Facebook Patents Big Brother – by “Charlie C”

October 18, 2011 ~ bradevanrosen ~ 1 Comment

Ahhh, a symbol of progress: The Facebook Like Button. Residing on almost every legitimate page on the internet these days, it enables socially hyperactive users to let the world know that they “Like” the page they are currently visiting. The button above, for instance, could enable you to like YaleBluebook, a new course information system my suitemate and I designed for students at Yale. But that’s not all this nifty little button can do, it also let’s Facebook know that you are currently viewing a blog post on the Yale Law & Technology class blog.

On a large scale, the question we have to ask ourselves is: Do we have the right to privacy on the internet? The current cultural movement seems to answer with a resounding “yes.” All major browsers have recently implemented a private browsing mode which allows people to view sites without having any of their activity stored locally. This is the “Incognito” or private browsing window you probably use while perusing porn. However, this only protects your local computer. The servers hosting these websites still store information about your visit, with potentially personally identifiable information (IP Address). A recent movement by the Mozilla foundation has tried to standardize the use of the “Do-Not-Track” signal, which is a message that could be sent by your browser to websites, asking the websites not to record any information about your visit. However, there’s no way to enforce such an option, and no incentive for the website to do so.

The issues of privacy and anonymity seem to have become more intertwined recently. The only way of ensuring that my personal information isn’t being mis-used is to make sure that they don’t have any of personal information. Yet there are many positive reasons for websites to track IP addresses, so it seems the only logical course is to focus on privacy and when recording personal information on our net activity goes too far.

So why would Facebook care about this little blog though? Good question! Turns out behind the scenes Facebook has been working to create ~~Google AdSense~~ a nifty social advertising program. Unfortunately, the Pacific Ocean sized amount of data they have on you right now isn’t enough to compete with Google. So they figured, why not collect data on you about every site you visit? This recent patent is the key to unraveling Facebooks creepily invasive monetization scheme. In this post I plan to look at a few key points of the new patent.

I'll just stop paying for my Facebook subscription then...oh...wait...

What it Does

In case you still haven’t opened up the actual patent, here is the abstract:

In one embodiment, a method is described for tracking information about the activities of users of a social networking system while on another domain…The method additionally includes receiving one or more communications from a third-party website having a different domain than the social network system, each message communicating an action taken by a user of the social networking system on the third-party website. The method additionally includes logging the actions taken on the third-party website in the social networking system, each logged action including information about the action. The method further includes correlating the logged actions with one or more advertisements presented to the one or more users on the third-party website as well as correlating the logged actions with a user of the social networking system.

There’s three main components this patent describes, they are, in order of ascending bothersome-ness:

The ability to transmit information back to Facebook from a website that is not facebook
The ability to log actions you take on that non-facebook site and send those actions back to facebook
The ability to use that data to display ads to you and your friends, on facebook and on third party sites.

Putting those three components together, we come up with some exciting scenarios:

Vibrator Storefront with friends who have bought this — The not so distant future...

Now you might think to yourself, “I’ve seen things like that already” (the friend recommendations I mean), but this ain’t your standard friend recommendation system, there are a few key passages in the patent I want to highlight.

In particular embodiments, the social network system receives messages from these third-party websites that communicate the actions taken by users while in the third-party websites.

Ever wonder why your Facebook ads always tend towards singles dating sites, ben and jerry’s, and Notebook Blu-Ray ads? (Or is that just me…?) Turns out that Facebook plans on mixing various data sources to decide which ads to show you. Right now, this is restricted to data facebook has access to such as your relationship status, favorite movies, political interests, etc. But in the near future, partner websites will be able to send data back to facebook with information about which ads were shown to you and which you clicked on, in addition they might send information about which products you bought from the partner site. This serves the two-fold purpose of telling Facebook how effective their advertising was (did you buy the yoga pants after you were shown the yoga ad yesterday?) and also telling facebook your interests (I see you could use a Yoga ball to go with those pants).

And for the majority of the patent, Facebook talks about wanting to know what ads you’ve seen, clicked on, and actually purchased the product from. However, if you wade through the million times they say “In particular embodiments”, you come across:

Another example illustrating real-world actions that may be tracked involves what program material the user is accessing on a television system. A television and/or set-top receiver may…transmit a message indicating that a user is viewing (or recording) a particular program on a particular channel at a particular time.

Wait, I’ve totally seen this somewhere before…

Big Brother is Watching — Oh, I guess that was more of content generation...

That’s right. There is apparently no limit to the amount of data facebook is willing to know about you. They want to know what events you attend, what credit card purchases you make, what stores you enter, classes you take…everything. Facebook wants to know every detail of your digital life.

So the real question is, what do they plan to do with all this data? Well currently it looks like they plan to use it to inform advertising not only on their site, but on other sites. I’ve already shown an example of how it might be used on other sites (OhMiBod). In addition, they might show more traditional Google AdSense ads (profit sharing with publishers). The secret sauce is in how the ads are selected and displayed. It seems they will use some combination of your profile, friends profiles, your browsing history and your friends browsing histories. Ads will be inherently social, letting you know that n of your friends recently purchased a product, or are attending a promoted event, or simply liked an emerging brand. The transition to this new system will actually be transparent to users:

Coincidence? I think not. For instance, Facebook can correlate the fact that you were recently on the McDonald’s homepage with the fact that 6 of your friends like McDonalds, AND the fact that Johnny Rocket likes him some BigMacs (ironic isn’t it?), throw it all into a magic algorithm and come up with the brillant idea to show you some McDonalds ads. While this might normally appear on your newsfeed, it just so happens that McDonalds has paid to have this “news article” appear more readily (the barrier number of friends before it’s shown might be lower). From the patent:

One benefit of mixing the newsfeed stories and the social ads in a single list presented to a user is that there may be little or no differentiation between advertising and general information that a user would want to know. Users visit social network systems to keep up to date on what their friends are doing, and the social ad can be as useful to the user as any other newsfeed story. Because the social ads and newsfeed stories may all be taken from the action log it may be impossible for a user to determine whether an entry in the user’s newsfeed is a newsfeed story or a social ad. In fact, the content of a social ad could actually show up as an organic, unpaid newsfeed story in other contexts.

And therein lies the beauty of this whole thing. You’ll never even know. They will take your browsing history, your friends information, and your relationship status and a whole lot of advertisers money, but to you it’ll just look like another average news feed story.

What it doesn’t do (or rather doesn’t claim to):

There was recently an uproar that this patent would allow Facebook to track all users, not just logged in Facebook users. This came to a climax when it was discovered that the Facebook user id was being stored on users’ computers even after logout. Last week though Facebook patched this “bug” and defended its position that the patent is not designed to track logged out users.

I have two fundamental points to make on this issue.

1. As an experiment, go to this page. Did it ask you to login? Chances are that if you’re reading a blog post such as this one, you were already logged into facebook. So it doesn’t really matter that it only tracks logged in users, since who actually logs out?

Facebook Splash Page — Unless your page looks like this, they got you. Well they probably did anyways...

2. Although this patent doesn’t specifically mention tracking logged out users, it never explicitly denies that possibility. In fact, in the very paragraph Facebook refers to when defending its position, the text states:

By using this technique, the third party website and the social network system can communicate about the user without sharing any of the user’s personal information and without requiring the user to log into the social network system.

To me, this text reads quite the opposite way. It seems that although Facebook isn’t sending data about a specific user…it could still send data about the users events. From a technological standpoint, this information could be saved in a cookie on the users computer which could then be transmitted when a user logged into Facebook. Put differently, even though you’re logged out of Facebook, if they can make a reasonable inference about which Facebook user was using the computer when it was logged out, they might just queue that data and associate it with you when you log back in.

The Good News

I realize this post sounds somewhat alarmist, but the fact of the matter is if they patented it, they probably intend to use it. This is actually a brilliant idea which will undoubtedly immediately bring them into contention with Google AdSense. Right now, they claim to not be using this technology and they have stated that if it does become used it will of course be subject to their industry difficult opt-out program. I can’t help but wonder where it will end. Once this infrastructure is in place, it’s just a small side-step for them to track everyone.

We should be aware of our rights as internet users. I don’t think we’ll ever be able to change the internet culture to the point where Facebook doesn’t track our actions on its site, but I certainly think we should have the expectation of privacy (from Facebook and really anyone else) on third-party sites. When we view websites, that should be a privileged relationship between the viewer and the site. That site should be able to track our movements for it’s own reporting purposes, and maybe even to provide aggregated data to other parties, but it should not be able to sell tracking data alongside personal data (I.E. cannot say IP Address 123.45.67.89 visited A, B, and C). It should be made much clearer what companies are doing with the data they collect on us, and we need to ability to opt out. I don’t think the way the internet works currently supports this, but hopefully through cultural, technological, or regulatory changes we can work towards a more data-safe internet in the future.

The FCC needs to step up it’s game and require more clear communication when user data is being collected and sold to third-parties. Facebook is starting to move into shady territory. It seems that neither the person publishing the like button, nor the consumer clicking on it understand exactly what is going on behind the scenes. No more legalese, implicit privacy agreements. I want a big fat popup, with clear instructions on how to keep myself hidden.

It's more of an opt-in box when you think about it

For now, hope for the best and be aware of your facebook privacy panel. Make sure you opt out of as much as possible! And please be sure to start an uproar if this Apple patent ever becomes used. Remember, just because it’s patented doesn’t mean it’s legal.

Unsell Yourself — A Protest Model Against Facebook – by “Max C.”

May 10, 2011 ~ bradevanrosen ~ Leave a comment

Facebook’s a monopoly that abuses its users: you and me. But we’re left without a way to retaliate. I propose a way to contaminate their database with false information, limiting the usefulness and resale value of our own information, while maintaining as much Facebook usefulness for the rest of us. It’s called Unsell Yourself, and I’d be honored if you’d give it a read.

[Edit: Reposted from my own blog in full, but formatting/CSS is better on my blog]

This is the story of how Facebook uses the information you put into it against you, and how you can unsell yourself. I believe Facebook is an exciting product and I hope that the company succeeds. But I also think Facebook’s monopoly has permitted them a business model which is bad for its users.

Not all stories of businesses harming their consumers begin with a man in a top hat, but it sure makes it easier to. Is Facebook a monopoly? Here’s a graph of Facebook’s web market share compared to hi5, friendster, orkut, linkedin, plaxo, & ning as assembled by Bill Tancer in 2007.

Since 2007, network effects have pushed Facebook into an even more dominant position. Facebook now claims that they have

More than 500 million active users
50% of our active users log on to Facebook in any given day
Average user has 130 friends
People spend over 700 billion minutes per month on Facebook

Alexa.com names Facebook the #2 top site in the world, with 42% of the world’s entire Internet population having visited Facebook. The next social network doesn’t come up until #17: LinkedIn, with a meager 4% of the world’s Internet population.

Here at Yale, in a recent poll of people connected with the class Control, Privacy and Technology (tech savvy 18–22 yr olds, generally), 98.9% of the respondents had a Facebook.

Obvious truth number one: Facebook is the most dominant social network. Facebook alone is in exclusive possession of 500 million people’s communications, demographic data, location, and social habits. Since I’m not even close to being familiar with the nuance of antitrust law, I’ll leave that speculation to other people, noting only that Wikipedia says that the Sherman Antitrust Act doesn’t forbid innocent monopolies, but only those who achieve their monopoly through misconduct.

How Facebook’s Monopoly Harms Users

You might be asking (reasonably), “So what, who cares?” that Facebook is a monopoly. But Facebook’s definitely not been perfect, and their monopoly has permitted them some egregious abuses of their users that a competitive environment would not have permitted. As many Internet-based businesses know, it’s very very dangerous to abuse your users: they’re fickle, and can change services easily by merely navigating to their browser bar. Just look at Digg versus Reddit. So why hasn’t Facebook suffered user base drops when they rolled-out despised changes, like a redesign (the irony of linking Gawker isn’t missed), less default privacy, or ever more tailored behavioral ads. (Full disclosure: I recently got a Facebook behavioral ad for “bedwetting”. Not really sure what I’m doing to signal that one.)

Recently, even spookier things have surfaced. Julian Assange noted that Facebook is an FBI agent’s wet dream:

Facebook in particular is the most appalling spying machine that has ever been invented. Here we have the worlds most comprehensive database about people, their relationships, their names, their addresses, their locations, their communications with each other, their relatives… all accessible to US Intelligence… [Yahoo, Google and Facebook] have built in interfaces for US Intelligence. It’s not a matter of serving a subpoena.

Facebook users should get a Miranda warning:

And Mark Zuckerberg likes looking at more than merely the data you post. By reading between the lines, he’s worked out an algorithm with 33% success rate for predicting who you’ll date next.

Why Users Don’t Quit

I don’t quit Facebook because Facebook is a valuable network, one that can’t be easily replaced. That’s the natural strength of a monopoly combined with Metcalfe’s network benefits, the nature of walled garden web platforms, and their inability to control and remove their own data from Facebook. Walled garden web platforms like Facebook with embedded APIs and developers, along with Facebook-specific applications mean that users can’t easily replace or extract what could be valuable data to them. In other words, quitting Facebook means quitting Farmville and all the other applications you use. As more and more websites use Facebook as the only login system (for the best example, see Canv.as), the web platform expands its power. These kinds of platforms also lead to a new, special kind of hurt of users: the AOL effect. Users’ lack of control over their Facebook data also makes it impossible to quit the platform. Not only is it truly impossible to delete messages (the delete button merely obscures them from user view, but enables them to be re-discovered via Facebook’s “Download Profile” tool and of course they remain on Facebook’s servers for subpoena or hackers and Facebook themselves, but it’s also impossible to pull Facebook contact information out of the roach motel. Even Google has lashed out against Facebook, criticizing Facebook’s design choice that makes users’ unable to export their data back out.

How Users Can Strike Back

Not a single user pays to use Facebook, and yet the company is valued at $50 billion dollars. Not bad: that means that of their users is worth $100, by my math! Which is to say that investors believe that your information, your time on the site, and your clicking is worth $100 to Facebook. To encourage a more competitive marketplace and discourage Facebook from abusing its users, there’s an easy way to reduce your value to Facebook while simultaneously reducing your legal vulnerability and privacy problems, without quitting Facebook, or even losing a valuable component of Facebook’s services!.

You keep all of your Facebook contacts, the ability to message or chat or use your wall and apps— but behavioral advertising, Facebook’s bread and butter dollar revenues and the short term thing that keeps them Wall Street’s darling— you can kill all of that just by adding a “Teen Vogue” to your interests. Or Teletubbies. Or Tiffany’s.

Here’s my current profile:

The trick is to populate your Facebook with just enough lies as to destroy the value and compromise Facebook’s ability to sell you. Collectively, users could use misinformation with “features” that they don’t like being used against them in order to guide Facebook’s future. (This is already done by FB’s user base with new some new features: Facebook places seems to effectively have been a flop. Among my 1000+ Facebook friends, only one person uses it.)

How Google is Different from Facebook

I’m wary of Google, but for now will say it’s not worth populating their data with false information yet, and not just because it’s harder. This stems from three major differences between Facebook and Google:
1. Long term monetization strategy
2. Competitors
3. Data Freedom

I don’t see Google’s long term monetization strategy being pimping your data out to the highest advertising bidder. That might be how you build a $50 billion dollar company, but it’s not a way to build a lasting $200 billion dollar company. Instead, I think they’re collecting data to get into a product development business via big data and simple algorithms.

Nor is Google’s monopoly even close to as complete as Facebook’s dominance. Bing apparently now has 29% of the search market, and Baidu won’t let up the Chinese market easily. There are innumerable competitors to Gmail, and they all have heavy user bases. Online documents is an area Microsoft won’t cede easily, since it’s one of their core products and one of their two sources of profit (Office). Mobile phones are obviously an extremely competitive arena, with RIM, Apple, Microsoft, and HP all fighting for OS market share in smartphones. And even in Google’s stronghold of display ads, Apple’s attacking (though the success of iAds remains to be seen).

Perhaps most important is that Google’s exportability of your data remains high. You aren’t locked in or integrated in the same way that Facebook joins all of your data to a persistent single identity, users can download calendars and quit Google Calendar or extract contacts onto a new framework. The integration also doesn’t lock users into Google: you can continue to use Google Docs even if you discontinue Gmail use.

Conclusion

Ultimately, I see inputting false data into Facebook’s “likes” pages a form of sit-in, a kind of CAPTCHA to prevent a Facebook data mining bot to freely pillage and extrapolate results from the data you put in to Facebook. It’s a good response in a scenario like today, where Facebook has a monopoly that almost everyone has to jump in on anyway, no matter how much they might be reluctant to. Hopefully though, the longer term solution is for a real competitor to emerge, offering users the things that they want, and the ability to migrate effortlessly from Facebook without paying Metcalfe’s prices. In the meantime, protect yourself and express a bit of discontent: unsell yourself from Facebook.