How does Facebook Beacon [Technically] Work?
Thursday, November 22nd, 2007There has been so much whining recently about Facebook Beacon invading everyone’s privacy that I would like to pose this open question to the world: How does Facebook Beacon technically work?
Yes, yes. I know that Beacon is supposed to steal your information from non-Facebook websites and broadcast it to your friends via the Facebook news feed. But how does it actually do this?
Facebook’s own page about Beacon is very vague about how it works—just some of techno-/pr-jargon boasting how cool it is. A Google search for “facebook beacon” is not much more help…mostly just links to the people complaining about Beacon invading their privacy and articles regurgitating the complaints. Others, such as Om Malik, have also tried to get more information about Beacon, but with little more than a hyped response from Facebook.
After some digging, I was able to find MoveOn.org’s “demo” of how Facebook Beacon works. This so-called demo is a low-tech slide show moving at a speed almost as fast as Beacon’s notification reportedly disappears. Essentially, it was a “chain of events” presentation with some commentary and some missing links (and not much technical information). Dave McClure’s walk-through of Beacon was more useful, providing not only clear screenshots but also (gasp!) links to how people can change their privacy settings. However, it still did not provide any information to remove the smoke and mirrors of Beacon.
Although I’m very concerned about my privacy being breached, I also like to know the facts (or at least try something for myself) before I start waging war. Trying Beacon for myself was, surprisingly, as daunting as trying to find some information online about its inner workings.
After repeated attempts, I couldn’t get Facebook Beacon to invade my privacy.
After reading a few articles and press releases, I chose my targets: eBay, Amazon and Livejournal. These are all companies with which I have accounts, but I worried a bit because I use different email addresses on all of them (and Facebook) to reduce the chance of the accounts all being compromised. I assumed, from what I know about website and computer settings, that a common email address for all accounts could be a possible way for the accounts to be linked due to the information stored on cookies (I was neither able to prove or disprove this assumption).
I started with Livejournal, because it was the only site which had any help documentation on Beacon. It even uses an opt-in option for users to activate the service (kudos to LJ!). After several attempts (including: different login chronology for Facebook and Livejournal; using and not using the Facebook Toolbar; and even changing my Livejournal email address to match the one used for Facebook) I was unable to trigger a news event to my Facebook page. I tried this in Firefox in Linux, and both Firefox and IE in Windows—nada.
Frazzled, I tried adding an item to my Amazon wish list and watching an item on eBay…still nothing in Firefox or IE. Of course, I could have purchased something from Amazon or eBay to really test it but, as curious as I am, I refused to purposely spend money to possibly have my privacy invaded.
So, for now, I am not only unable to determine how Beacon works, but I’m unable to get the damned thing to work!
