introduction of a global privacy control that lets users, um, opt out. At least that’s what it seems to me that Mark Zuckerberg’s blog post says:
Last week we changed Beacon to be an opt-in system, and today we’re releasing a privacy control to turn off Beacon completely. You can find it here. If you select that you don’t want to share some Beacon actions or if you turn off Beacon, then Facebook won’t store those actions even when partners send them to Facebook.
It’s a good thing, of course, and Facebook does seem to get it that they screwed up: “We’ve made a lot of mistakes building this feature, but we’ve made even more with how we’ve handled them. We simply did a bad job with this release, and I apologize for it.” Still, it’s just a band-aid; and especially since this is the second time in a year Facebook’s done something egregious from a privacy perspective and then backtracked slightly and slowly under pressure, I really wonder how much user trust they’re losing in the process.
What’s interesting and encouraging is that the opposition to this didn’t come just from privacy advocates or the tech community: there was significant mainstream coverage, and MoveOn getting involved takes things to a whole new dimension (although risks politicizing the issue). This is significant both because it alerts politicians to an opportunity here, and because it strengthens the hand of the consumer rights and civil liberties groups calling for stronger protections. If the call for a do not track list was the “first salvo in the war over behavioral targeting”, then this was the first skirmish — and it’s going in favor of the good guys.*
* in the gender-neutral sense of “guys”, of course