Is There A Happy Medium Between Opt-In and Opt-Out?
Facebook Beacon: Privacy Disaster or PR Blip
Originally uploaded by davemc500hats.
Watching Facebook struggle with Beacon brings me back to the early days of email marketing when we used to argue about opt-in, opt-out, and double opt-in.
If you automatically enroll a user in an email marketing program and then require them to "opt-out", you build a huge list very quickly and eventually everyone views you as a spammer because very few users actually take the time to figure out how to opt-out. Here’s the traffic to Facebook’s opt-out page before and after Beacon was launched which shows that pretty clearly. Thanks to Dave McClure who posted this.
If you do it the other way, asking people to join the list by checking a box, it takes forever to build a list. And if you go with double opt-in, asking users to confirm that they really do want to get your email, you’ll never build an email business.
So every business wants to be in an opt-out situation but also wants to avoid the spammer problem. It’s not an easy place to get to but it can be done. What I like our companies to do with email is to grab the email address and make the user go to the setting page if they want to opt-out of getting any email.
But I also advise them to send email very infrequently to people on the master list. When they do, they should offer the users the opportunity to opt-in to more frequent emails. And they should offer the users the ability to opt-in to emails on the site every chance they get.
I like to think of this as a happy medium between opt-out and opt-in. Don’t ask people to opt-out, but treat them as close as possible to opt-out until they actually opt-in.
How can this technique be applied to web-based profiling systems like Beacon? Not easily. I learned a lot about this while we were investors in TACODA, which is now owned by AOL. I feel very strongly that profiling people so that you can give them better and more relevant advertising is a good thing. I’ve written about that at length on this blog on many occasions. But I also think the users should know that’s happening and should be given an easy way to opt out.
When it’s an ad banner that is being served to you based on your clickstream data, its one thing. But when the fact that you bought a gift for your girlfriend is shown to your girlfriend on Facebook, it’s another. So Beacon needs an even more granular opt-out mechanism. Ideally one that happens each and every time you do something that is going to be tracked.
Mark Zuckerberg talks about this challenge in his post yesterday:
But we missed the right balance. At first we tried to make it very
lightweight so people wouldn’t have to touch it for it to work. The
problem with our initial approach of making it an opt-out system
instead of opt-in was that if someone forgot to decline to share
something, Beacon still went ahead and shared it with their friends. It
took us too long after people started contacting us to change the
product so that users had to explicitly approve what they wanted to
This is not an easy problem to solve. You don’t want to add one more box to check every time you do some transaction on the web. I don’t want to have to say "yes, I want to share this on Facebook" every time I hit play on some web music service. But I do want to be able to say "no, don’t share this gift I bought my wife on Facebook" every once in a while.
I am annoyed that everyone is focused on the "mea culpa" side of this story. Young Mark Zuckerberg was a bad boy and we have to spank him. It’s ridiculous and smacks of jealousy to me.
Facebook is trying to solve a really hard problem and I believe they are doing it to make their service better for their uses. I want the music I listen to shared automagically with my friends. And since I don’t listen to music on Facebook, the idea of a Beacon is a great thing. Of course they are going to make mistakes trying to get the balance right.
But the impact of all of this pounding on Facebook is we’ll get less innovation out of Facebook going forward as they lick their wounds. That’s a bad thing.
great points/insight fred.grabbing the last sentence as a quote for you know what 🙂
I think Zuckerberg put himself in this position by starting of his Nov 7th speech to Madison ave by saying something like “Facebook will change advertising for the next 100 years”. (Not sure of his exact sentence). A hundred years. If Zuckerberg had done his homework, he would have realized that a company called Google did not exist 10 years ago. So if you ask me, it was his inexperience that showed clearly through the veil of confidence. When you are popular and you get it right you become a visionary, but on the other hand you have to be ready to become media-fodder when you stumble. The best learning tool out there for new startups is to learn from and capitalize when the Big-Gorilla stumbles. I am not worried about “less-innovation” coming out from facebook. If facebook falls behind while they lick their wounds, then smaller and more nimble innovative starups will rise and succeed. -D
Less innovation. Your making funny this morning. Maybe if they were focused on customer innovation the entire thing wouldn’t have happened. But there is no way you are going to convince me that Beacon was created by a group of people sitting in a room saying “how can we innovate for the Facebook community.”
leighthis is the essence of my point and i understand that you and many others disagree.i think mark and his team are trying to push the envelope of user experience.that’s what they’ve done to date and that’s all he knows how to doFred
I must take exception to the following:”What I like our companies to do with email is to grab the email address and make the user go to the setting page if they want to opt-out of getting any email. But I also advise them to send email very infrequently to people on the master list.”That’s a quick recipe to being labeled a spammer…For example, I subscribe to one of your lists, I don’t confirm my subscription in the traditional manner (email confirmation click) and the first message I receive is 3 months later. That message is getting marked as SPAM unless the the subject line is perfect or I recognize the sender name/email (what are the chances of that though if I’ve never received a message before from you?). You also need to send a message at least once a month to maintain the “relationship” with the recipient. First though, you have to build that relationship with a confirmation email and a request confirmation. Get your email and name in the inbox so the recipient “knows” you and won’t get trigger happy with the “Report Spam” button the next time you send a message.Under the method you describe, what is stopping somebody from just subscribing emails they have scrapped? I could get subscribed to your list and not know until the first message. Whether that is tomorrow, next week or 3 months from now, that is spam. I didn’t subscribe and I didn’t confirm. I know you can’t stop someone from subscribing emails, but you can take steps to ensure that the only message they receive is the confirmation email. If they don’t take action, they never receive another message and can’t mark you as a spammer.There are some ESP’s out there that if you get a X spam reports per X recipients, you’re either on “probation” or you’re gone as a customer.For email to continue to be a viable marketing tool, double opt-in must be the standard. Email marketing success is based on quality, not quantity. I’d rather have 1000 subscribers that look forward to my message over 10000 who barely get past the subject line.
This whole thing reminds me of a quote from the movie Gladiator: “The mob is fickle, brother.”One moment all I can find stories about are Facebook being the next Google, next moment it’s Facebook is going to die a horrible death. Glad to see you’re staying even keeled about Facebook.”Facebook is trying to solve a really hard problem and I believe they are doing it to make their service better for their uses.”To a certain extent they’re dealing with the portability of information across the Internet, but part of me sees this as a consequence of all the pressure they have to monetize and start proving a real scalable business.I think they’ll be ok in the end — everyone makes mistakes, it’s all about the recovery.
Fred, nice analysis.Jay Meattle at Compete also deserves a shout-out for creating this graph. Read the complete post at http://blog.compete.com/200…
Here’s what we did at Wesabe — and we have a very fast-growing email feature that we’ve received no complaints about to date.In our Groups tab, we added email alerts, so that you get an email if one of your groups has some activity. By default, if you join a group, you will receive an email each time a new thread is created in that group. By default, if you participate in a thread, you will receive an email each time someone else posts in that thread. If you do not participate in a thread in a group you belong to, you get only one email about it — when the thread starts. Also, for any existing group or thread, we did not automatically subscribe you to emails — we decided that those people hadn’t gotten a clear opt-out opportunity so they would feel like they were being spammed if we did sign them up.We added opt-out mechanisms all over the place. First, when you join a group, you see a confirmation message that tells you you’ll be getting one email per thread, and you can opt out with one click right there. Second, when you post to a thread, you can uncheck the “send me email when new comments are added” box before you even post. Third, every email contains a one-click link to stop receiving that kind of email.What’s surprising and gratifying to me about this setup is that people definitely do opt out at a significant rate, but we don’t get any complaints about the need to opt out. I think that we did the two things people like: we made the process completely *explicit*, and we made opting out completely *painless*. You’ll probably realize before you even get an email that email will be coming, so that’s good — surprises are bad. If you don’t want that, you will not have to hunt all over the place to figure out how to prevent that, since the mechanism is right there where your mouse is already resting — control is great. And if for some reason those two mechanisms don’t work, getting rid of the subscription is just one click, no login needed.So I think what people should look for is: (1) clarity/no surprises, (2) obvious control mechanisms, and (3) painless recovery.
you said it way better than I did marcthis is what we should be striving for.a place between opt-out and opt-inthanksfred
@ Fred…I don’t care if the music I listen to on Pandora is broadcast to the whole world. I care deeply if my financial decisions are. Therein lies part of the reason for the uproar. The other has been the “100 years” announcement plus fanfare of fanboi’s in support, and then the (somewhat grudging) retreat – ie just poor PR handling imhoThe worrying issue remains though, ie that a non-Facebook user – one who has never been near ’em – can go to the New York Times site (or any affiliate) and have their purchase data passed back to Facebook. The only guarantee we have that nothing unethical (or even illegal) will take place is Facebook’s assurances….and on past record that’s probably not enough imho.This to my mind is the ongoing issue, and it will run and run…..
I take exception to the idea that Facebook has been practicing bad PR. Sure “100 years” was a terrible quote; but good PR is about listening to your customers, and Facebook has been doing that in spades.Check out the NY Times article “The Evolution Of Beacon” and look at how many times they changed the service over the last few weeks to try and strike the right balance. When that didn’t work they changed the service, even though the change will remove millions of monetizable Beacon notifications, and apologized for taking too long to do it (it was less than 2 weeks).A lot of companies let PR problems linger for years and never fix them.
Thanks for that link to the nyt pieceI have to go read thatFred
Fred,Rather than blaming the users for pounding on Facebook and crimping ‘innovation’, I think you might want to give serious thought to what is good innovation and what is bad innovation.If it’s OK for Facebook and Blockbuster to pool information, where does it stop?is it OK to start a company that will track everything you buy online and share it between all participating companies? (what Facebook was doing)is it OK for credit card companies to sell information on everything you purchase? (they already do)Is it OK for Google and ISPs to share information on everything you search for and browse?is it OK for Tivo or the cable company to share information on everything you watch?is it OK for the cell phone companies and EZ-pass to share information on everywhere you go?Now there are a lot of zealots and cranks out there, but I think that most of these ‘use cases’ are not consistent with a free society, and laws are inevitable to limit what personal information can be saved, stored, and sold.What’s the difference between saying1) companies should be able to collect any information they want and do anything with it to build better services, and 2) the Government should be able to collect any information they want and do anything with it to make you safer?Answer: no difference, since if the private sector collects it, the government has demanded it.
As long as I can opt-out, I have no issue with any of thisFred
i’m confused as to why this feels new. seth godin and many many others have been writing on this and creating best practices for more than decade. the DMA (direct marketing association) has very vaniall and widely accepted policies and guidelines. it seems to me that — given how super smart the people and company are — facebook made a deliberate decision to push the edge of the envelope (probably because they are as unsuccessful at monetization as they are successful at audience aggregation). and that decision blew up in their faces. but they are smart consciuentious people and they admitted their missteps and we move on.but bijan and fred, i’m surprised you are skeptical of a simple “opt in” policy. tons and tons of businesses have been successful with that policy, e.g. gamesville and ebay and last.fm and on and on and on. consumer protection matters, a lot, i think. as a society i think we absolutely must make privacy a core right and value. otherwise we end up with convoluted and scary messes like the Homeland Security’s rationale for wireless wiretappingi think facebook’s real misstep is that they didn’t worry about direct marketing best practices from day one — all these issues and interface decisions should have been (and should be) presented simply, during the initial facebook registration process. at gamesville we blasted our privacy poliocy into people’s faces: “abandon all privacy ye who enter here”. 1 out of 8 visitors didn’t register. but 5,000,000 happy uncomplaining revenue-and-profit-producing people did sign up, in 4 years 1996-1999…
SteveIf I have to take the time to opt in, there are many great services I will never avail myself ofI like opt out better than opt in as long as opting out is easyFred
I agree Fred. Opt-out is better. I’m very concerned by the precedent being set here re: opt-in and whether it will have an impact on other behavioral targeting technologies.But you ALSO need to provide clear notice of the program. And this is where Facebook really stumbled….
ok me too — but i think the larger issue is, how much gets covered during initial registration? thats what facebook was really doing — extending the permissions granted during registrationto wit: when we all registered at facebook, we were not opted-in to beacon-like stuff because no such stuff existed at that time. fair enough. but its simply bad practice by any current direct marketing standards (not to mention a legal risk) to assume that one opt-in (registration) implies a second opt-in (beacon). that is not only bad practice, it is blatantly illegal in many jurisdictions (as it should be)simple example: how would you feel if facebook did a (very simple) lookup into public databses and appended your home phone number to your facebook profile and gave that phone number to any merchant upon whose ads you click? and that merchant then starts telemarketing to you at home? by beacon’s initial processes and rationale’s that would be OK.
My five cents.. When Facebook first created the feeds every one cried and screamed what happened it eventually becomes their biggest strength. Public is not always correct. They just resonate with what echoes. I think they have an easy option of not logging in. Like mark said it should be default opt in and give enough options for opt out. Its hard to build awareness and everything from scratch. The first thing is not to say comments like we are revolutionizing advertising for 100 years or so.
While Zuckerberg has clearly been obnoxious and the ‘i am a visionary’ attitude gets on everyone’s nerves, I think the issue here is really that Beacon is a mixed bag for the actual fbook users. Targeted advertising is great — if I’m already being advertised to, why not have it be relevant to me? — but social buying is not. Or rather, more specifically, its the consumption part that should have a social component, not the purchasing part. iLike is great because it tells me what my friends listen to and recommends me stuff on that basis, not because it tells me what music they buy and how much they paid for it.
Completely agree about striking the right balance between opt-in/opt-out and thanks for peeling that back more. And . . . I think the real issue is more about how to support friends recommending things to friends. That’s really where Facebook stumbled.Opting-in, I believe, could have been the primary option if they had given people a killer way to make a recommendation that didn’t make it into an ad. What would that look like? I love the “Share” button in my Firefox toolbar and am recommending things to my friends in Facebook with it every day.If I went to Hotwire and got a great deal and they gave me a similar way to share it into my Facebook account, gave me the ability to add my own comments, and didn’t attach an ad to it but simply used the Beacon icon, great. I’d be all over it.
Zuckerberg’s post was a weird mix of apologizing and describing what they’re doing to address things on the one hand, and insisting that FB users really wanted Beacon on the other. The latter is laughable – they created Beacon for advertisers, not users and that’s the problem. It was centered around showing as much advertiser activity to as many of your friends as possible, NOT around giving people new ways to share what’s happening in their lives. The whole problem was born out of this – trying to pass off an ad program as a user feature. Had they approached the design of Beacon from the other way (maybe people would like their FB friends to see things that they are doing off FB… and maybe that’s monetizable) they probably would have ended up closer to where they currently are.The opt-in vs opt-out debate still confuses people which amazes me. This is NOT what Seth Godin and others trumpted as permission marketing for the simple reason that you’re NOT giving permission when you don’t opt-out. Well, you might be, but you might also simply be in a hurry and not see the checkbox. The good thing about opt-out systems is that you build a list fast. The bad thing is that you can’t tell who in that list is actually interested in what you’re sending. It’s the ‘create a big funnel and we’ll worry about it later’ approach whereas opt-in lists are less about having a lot of names and more about having names of people who are interested in your communications. Theoretically, the opt-in list will have higher open rates, CTR and conversion but a lot of that falls on the actual emails you send and the site where they end up if they click.Both approaches can work, but the critical thing is to design the approach that’s right for your users. The Wesabe method described above sounds great… mostly because it was designed for that community taking into account the features of that site. You couldn’t lift it straight out of Wesabe and smack it down into another site… you’d have to take the approach that they did. Think about your users and make the process as easy, transparent and painless as you can. Facebook failed the very first of these – of course there was an uproar.
I was on seth godin’s board at yoyodyne when he wrote permission marketingI have read it twice and spread the gospel of it many times over the yearsIt needs an update in the world we are living inSocial networks are not email. I willingly share many things about what I am doing in facebook with my friends. Its the essential gestalt of the serviceIf fb has to ask my permission every time I do something its going to suck the life out of the serviceThey are doing a smart thing trying to extend the reach of their social network to the web at largeI do not believe beacon was designed solely for ad revenues. It is a great user proposition if done rightSomeone, maybe Seth, but more likely someone out of the facebook generation, needs to write the sequel to permission marketing for social netsIts a new world we are living in and we need new rules to live them byFred
Fred,The concept of permission still works though, I think. The question is how you collect permission, not whether. I like the Wesabe model since it nicely balances the features they have, the desire to communicate with users of the service and a mechanism for the user to control when, how and why they’re contacted.Again, it’s matter of outlook – do you start from a perspective that the user of the service should be in control or that the service should? The models we have are crude and we’re still feeling our way. My issue with Beacon was that it started off with no way for me to control things… it’s evolved to a reasonable place I think.What are your thoughts on the tension between the idea that we should control our data and be able to remix it (including implicit data that are created via actions and social graph information) and services like Beacon? It seems that a well-designed system should actually eliminate any tensions…. that my control includes exposing what I want to share.
HAs this happened to anyone else, viz, op-out:You join a industry forum, never agree to get a email newsletter, get several, click the unsubscribe link, and then have give a usersame and password. You forget your user name or password, go through the procedure to recover them, log-in and get this:SQL Error…..3456….object ID not found ……or some such.Really makes me mad. Ebay really makes opt out very difficult, hiding many options under and edit button.I don’t like how this had evolved. I find the feeds method much more congenial.
Fred,What I would argue (see my post here http://www.bsbnyc.net/the_i… ) is that we should admit the possibility that Facebook’s release strategy is actually a revenue maximizing proposition: create emotional responses (positive and negative), which leads to backlash, which leads to the minimum number of product changes required for adoption. Then they have the most users and transactions to offer advertisers.
“I feel very strongly that profiling people so that you can give them better and more relevant advertising is a good thing.”Amen.One of the reasons opt-in fails to gain traction and worse, brings negative brand value ( as spam) is because of the loose approach to categorization, lack of context, and presence that current email marketing techniques offer. The topics are too broad, not user-centric and therefore never get to the the point of being considered relevant advertising or marketing over a sustained period of time. Opt-out on the other hand is good but if the content ever looses its relevancy to a users current needs, it becomes the senders fault. Opt-in needs a re-haul with the user in the drivers seat and not the marketing program manager pushing out broad content that’s got a hail mary feel to it. Let the user construct a narrow, on point push notification easily, and they own the design of whats being fed to them.
Fred,If by opt-out you mean personal data about me is mine, and I can publish a policy regarding what can be done with my data, and change it at will, with force of law, I agree.If by opt-out you mean companies can publish some arbitrary hoops that they request me to jump through, and they may or may not follow it and there’s nothing I can legally do about it, I disagree.
I beg to disagree.Not sure about others, but in my case, my criticism wasn’t as much because of privacy concerns, but about Facebook’s inability to respond promptly, communicate clearly and layout a predictable policy so that this doesn’t happen to them again. I don’t think it’s envy at all. People trust them, put them in a leadership position, and now expect a lot better from them.Accountability counts. Acknowledging and moving forward counts. So does communicating it properly.
I agree completely that it would be sad if Facebook is less innovative, because I believe the solution to this problem (and the opt in problem in general), is that they should be as innovative in their marketing service offerings as they are in their technology. IMHO Beacon was a sad mistake in that it does not really leverage the platform and it was a rookie Web 1.0 mistake.What social networking has the capability to do is to enable word of mouth, something far more powerful than demographic ads. The problem with Beacon is that it does not mirror the natural process, i.e., when you buy something, you generally want to try it first before you recommend it. A better approach would be to wait a few days, then ask the person what they thought of the service/product/widget…whatever they did…and if they rate it highly…have them recommend it.The platform mirrors the real world relationships, if it mirrors the real world processes and avoids distorting them for the sake of advertisers,it will be naturally opt in and engender more trust…not less, and it will be 100% effective (as opposed to 1% click throughs!!)Alternatively, if it violates the natural processes, it will violate trust as it did with Beacon. And, the trust ante has been raised. Just as Web 1.0 privacy and trust issues sprung from Web 1.0 technologies, such as cookies and tracking a user’s Web surfing behavior, Web 2.0 issues will center on the much more delicate and private matters of personal profile information, social relationships and heretofore private interactions among friends, colleagues, acquaintances, customers and strangers.My 2 cents.
Is everyone with an opinion about opt-in vs. opt-out sure they are viewing this with an understanding of the concept of “convenience of belief”?If, for example, USVs portfolio companies were forced to go the opt-in route, they would obviously grow more slowly, and theoretically, not convert to a profitable exit as quickly.So, the question is:How much of the reasoning behind many preferences stated here (eg. default Opt-out over Opt-in) is driven by the hopes of what’s best for the company that one invests in or works for?I think the failure to acknowledge at least the possibility of a conflict-of-interest here is short-sighted at best.