Arnold Roosendaal LLM MPhil
Arnold is researcher and PhD Candidate at the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University, the Netherlands, and partner at FennellRoosendaal Legal Research and Advice. His expertise lies in the field of privacy and identity related to ICT technologies.
Arnold was so kind to answer the following questions. Take a close look at his recent publication Facebook Tracks and Traces Everyone: Like This!
Please tell us about your perceived connotations arising of f8 conference.
At the f8 conference, Facebook announced the launch of its social plugins. These plugins allow Facebook members to connect web activity to their profile pages. For members this can create a lot of convenience, because it is easier to share interests. Besides, more and more services can be used by signing up via your Facebook account.
What happens if people visit pages with a facebook like button on it?
When a page with a like button is visited, the image of the button is loaded from the Facebook servers. To load this button, an HTTP request is sent to the Facebook servers. This request includes the url of the actually visited web site. If someone has a Facebook cookie on his computer, the cookie is sent along with the request. All Facebook users have such a cookie. People who are not a member often have a cookie as well, since Facebook Connect installs these cookies and there is a big chance of coming along a web site with Facebook Connect implemented. The cookie can be recognized by Facebook and, thus, allows for tracking web users along numerous sites.
What do you think? Why is facebook collecting all the data ? Is Facebook all evil ?
Obviously, Facebook is collecting the data to exploit targeted advertisements. This is also a major source of its revenues. Facebook being all evil is too much, probably. However, I think it is important to stay alert to Facebook’s practices. Facebook is heading towards being an online identity provider by allowing web sites to let visitors login via their Facebook username and password. The more websites implement this functionality, the more dependent web users become of Facebook. Not having an account can result in not being able to access web services. I would not favor that.
Is it all the internet users own fault? Are we facing careless site operators implementing anything facebook provides without knowing exactly what happens?
We are facing site operators and users who do not exactly know what happens. However, I would not call everyone careless. The fast development of technology makes it difficult to understand everything. Besides, when someone is checking out the like button it is not directly clear that it is also used to send cookies. Non-members first have to get a cookie via Facebook Connect, so the process is a little bit indirect and therewith more opaque. Another thing is that lots of technicians and programmers probably know (or can know) what happens, but do not see the implications for privacy and identity.
Who should be responsible of teaching internet users on how to use the internet? Who is to blame for people doing things they do not know anything about?
It is very difficult to say. Teaching how to use the internet requires knowing how it works exactly. So, there are not that many people capable of doing this. Governments often lack the knowledge as well, or have other interests that prevail. Basically, the techniques are developed and exploited by commercial companies. They should take responsibility, but usually they have a business model that depends on the information processing. It is therefore not likely that they will change their practices. However, an interesting approach is to base business models on respecting privacy and advertising with that. The concept of privacy by design is not new and can be helpful in this.
Where can people get reliable and understandable information on privacy issues?
Unfortunately, there seems to be not that much information on privacy issues that is reliable ánd understandable. Lots of academic research offer valuable contributions to understanding privacy and problems arising from the use of digital technologies. This information, however, is often difficult to understand and remains in academic circles. Besides, information is often either legal/sociological or technical. Bridging the gap between these disciplines appears difficult. Fortunately, there are people taking serious attempts to change or at least influence things. An example if the PrimeLife project (www.primelife.eu) which investigates privacy throughout life and builds tools to protect privacy, such as the privacy enhanced social network site Clique.
What about other share buttons? Do they collect data like facebook does?
Obviously, the buttons can be used to set cookies immediately, but not all do. The facebook like button does not issue a cookie itself as described above. The difference between Facebook and other sites that have share buttons is that the others (like Twitter) do not have an additional program like Facebook Connect to issue the cookies. This means that visiting the homepage of these sites is necessary to receive a cookie. However, once there is a cookie, tracking and tracing is common practice. Also noteworthy is that Facebook connects the data to profiles of its members and, thus, has a far more complete picture of its members than the account data only.
Do you know any alternative to the facebook like button?
It depends on how buttons work and whether they are valuable for content providers to implement on their websites. A big step could be made when the button is for instance a jpeg or gif image with a link behind it. The Facebook like button is a piece of HTML content and comes directly from the Facebook servers. If a button is actually a link, the connection is not made when a page is loaded, but only when the link is actually clicked by a visitor. This allows users to choose whether they want to share data on their browsing behavior or not.
Why do most website operators not just change the like-button-provider? Does the herd instinct votes for facebook?
The enormous reach of Facebook is clearly an incentive. Statistics show the impact of the Like button, increasing the numbers of visitors tremendously. For commercial parties this makes the Like button the most interesting one.
Your prediction for April 2011: What does Facebook know about how many people by then?
Facebook has a member base of over 500 million. This number may increase because of the new pressure to create an account instigated by the social plugins. So, for April 2011, Facebook might have about 550 million members of which Facebook has access to their account data and all related info and their web behavior. The Like buttons will cover probably half of the web by then. Next to these 550 million, Facebook will have individual profiles of hundreds of millions of other web users. I guess the amount of users that are not a Facebook member but are followed by Facebook is much larger than the amount of actual Facebook members.
