Does Facebook respect your privacy?

I've been using Facebook for a couple of months, and I've generally found it a pretty useful site. I'd say I had pretty positive feelings toward the site . . . until now. Now, I'm reconsidering whether I should ever log in to that site again. Why? Because Facebook's Beacon ad system may be telling them a lot about my online browsing habits, whether I'm logged in to their site or not:

If you think that just because you have never signed up for Facebook you're immune to the tracking and collecting of user activities surrounding the popular social networking site, think again.

Facebook's controversial Beacon ad system tracks the activities of all users of its third-party partner sites, including people who have never signed up with Facebook or who have deactivated their accounts, CA (Computer Associates) has found.

Beacon captures detailed data on what users do on the external partner sites and sends it back to Facebook along with users' IP addresses, Stefan Berteau, senior research engineer at CA's Threat Research Group, said today in an interview.

This happens even if users delete the Facebook cookie. "The Facebook JavaScript [code] is still called by the affiliate site, and the information is passed in," he says. In the case of users without accounts or with deactivated accounts, the data isn't tied to a Facebook ID, he says.

The CA Security Advisor Research Blog offers the following advice:

For me, the Ad system is a real privacy concern. It connects my online actions to my Facebook account — collecting and aggregating an even broader array of data in one database. Yikes. Once I found out about this ad system and realized I didn't like it, I looked at my options.

Here are some of them:

1. Cancel my Facebook account.

2. Continually opt-out of News Feed from external sites.

3. Do nothing.

4. Block facebook.com/beacon*, hence block data transmission.

5. Petition Beacon partner sites.

Option 1. This isn't a good option for me at this time. I use Facebook to connect with people and have invested time and other resources building my Facebook presence. Quitting is not as easy as simply going into my account settings and selecting 'deactivate.' In the field of economics the term "elasticity of demand" is used to describe consumer receptivity to changes in price (e.g.: if the price goes up will they still buy?). I think I will create a new term "retractability of investment". In other words, I invested emotion, time, and other resources in Facebook — what would it take for me to retract my investment by deactivating my account? As of now, my investment is too high and I don't consider retraction a viable option, but if the privacy violations continue, my internal scale may tip.

If you use Firefox, you can follow CA's advice for blocking that particular site from receiving information from your browser (but only if Facebook doesn't change the site or add others to it):

Option 4 is the only option I can think of that allows me to use Facebook, but control my privacy. As long as facebook.com/beacon is the folder used for external sites to send requests, this option will work. You will need a tool for blocking access to this folder. I tried out Firefox's BlockSite Plugin and it works great (if you use Firefox). Just download the plugin and add http://www.facebook.com/beacon/* and facebook.com/beacon/* under 'options' to the 'add' section and restart your browser. Note: Adding facebook.com/beacon to Internet Explorer's restricted sites, is not an option, this will block the entire domain (facebook.com). Also, the hosts file is not an option for the same reason.

I just followed their advice, downloaded BlockSite, and added those two sites to the blocking list. If you're not using Firefox, you may have to consider another solution, though. More information on this issue here.