Quoted by USNews.com about Facebook and Hotwire Privacy

A columnist on the US News & World Report website quotes me in a follow-up article about the less than happy experience I had with Hotwire and Facebook privacy violations.

I’ve seen a lot of bloggers and news articles miss the real point, especially today with Facebook saying they’ll change the Beacon program. My biggest issue was not so much that Facebook made my Hotwire rental visible as part of an opt-out program, it was that Facebook had that information in the first place. What Facebook does or does not do with the data is a separate question from the fact that Hotwire is giving them information about me in the first place without my permission.

As I told Hotwire, I believe that their actions violate their own privacy policy which says

Q: Will my email address or personal info be given to third parties?

A: Absolutely not! All personal information is kept strictly confidential and is only used for making bookings through Hotwire. Only the personal information necessary to complete a transaction is passed on to third parties. For example, the airline carrier issuing the ticket will need your information.

Facebook should not have any information about anything I do with regard to Hotwire. Hotwire did not have my permission to pass that information to Facebook, whether they did it through Javascript, browser cookies, or carrier pigeon. That’s why I will not use Hotwire ever again.

Simon Owens posted some nerdy pickup lines, several of which I’d not heard before. I actually have to stop and think about some of them before they made sense, which could be a great test, no?

  • I’m attracted to you so strongly, scientists will have to develop a fifth fundamental force.
  • I’m a fermata… hold me.
  • Want to meet up so I can excite your natural frequency?

Final email to Hotwire on privacy

Here’s my last email in reply to Hotwire’s canned email response concerning their business relationship with Facebook selling information about my account:

On Monday 26 November 2007, Hotwire Support wrote:
> Facebook Beacon provides advanced privacy controls so Facebook users can
> decide whether to distribute specific actions from participating sites
> with their friends. If you decide to use Facebook Beacon it means you
> have chosen to share your personal online usage information.
>
> If you are logged onto your Facebook and complete a transaction on
> Hotwire, a pop-up window appears on the lower right corner. The pop-up
> presents a story about your booking.
>
> If you do nothing or close the pop-up window, the story appears on your
> friends News Feed and their own Facebook homepage Mini-Feed. If you
> click "No Thanks" the story is not published.

So you assume that I give permission, rather than asking for it? I believe that is in opposition to your privacy policy. I should have to give _explicit_ permission, not just for you to assume that I say yes. I have popups blocked on my browser, so I never saw that popup you mention. Therefore I never had a chance to say “No Thanks”. And I did not have the facebook webpage open at the time that I made the Hotwire reservation.

Does Hotwire use javascript for this popup? I have javascript disabled.

My point is, you should assume answer is “no thanks” unless I indicate otherwise. That’s called “opting-in”. Your current program is called “opting out” meaning I have to go through the work, every single time, of saying “no thanks”.

Is it possible for me to change my setting for all future reservations to “no thanks” ? I never want you giving information to facebook, regardless of what facebook does with it. I never want you giving my information to any other 3rd party. From reading your privacy policy, I thought that was the case, but it’s clearly not. You gave information about my reservation to a 3rd party without my explicit permission.

And for your information, currently, I do not believe that Facebook allows me to globally opt out of their Beacon program. I have to opt out of every single advertiser, individually.

In any case, if I can not trust you to keep my information private, I will not be making reservations with Hotwire in the future. I believe your email makes it clear that your business decisions are not made in favor of your customers.

Will it do any good? Who knows. Maybe if there’s enough hue and outcry.

Look, I’m already 3rd in the results for searching Google for Facebook and Hotwire and 6th for for hotwire privacy.

Hotwire and Facebook invaded my privacy

Last week, I rented a car over the Thanksgiving vacation. I found a pretty good deal on Hotwire and made the reservation online. Imagine my surprise when I happened to login into my account on Facebook today and see a story in my mini-feed mentioning the fact that I rented a car on Hotwire. What a massive invasion of privacy. I did not consent to Hotwire sharing that information with Facebook. I did not consent to Facebook publishing that information.

The Consumerist has a pointed article about it coming right during the Christmas season. As did Binary Freedom.

Ok sure, it’s not that significant that my friends know I rented a car. But imagine, any online purchase that you make can appear publicly to all your friends. What if your boyfriend found out what you got him as a gift? Or everyone finds out which movie you just went to see? This is way over the line.

Initially, it appeared that Facebook would offer a global opt-out option. Techcrunch had screenshots several weeks ago showing the option. But that’s not what Facebook did. Instead, you have to opt-out for ever single retailer! That’s right. This is not opt-in, it’s opt-out.

This is the message I sent to Hotwire using their customer service link:

I reserved a rental car last week for Thanksgiving and got a pretty good deal from Hotwire (the itinerary # is attached). However, I will not be using Hotwire for any future reservations, for cars, flight, or anything else. You gave my private information to a 3rd-party, namely facebook. I did NOT consent to that. The fact that I rented a car from you is a private fact, one that I should not have to tell you to keep private. Instead, you sold that information to Facebook as part of their Beacon program. That was wrong.

I’m sure there are numerous alternate websites available for making travel reservations. Next time, I will use one of them instead of Hotwire because you do not respect your customer’s privacy.

Moveon.org actually started a petition

Moveon.org has also created a protest group, which currently has about 25,000 members. CNN, the NY Times, FOX News and others have written stories about it. It’s not right.

I don’t use Facebook that often. After this, I may not ever use it again.

Update: Looks like someone else had the same issue. I’m on hold with Hotwire customer service on the phone right now. Hotwire’s email reply was rather disingenuous:

I understand your concerns regarding Facebook. While we would like to be
able to offer the most specific informtaion regarding them, Facebook is
and independent service from Hotwire and all inquiries are handled
separately. Please contact a Facebook representative. They will be happy
to address any questions or concerns.

Here’s my reply:

I beg to differ. You have a business relationship with Facebook in that you
exchanged information with them regarding a reservation I made online with
Hotwire. You shared/sold information with them about my account that I did
not consent to your sharing.

Your privacy FAQ says

> Q: Will my email address or personal info be given to third parties?
>
> A: Absolutely not! All personal information is kept strictly confidential
> and is only used for making bookings through Hotwire. Only the personal
> information necessary to complete a transaction is passed on to third
> parties.

You broke that promise.

If you did not send my information to Facebook, then who did? This is part
of their Beacon advertising program, I believe. Does Hotwire not have an
advertising relationship with Facebook in that regard?

Update2: Facebook seems to be giving in a little.

Run or Represent – Political Insanity

Any other job in America, if you had an absentee rate of over 10%, you’d immediately be fired. Seriously, think about that. It means that if you’re working a 5-day week, you just decide not to go to work once every two weeks. Would your boss like that?

  • John McCain has missed 218 votes (53.3%)
  • Joseph Biden has missed 146 votes (35.7%)
  • Christopher Dodd has missed 140 votes (34.2%)
  • Barack Obama has missed 139 votes (34.0%)
  • Sam Brownback has missed 134 votes (32.8%)
  • Duncan Hunter has missed 321 votes (28.8%)
  • Tom Tancredo has missed 311 votes (28.0%)
  • Ron Paul has missed 276 votes (24.8%)
  • Hillary Clinton has missed 76 votes (18.6%)
  • Dennis Kucinich has missed 126 votes (11.3%)

I saw those statistics on the Evangelical Output, which got them from a Washington Post compilation.

And this chart, saying that the so-called “moderator” of the Democratic Debate this week talked more than 5 of the 7 candidates on the stage? That’s just ridiculous.

Bibliographics screen-scraping With Javascript

Alf Eaton just posted a cool article about screen-scraping with Javascript that puts together some building blocks from Zotero, amazon, and others to completely parse and output some bibliographic data.

The point of this is to try and make Javascript scrapers that will run in Firefox (for Zotero), WebKit (for BibDesk and Papers) and Rhino (server-side, for Connotea, CiteULike, Bibsonomy, etc).

Sounds pretty cool. Of course, WebKit is a fork of KHTML, which is what Tellico uses for a HTML viewer. I’ve not doubt I could cobble up something using Alf’s work, similar to the new browser in BibDesk, that might let me browse and pull bibliographic data right into Tellico…

Some New Music

More & More coverInside Out cover

I’ve gotten a couple of new albums in the last few weeks.
More & More
from Biscaye is a really nice worship album. Deeper Still and You Died For Me have some amazing melodies and lyrics, very heartfelt and true. I’ve had this CD playing in my car quite a bit.

On the other hand, I also got Emmy Rossum’s new album, Inside Out, and I tired of it quickly. My sister recommended it, and at first glance, I really liked it. But all the songs run together after a while. They have the same synthesized feel to them, with an ethereal-like resonance, with nothing to make anything of them really stand out. The cover image is rather nice, though, totally a different look than I have for her in my mind after seeing The Phantom of the Opera.

So, the time changed in the US this morning. And I completely forgot. So I could have stayed in bed longer, I suppose, though it’s nice to suddenly discover I have an extra hour this morning.