Facebook in privacy climbdown but is it already too powerful?
Facebook has had to back down over user tracking this week but this won't affect the social network's power in the long term, writes Christopher Williams.
For those who follow the Facebook’s misadventures in the privacy arena, its latest climbdown will come as no surprise. Coming on the heels of a major increase in the amount it aims to learn about its users, it could be a sign of bigger battles ahead.
For privacy advocates, the hero of the latest controversy was Nik Cubrilovic, an Australian technology entrepreneur and self-described “hacker”, in his case meaning he enjoys innocently tinkering with computer software.
Mr Cubrilovic discovered that Facebook had adopted an unusual definition of what it meant for users to log out of its services. By investigating its “cookies” – the small files delivered by virtually all websites to web browsers to store log in details, the contents of shopping carts and more – he found that after Facebook users log out, the website is still able to track their browsing on other websites.
For Facebook’s unusual cookies to report back to HQ, a user must visit a website that displays one of its “Like” buttons, which are overtly designed to allow logged-in users to share a link with their friends. The “Like” button is increasingly common across the web, with webmasters keen to attract any portion of Facebook’s massive user base.
What Mr Cubrilovic showed was that by delivering cookies to users when they log out, Facebook could also use its “Like” buttons to track them across the web.
“With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook,” he explained on his blog.
Facebook responded in the comments section, categorically denying it was tracking logged out users, and that the cookies it delivered when a user logs out could be used to identify them later. Journalists who asked the firm about the controversy were directed to the denial, which told Mr Cubrilovic that “contrary to your article, we do delete account-specific cookies when a user logs out of Facebook”.
But 48 hours later, the firm shifted its stance to admit it had “inadvertently included unique identifiers when the user had logged out of Facebook”, and would fix the problem as soon as possible. It said it did not store these details, so “there was no security or privacy breach”.
The about-face nevertheless drew scorn from privacy advocates long used to the firm’s aggressive approach to such issues. It has repeatedly had to be forced to climb down.
In the grand scheme of Facebook’s plan to dominate the web, this cookie controversy is a relatively minor glitch, but it has added to criticism of the social networks in the wake of the major changes it announced last week.
In the days after the Mark Zuckerberg’s big announcement at the firm’s f8 conference, it became clear the most important of these is what Facebook calls “frictionless sharing”. When a user read an article on a third party page that displays a Facebook “Like” button, it may be reported to their Facebook friends without the user taking any action.
So to Facebook, the choice that its users previously made to tell their friends what they were doing was “friction”. Critics have meanwhile referred to “frictionless sharing” as being more like a total surveillance system. It will certainly see Facebook’s vast data centres learn much more about their 750 million-plus patrons’ interests.
It will increase the power of Facebook as the web’s collective “brain”, deciding which websites and services should benefit from social instincts.
That power was starkly demonstrated this week by Spotify. It is to be embedded in Facebook, effectively guaranteeing its position as the web’s number one music streaming service. The price it paid for this honour became clear however, when it quietly announced that it would not accept any new users unless they have a Facebook account.
The reaction from Spotify users, many of whom pay a monthly fee, was almost universally negative. Its founder Daniel Ek was left to claim weakly on Twitter that the Facebook account requirement was designed to “remove a barrier to sign-up”.
The lesson from all these events is simply that Facebook’s power over the web is growing. It is increasingly able to impose terms on partners and prone to - at least - overlooking privacy concerns.
With the wheels of regulation typically too slow to keep up with fleet-footed technology giants, the concerned consumer’s best ally may be competition.
Google emphasised the privacy-friendly features of its social network, Google+, when it launched this summer. A Facebook alliance with Apple collapsed last year after the iPhone maker found the terms too “onerous”. It is now preparing a new version of iOS with closer ties to Twitter.
But the kind of power wielded by Facebook over the web comes from the scale of it’s the data it holds on users. To compete, the other giants of technology will surely strive to replicate that.