It’s difficult to feel sorry for mega-zillionaire Facebook founder Mark Zuckerberg, but you have to admit that his social network is in a bit of a bind. With an upcoming Initial Public Offering (IPO) which could value the company on the high side of $100 billion (yes, with a b) its less than stellar history of privacy protection may be placing the 2012 Wall Street debut between a stock and a hard place. On one side are the 800+ million Facebookers who would really rather not divulge every single aspect of what they share on profiles and posts they believe to be private. On the other side are the advertisers who consider every byte of “private” information to be an invaluable data mining motherlode. How deftly Facebook manages to keep these opposing parties appeased may determine the extent of success the stratospheric IPO can achieve. Mysteriously Targeted Ads The US Federal Trade Commission (FTC) recently released an investigative report that the agency conducted on the world’s largest social network. The FTC called out Facebook on a number of duplicitous policies violating user privacy after reassuring them that they would do nothing of the sort. The most critical failing was in sharing personal data marked as private with advertisers. Any Facebook user who would innocuously post various key words and phrases on profiles or posts would find that they were now presented with “mysteriously” but very accurately targeted ads. “I love to play hockey [Bauer], jetski [SeaDoo], and jog [Nike], then relax [La-Z-Boy] watching football [NFL] on my big screen TV [Samsung]…” Consumer Deception In announcing a settlement, the FTC stated that the social network \"deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.\" The litany of privacy violations committed by the social giant are outlined within the pages of the FTC report and cover everything from making a vast amount of data that the users had directly specified as private visible to anyone on the net, and continuing to display photos and videos from deactivated accounts. The FTC excoriated Facebook executives for repeatedly stating that they did nothing of the kind but then were caught with their hand in the http cookie jar, so the settlement calls for biennial privacy audits conducted by the government with fines of $16,000 per violation per day. If the fines were levied on each conceptual violation then Facebook could theoretically just consider it a relatively minor cost of doing business. However, these fines will be applied on a user by user basis, so they could swiftly bankrupt the social network. Stalker Apps It seems that Facebook is either consciously or inadvertently missing the point of the FTC accusations. With the introduction of Seamless Sharing, the social network is turning back the clock to 2007’s Beacon service, which was shut down after a class action lawsuit was filed. The differences between Beacon and Seamless Sharing are… actually next to nothing. Facebook’s new/old application will stalk you across the internet posting everything you do and everywhere you go. If you don’t want your friends, family and coworkers finding out that you visited xxx rated sites, listened to polka, watched a chick flick or checked out instructions on how to poison your spouse and get away with it, then Seamless Sharing is not for you. Mercantile TIA Total Information Awareness (TIA) was a project launched by the US government’s DARPA in the dark days following the 9/11 attacks. The concept was to allow the military access to a digital dossier on every US resident: Everyone’s digital tracks would be shadowed down to the mouse click in order to provide the Department of Homeland Security information on potential terrorist activity. Seamless Sharing can be seen as the mercantile version of TIA but instead of keeping our country safe from terrorism, it keeps Facebook awash in billions of advertiser dollars by acting as our social stalker. Facebook’s IPO relies on how well Zuckerberg & Co. are able to dominate the business of personal data, and the implications are nothing less than staggering.
You log out of Facebook and go off to surf the world wide web in the belief that wherever you go you’re fully anonymous and not being tracked. That belief is in error, as was recently proven by an Australian blogger who demonstrated that once you’re logged out of Facebook, you’re actually not logged out of Facebook. Nik Cubrilovic discovered that a number of cookies that identify you to Facebook are retained after you log out, and an HTTP connection back to Facebook remains for all eternity. It seems that the only completely secure option is to not just to log out of the social network site and clear your cookies, but to literally reinitialize your hard drive and reinstall your operating system… and to not ever log onto Facebook again. Ireland Is Investigating Facebook When Cubrilovic recently announced his research, Facebook was confronted with a flurry of publicity as well as a class action suit by Perrin Aiken Davis. Since Facebook’s international headquarters is based in Dublin, Ireland’s Data Protection Commission has announced that it will be conducting a full privacy audit of the site to discover if its citizens (and by extension all users) have had their privacy violated. The Irish commission will be specifically focusing on aspects such as inadequate privacy settings and photos that are still publicly viewable on the internet after they are “deleted.” 880 Pages of Tracking per User Facebook is no longer ignoring Cubrilovic and has actually just deactivated the stalkerish “a-user” cookie that contains your user ID. In a public statement, Facebook adopted the same excuse many other internet giants have used when they have been caught with their hand in the “cookie” jar, stating that the “a-user” should have been cleared upon logout and it was a bug in the code. Apparently this so-called bug has been resident on the computer hard drives of nearly a billion people for years and has been providing Facebook with a volume of completely priceless marketing information: When the United Kingdom introduced a law empowering users to access their historical data captured by Facebook, many were surprised to find an average of 880 pages filled with the details of how they interacted with their contacts and the web at large. This “Act” Isn’t Over Cubrilovic has discovered that although the relatively blatant “here is the user’s ID” cookie has been finally quashed, Facebook still has the technical capabilities to identify logged out users. One of the ways is the “act” cookie that, regardless of Facebook’s claims of innocuousness, contains a timestamp accurate to fractions of a millisecond that can easily be cross-referenced by the social network to identify the user. Therefore, although the “a-user” is gone, this “act” is far from over. Facebook Is Not Alone Should you be concerned about Facebook tracking your movements across the net? In fairness, they are not alone, as the number of tracking cookies placed on the average internet user\'s computer by almost every commercial website they have ever visited is nothing short of staggering. Whether you like it or not there is a record present in a variety of servers around the world showing all the sites you visit as well as what you do there - and all this info can be viewed by a plethora of government and other agencies who are interested in other aspects of your life, not just marketers trying to sell you something. So if your taxes are paid up and you don’t have any legal skeletons in your closet, you really don’t have much to worry about. “Paranoia will destroy ya,” and the bottom line is that these digital footprints are primarily accessed by governments to track terrorists and major criminals, so your unpaid parking ticket from last year is not generally grounds for the FBI to commandeer your online history. Regardless, in its current iteration internet privacy remains an oxymoron, and the only way to be completely sure that your online actions are not leaving indelible tracks is to not make them in the first place. Given that we live in an internet-reliant age, that prospect may be neither feasible nor desirable.