In Privacy versus cross-context aggregation, Wendy Seltzer points to stories by David Weinberger and Ethan Zuckerman about facebook’s latest marketing coup: When facebook users go shopping online (e.g., with Blockbuster) then their shopping behavior is pushed to facebook and used for advertising. From Weinberger’s description:
The new ad infrastructure enables Facebook to extend their reach onto other companies’ sites. For example, if you rent a copy of “Biodome” from Blockbuster.com, Blockbuster will look for a Facebook cookie on your computer. If it finds one, it will send a ping to Facebook. The Blockbuster site will pop up a “toast” (= popup) asking if you want to let your friends at Facebook know that you rented “Biodome.” If you say yes, next time you log into Facebook, Facebook will ask you to confirm that you want to let your friends know of your recent rental. If you say yes, that becomes an event that’s propagated in the news feed going to your friends.
submit() forms cross-domain (and xforms have the same feature, but declaratively). And forget forms if events can cause the user’s every keypress and mouse click to trigger an
XMLHttpRequest() object to phone home (soon cross-domain). In today’s environment, the
ping attribute on links almost comes as a relief, as it enables easier spotting of tracking techniques — along with easier tracking. If, as a community, we want to use technical levers to entice Web application providers to behave in a socially transparent and responsible way, then we need to take a comprehensive approach, start to understand what technical control points we still have, and how we can use them.Meanwhile, our best chance to holding sites honest are the kind of public shaming that facebook is experiencing, law enforcement, and regulation (where applicable) — if anybody notices what’s going on, that is.