
Stack Overflow lets Facebook track users across their sites - Thorondor
https://meta.stackoverflow.com/questions/384864/stack-overflow-lets-facebook-track-us-across-their-sites?cb=1
======
Someone1234
I have a Facebook account, this creates limitations when it comes to blocking
(e.g. I cannot use a DNS block/piHole).

What I found works for me is to use Multi-Account Containers with Facebook
being forced-open in a specific container (that's only for Facebook) and then
using Firefox's built in Content Blocking to block trackers in other
containers (Content Blocking -> Custom -> In All Windows).

This allows you to use Facebook but makes it significantly harder for them to
track you across other sites (via shadow accounts or your actual profile).

For example this works for Stackoverflow where I see:

> The resource at
> “[https://graph.facebook.com/[xxxx]/picture?type=large”](https://graph.facebook.com/\[xxxx\]/picture?type=large”)
> was blocked because content blocking is enabled.

On mobile I simply don't install Facebook's apps and use the mobile web
browser and still receive notifications via that.

~~~
beagle3
> On mobile I simply don't install Facebook's apps and use the mobile web
> browser and still receive notifications via that.

And you're also tracked across (basically) all websites, because they all have
this "helpful" Like button embedded.

~~~
HenryBemis
On Android, on Firefox you can add NoScript, PrivacyBadger, AdblockPlus
(plenty of lists here [1]), and if you go all the way and root it, you can
replace the hosts file [2]. I personally use zero FB products, and use NoRoot
Firewall with global rule to block 31.13.x.x and a couple of other FB IP
ranges. That also means that I exclude myself from WhatsApp and Instagram.

[1]: [https://filterlists.com/](https://filterlists.com/)

[2]: [https://someonewhocares.org/hosts/](https://someonewhocares.org/hosts/)

~~~
JetSpiegel
Why use AdBlock Plus (an advertising industry product) instead of uBlock
Origin? It's compatible but massively more efficient.

------
lucb1e
I like self hosted avatars. From the title I thought SO purposefully lets
Facebook track us, perhaps through a like button, but instead the complaint is
that they don't have a domain blacklist on user avatars, which sounds silly to
me.

I care about privacy but there are bigger fish to fry. This is not structural
and hosting your own stuff (like your avatar) is a part of the old Internet I
miss.

~~~
dylan604
Is there a significant bandwidth advantage by allowing users to host their
avatar image on 3rd party site rather than self-hosting it? I too am a
believer in self-hosted content, but I don't have any site that gets any kind
of traffic to worry about costs so I have no insight on if avatars add up to
make this a thing.

------
pdjstone
Seems like it would be a good idea to add crossorigin="anonymous"
referrerpolicy="origin" attributes to user-provided images. This would prevent
any 3rd party tracking or referrer leaking.

~~~
amluto
One might reasonably argue that this should be the default.

~~~
sneak
The most popular browser is made by an ad targeting company.

It would be foolish of them to enable this by default.

------
lone_haxx0r
Install Privacy Badger.

"Privacy Badger automatically learns to block invisible trackers."
[https://www.eff.org/privacybadger](https://www.eff.org/privacybadger)

------
0xmohit
Stack Overflow does not honor Do Not Track [0] and in response to a question
[1] indicated that they don't intend to do that either.

Tracking (including third-party tracking) seems like a feature.

[0]
[https://en.wikipedia.org/wiki/Do_Not_Track](https://en.wikipedia.org/wiki/Do_Not_Track)

[1] [https://meta.stackexchange.com/questions/237062/does-
stack-e...](https://meta.stackexchange.com/questions/237062/does-stack-
exchange-have-an-official-policy-on-honoring-do-not-track-browser-s)

~~~
emptysea
Safari has even removed Do Not Track because it can be used for
fingerprinting.

[https://developer.apple.com/documentation/safari_release_not...](https://developer.apple.com/documentation/safari_release_notes/safari_12_1_release_notes#3130299)

------
Skyywalker
Won't the privacy filterlists in uBlock Origin fix this?

~~~
m463
You might like umatrix (same guy afaik). Change settings to load only first-
party sites then unblock other sites as necessary.

~~~
klyrs
Yeah I love umatrix. Sometimes it's awful and it takes an extra few minutes to
figure out the magic combination of things to allow. Sometimes it breaks a
page altogether and I use an un-Matrix'd Chrome as a last resort (which I wipe
after use). But I think it's worth the hassle.

------
eveningcoffee
I believe that one day boycott will help them reconsider these practices.

~~~
xellisx
"One day boycott" reads as if the boycott lasts one day and that's it, you are
back to normal, using the site, getting tracked. So I don't think I would be
too scared if I were a business.

~~~
eveningcoffee
Yes, it does not work if it is not coordinated but if significant number of
users stops the service at the same time then it will leave sizable tent in
the revenue.

~~~
joaomacp
> sizable tent in the revenue.

I'm sorry. [http://imageenvision.com/450/24542-clip-art-graphic-of-a-
fla...](http://imageenvision.com/450/24542-clip-art-graphic-of-a-flat-green-
dollar-bill-cartoon-character-camping-with-a-tent-and-fire-by-toons4biz.jpg)

------
neilv
Of course, most all Web sites add in third-party tracking through HTTP
requests, in one way or another. Offhand, HN is the only site that comes to
mind as not doing that. (I've been working on anti-tracking for a long time,
and my current hand-edited ruleset has over 10k rules, which I usually have to
look at multiple times each day.)

------
pixelrevision
Firefox’s containers really should be a standard browser feature at this
point.

------
Buetol
That may be the "Microsoft buys GitHub" moment of StackOveflow: people
realizing the power we gave to this private company and migrating to non-
profit-managed website instead (like
[https://framagit.org](https://framagit.org))

But I do not see a good alternative to StackOverflow available now.

------
baroffoos
I noticed this last week in my umatrix blocked domains. Its pretty terrible.
Hopefully this gets reverted and doesn't signify the downfall of stack
exchange because its a super important resource on the internet.

------
fulldecent2
What options does a Safari user have to prepare for war on the web?

~~~
Nextgrid
While Safari lacks in certain features, it’s a reasonably mainstream browser
which is a very good thing against browser fingerprinting. I use Safari
combined with AdGuard to block cancer. It’s not perfect but I think it’s
better than let’s say Firefox (you’d get more “blocking” power thanks to
better extensions like uBlock Origin, but you get fingerprinted very easily by
trackers that slip through the blocking).

------
neutrinoguy
Collection of tools to protect privacy online.

[https://www.privacytools.io](https://www.privacytools.io)

------
drinane
Just start saying really inappropriate things into the microphones that are
not there... LOL

