The ubiquitous blue “Like” or “Share” buttons that you see all over the Internet are hiding an ugly secret. Starting this month, Facebook will use them to track your visit to every Web page that displays the buttons–even if you don’t click on anything.
Facebook will use the data it collects to build a dossier of your browsing habits, logging every site you visit, so it can learn those last few details about your life that it doesn’t already know. And there’s nothing you can do about it, short of staying totally logged out of the social media site or tracking down and installing a special browser extension to protect from this kind of sneaky behavior.
Who wants to bother? It’s creepy, but maybe you don’t care enough about a faceless corporation’s data mining to go out of your way to protect your privacy, and anyway you don’t have anything to hide. Facebook counts on that; its business model depends on our collective confusion and apathy about privacy.
That’s wrong, as a matter of both ethics and law.
Facebook’s response to criticism of its new tracking has been to claim that it’s not a violation because the company allows users to opt out of the program. But that excuse — and others like it across the industry — is disingenuous and fundamentally unfair in two important ways.
First, when users opt out, Facebook doesn’t actually stop tracking their browsing habits. It merely stops showing the user so-called “interest-based” ads. So Facebook doesn’t allow us to opt out of being tracked all over the Internet at all; it merely allows us to hide that fact from ourselves.
Second and more importantly, the tracking violates consumers’ expectations. The Federal Trade Commission’s long-standing Fair Information Practice Principles begin with the concepts of notice and choice. When we click a “Like” button, we expect Facebook to take note. But when we visit a website and don’t click the button, we’re given no indication whatsoever that Facebook is still keeping track of that visit, much less given the ability to control what Facebook does with that information.
Facebook is hardly the only offender. Google and its manufacturing partners have been shipping millions of Chromebook computers to schools around the country with “Chrome Sync” enabled by default. That feature sends the students’ entire browsing trail to Google and links the data collected to the students’ accounts — which often include names and dates of birth.
Google notes that the tracking behavior can be turned off by the student or even at a district level, but it’s not at all clear how many Chromebook users know that.
Examples like these show how it’s incredibly difficult for even the most concerned consumers to figure out who’s collecting data about them, much less exercise any control over what companies do with that data. Don’t even try asking them what they do with the information they’re gathering about us: Other than using it for some advertising, they won’t say.
Even privacy-conscious users can feel like they have only one real choice: apathy, which companies then use as an excuse to further escalate and obscure their tracking behavior.
Companies across the tech industry claim that they honor our privacy and endeavor to treat users with respect. So if a new feature, system or app will impact users’ privacy, just ask the users for their permission first. Anything less demonstrates a total lack of commitment to users and is fundamentally unfair.
If a business model depends on deception and apathy, it deserves to fail.
Nate Cardozo is a staff attorney at the Electronic Frontier Foundation. He wrote this for this newspaper.