Tag Archives: google buzz

‘Like’ and ‘tweet’ buttons – what news sites need to know about dropped cookies

What is not to like about the buttons that drive traffic to your site from Facebook and Twitter? Quite a lot if you consider a study commissioned by the Wall Street Journal published in May.

‘Like’ and ‘tweet’ widgets, which appear on one third of the world’s 1,000 most-visited websites, enable Facebook and Twitter to track and follow the sites a user visits by dropping cookies – small text files placed on a user’s computer.

New EU cookie law, which came into force in the UK on 26 May, requires websites to confirm they accept cookies before they can be dropped. So what is the legal position of websites that use ‘tweet’ and ‘like’ buttons, how should they act responsibly and can anything be done to stop this happening?

How Facebook and Twitter ‘follow’ your readers

The WSJ article explains how the ‘tweet’ and ‘like’ buttons on your site track readers:

For this to work, a person only needs to have logged into Facebook or Twitter once in the past month. The sites will continue to collect browsing data, even if the person closes their browser or turns off their computers, until that person explicitly logs out of their Facebook or Twitter accounts, the study found.

Kennish’s study examined more than 200,000 web pages on the top 1,000 sites. He found Facebook obtained browsing data from 331 sites, and Google obtained data from 250 sites, some of it from its Buzz widget. Twitter got browsing information from about 200 sites.

This all may sound a little ‘big brother’ to some Facebook and Twitter users but cookies are dropped by almost every website you visit and collect all sorts of data. One of the major uses of cookies by news sites is to gather audience data and display targeted advertising. They can also be dropped by any third-party with links on your site, such as Facebook and Twitter buttons.

So what can news sites do to prevent their readers being tracked by Facebook and Twitter?

Nothing, according to Julian Evans, an information security expert with his own blog on online security, who said all ‘tweet’ and ‘like’ buttons, even if they are made by third-parties, drop cookies.

The legal position of ‘tweet’, ‘like’ and cookies

However, websites are not liable for cookies dropped by third-parties, such as Facebook’s ‘like’, Twitter’s ‘tweet’ or other buttons and links on your site, according to the Information Commissioner’s Office, an independent public body which polices the new EU cookie law and can fine websites up to £500,000 for non-compliance.

Katherine Vander from the ICO told Journalism.co.uk that websites must, during the next few months, concentrate on getting their houses in order to make sure they comply with the new EU directive that came into force in the UK on 26 May which states users have to confirm they accept cookies before a website can drop them. Before that date internet users merely had to opt out of receiving cookies if they did not want their data collected.

What should sites do to act responsibly?

Although there is no legal requirement for news sites to get readers to opt in to agree to allowing Facebook and Twitter to drop cookies and track their reading habits, the ICO is encouraging news sites to act responsibly and inform readers what is going on.

“If you’re encouraging people to come to your site to use those facilities and you’re making a deliberate link there – which obviously [sites which have ‘tweet’ and ‘like’ buttons] are – you may well feel some sense of responsibility in terms of, at the very least, providing people with information about what might result in that happening,” Vander told Journalism.co.uk. She also asked news sites to keep up-to-date with Facebook and Twitter’s privacy policies.

She suggests sites which want to be really responsible should “put a note next to the link” to tell readers this button drops cookies.

That may not sound like an attractive solution to many as it may scare or confuse readers, many of whom think a cookie is just something to dunk in a cup of tea.

“Consumers don’t understand what cookies are. People don’t want to know what [a cookie] does, they just want to know it’s safe and their privacy is safe online,” security expert Julian Evans said.

He also pointed out that news sites should remember users willingly share their own information through login authentication sites like Facebook and Twitter.

What users can do to prevent cookies

  1. Log out of social networks when you are not using them. Use a separate browser to log on to Facebook and Twitter;
  2. Amend your browser’s privacy settings (preferences > privacy);
  3. Clear out your cookies;
  4. Clear out your ‘evercookies’, a persistent JavaScript API, which you can learn how to get rid of here;
  5. Use a service like Disconnect;
  6. Security expert Julian Evans, who runs ID-Theft Protect, recommends Firefox users install No Script, a script blocker that shows where your data is going.

Will Google use email contact lists to build a new social network?

Rumours of Google’s new social network are flying this week. The BNET Technology blog has some thoughtful speculation about its form here.

What will it look like? What elements of existing Google products will it incorporate? And how much control will users have over their profile information and data?

But what’s of interest to me was captured in a tweet by Adam Ostrow, editor-in-chief at Mashable – journalists and anyone interested in protecting email contacts data should take note:

Google’s supposed new social network will be doomed unless they start over from scratch on the contact/friends list.

Another Twitter user, Marshall Haas (@marshallhaas), asked him why it was a problem; Ostrow answered:

“Same problem as Buzz … Gmail’s contact list isn’t an accurate definition of who my ‘friends’ are. At all.”

He’s talking about automated ‘friend’-making systems, in which Gmail contacts (i.e. email address book data) are automatically connected to you in a new system – as originally happened with Google Buzz.

Many users were not happy to see private email connections made public via Buzz; an issue Google quickly addressed. When developing its new connection tools for the new social network, Google would do well to remember the furore it faced over auto-friending in Buzz.

On a related topic, a few months ago Journalism.co.uk examined the practice of address book importing, in which social networks use members’ email address books to make connections between users and issue invitations.

As we reported, tools used by social networks to harvest new members can threaten the privacy of confidential sources and put journalists’ careers in jeopardy.

We tested out various services we showed that by using someone’s email address book data, a social network can link users publicly, risking source exposure.

Facebook, the social network on which we focused most of our attention, concerned us with its use of users’ data and descriptions of systems were muddled. We called on Facebook to make their systems clearer.

Facebook’s European policy director Richard Allan later told us: “[I]f somebody were a journalist with a professional [contacts] list, it would make sense for them clearly not to use any of these address book importers at all”.

In subsequent email correspondence with Facebook’s public relations team, I was told that for some users (who wish to import an email address list, but not reveal certain contacts): “… it may be better to upload your contacts from an Excel sheet or similar so you can remove ones you don’t wish to upload”.

While concerned about Facebook’s unclear and potentially misleading settings around address book importing and recommendations, we were impressed by the effort they made to answer our enquiries and we’ll be watching to see how they develop their systems.

Interestingly, this week I received this message from Twitter, in my inbox:

XXX knows your email address: YYY@googlemail.com. But Twitter can’t suggest you to users like XXX because your account (@YYY) isn’t configured to let users find you if they know your email address.

It then provided a helpful button to allow me to: “Review & confirm your settings”.

To explain: a friend (XXX) has shared her address book and Twitter has matched my email address to an unused Twitter account I hold (@YYY). I am then given the option to connect with this person, or open up my account to email address matching. i.e. I have to opt *in* to her sharing of email address book data.

It’s curious because in the past, I’ve received follows from people in my email address book to this same Twitter account – an account, I should add, that’s not in my name. I’m surprised therefore they found it without importing their email addresses, but I don’t know this for certain. With only four followers to this account, it seems unlikely two of them should be in my address book!

Anyway, in my case, it wasn’t important whether they followed me via this unused account or not, but anonymous bloggers out there (public service workers or political dissidents for example) should be careful to *never* use their real email addresses when registering social network accounts. Even if the account is in a different name, and the email address is private, the connection can still be made.

For a journalist, Twitter’s new alert system is good news. Twitter may not have answered any of Journalism.co.uk’s numerous enquiries about its address book importing methods, but at least it is developing techniques to allow users to make informed choices about who and how they connect with contacts with whom they have exchanged emails.

Has Twitter changed its ABI system? Did it read Journalism.co.uk’s initial enquiries outlining our concerns? I’ve sent the press people a line, but I’m not holding my breath.

I also contacted Google to ask about the rumoured network and whether Gmail address book data will be used for building membership. The spokesperson’s comment? Simply: “We do not comment on rumour or speculation”.

BusinessWeek: Google sued over Buzz privacy issues

Google has been sued in the US, over claims that its Buzz social media service “violated” Gmail users’ privacy rights, Bloomberg’s BusinessWeek reports.

Buzz, introduced by Mountain View, California-based Google in February, automatically displayed to other users the customer’s contacts pulled from Google Gmail e-mail accounts. Google has said it modified the service after customers complained.

Full story at this link…

Have you been affected by social media privacy settings? Please get in touch with judith [at] journalism.co.uk to share your experiences.

Google’s head of public policy: ‘We live or die by the trust our users have in our services’

Google’s head of public policy and government relations pushed the ‘don’t be evil’ line at last night’s Amnesty International social media event, with emphasis on user power and responsible company behaviour.

“We live or die by the trust our users have in our services,” Susan Pointer told the audience of human rights, technology and media workers gathered to discuss the positive and negative uses of technology for democracy.

Also speaking were the Guardian’s digital media research editor, Kevin Anderson; Annabelle Sreberny, professor of global media and communication at SOAS; and author and blogger Andrew Keen: who spoke from the US via an iPhone held up to the mic by the event chair, BBC technology correspondent Rory Cellan-Jones.

“[A] very important thing to understand about the way our business operates is that our users choose to use it,”  Pointer later told Journalism.co.uk.

“We don’t have a contract with our users that ties them into our services. They haven’t invested a lot of money in our software packages.

“The way we keep our users is by continuing to provide good, leading edge innovative services: they’re free at the click of a mouse to choose an alternative to Google.”

Providing valuable services for users keeps the search giant – which owns YouTube as well as running a host of other products – on its toes, she said.

Improving the transparency of the recently launched social media application Google Buzz was one such reaction to user complaints, she added.

When the company realised improvements could be made, they were implemented, she said: “that’s something we did within hours and not days.”

While Pointer argued that no user information was ever revealed before an individual went through the Buzz set-up process, she said it had been necessary to make changes to the visibility of the user controls.

The addition of Buzz to the Google Dashboard allowed even greater user control over settings, she argued.

On Google’s approach to China she would not be drawn beyond the company’s most recent blog post, which explained its decision to stop censoring the Chinese language Google search service: “We no longer felt comfortable self-censoring results on Google.cn.”

The company is currently “discussing the possibility of continuing the Google.cn service without such censorship”.

“We’re not going to give a running commentary on where discussions are, but we want those discussions to be in good faith.”

Listen to Pointer talking to the Amnesty UK audience via AudioBoo:

On China:

On privacy, Google Buzz and customising advertising:

Buzz links for journalists

We’ll be back with a fuller report on Buzz for journalists once we’ve played with it a bit more and had some of our questions answered by Google. In the meantime, here’s a small selection of the good and not-so good buzz around Google’s latest launch.

[You can follow Journalism.co.uk on Buzz here: http://www.google.com/profiles/journalism.co.uk]

On the positive side:

And on the negative: