In the best scenario all Facebook is doing with their new service that allows 3rd party sites access to your Facebook identity along with a bit of what they know about your is a slightly more transparent version of what, say, Google’s Doubleclick can does. They are selling a service to their partners that identifies the visitor. It removing their anonymity. These tracking networks are troubling from a privacy point of view since they enable trafficking in a surprisingly detailed user profile. For example it enables knowing that your currently working, or shopping, or away from home. Browsing Yelp for a resturant? Working on your a Microsoft document.

We need a name for these networks that enable the trafficking in personal data. How about persona-attribute-info-network or PAIN. There are other PAINs. The credit reporting in the financial industry for example. There are ones in health insurance. There is usually one for every kind of license, i.e. drivers licenses. In the long run, i.e. after fortunes are made and I’m dead, these tend to get a complementary “privacy protection act” that serve to limit the liability of the network owners, raise barriers to entry, and add a modicum of consumer protection.

A key term or art here is “globally unique identifier,” GUI. The social security number is the poster child of a GUI. Leaking a social security number bad for two very discrete reasons. The first is it’s role as a password, but ignore that. The more serious concern is how it is a dependable key that vendors can use to unique identify you. Once a GUI tags your account data the vendor can then trade the data in that account with each other. You licensed them to trade when you assented to their “privacy policy.” I like to joke that they do not lie when they say “your privacy is important to us.” Well yeah, it’s an asset that it is important that they leverage.

GUI come in variations of quality – Social security numbers, email addresses, open ids are all pretty high quality. Cookies are actually pretty good. Google’s Doubleclick cookies can be very high quality. What your are licensing when you leave the Facebook toggle on is tagging you with a high quality GUI owned by Facebook.

A PAIN will have rules that govern the exchange of data between members. And all the usual questions arise. What are the costs, benefits, and risks of membership. Who sets the rules? I think we can assume that Facebook has not bound the members to limit data exchange laterally, i.e. Yelp and Microsoft can traffic in info about you using the facebook GUI as a key. At that point do we care what info Facebook shares with them?

Now, mind you that was all written wearing a care-about-privacy hat. There are other hats!

How about the were-things-are-going hat. It’s obvious that reach, accuracy, and tracking skill of the PAINs is only going to continue to grow. Scenarios long imagined, like enabling the car rental agency to prefill the forms based on your recent airline ticket purchase – a behavior that it pretty trivial to enable, but spooks the user if he hasn’t been carefully preped to comprehend how it happened – are inevitable.

Put on the business-strategy hat; the puzzle is who owns the PAIN that enables the scenarios like, will they make a good landlord, how many such networks will exist, should you try to establish one. The business-tactics hat depend on the answers to those questions. But moving fast maybe necessary or it could be fatal.

Having written that, I think I have a brilliant solution … but putting it here on the end … well it really doesn’t fit.