
Facebook is scaring me - moses1400
http://scripting.com/stories/2011/09/24/facebookIsScaringMe.html
======
Terretta
I recommend Ghostery: <http://www.ghostery.com/>

Quoting:

Ghostery is your window into the invisible web – tags, web bugs, pixels and
beacons that are included on web pages in order to get an idea of your online
behavior.

Ghostery tracks the trackers and gives you a roll-call of the ad networks,
behavioral data providers, web publishers, and other companies interested in
your activity.

Choose to block - or not. You get control at a company level - are there some
marketers you trust, but others you'd rather turn away? Ghostery lets you open
the valve of your web behavior as wide or as narrow as you'd prefer.

~~~
LogEx
Ghostery and Disconnect are essential privacy tools in Firefox, Safari, or
Chrome. Also try ShareNot on Firefox, which is experimental, but has somewhat
more extensive blocking coverage than Disconnect.

But more fundamental: don't log in unless you have to, log in only in private
browsing windows or separate browsers from your other surfing, and also clear
your cookies often to keep your not-logged-in browsing cleaner from a privacy
perspective.

~~~
mtogo
Just a note: Neither Ghostery or Disconnect work in Chrome, since Chrome
doesn't have any kind of ability to block requests from being made. The
experimental webRequest API should help with that, but it hasn't been released
yet.

~~~
andrewcooke
can you clarify? both ghostery and disconnect do install and run in chrome - i
have them running now. are you saying that there is some particular
functionality that they don't provide?

also, responding to the (grand) parent, someone else mentioned that flash
cookies are cross-browser. so if fb uses those you need to also make sure that
the fb browser doesn't have flash installed.

~~~
mtogo
They both install and run, but they use beforeRequest and edit the page
content. This works in theory, but in practice there is no guarantee that the
script will be loaded into the page before the tracker assets are. The
ghostery/disconnect addons succeed in blocking trackers sometimes, but not
all. Ghostery handles it a bit better than Disconnect does, as it will
actually tell you which trackers it was able to block and which it wasn't.

The experimental webRequest API will solve that by providing a synchronous way
for scripts to deny/allow connections before any requests are made, but
webRequest won't be made available to non-experimental addons for a few months
at the minimum.

More info:
[https://code.google.com/chrome/extensions/trunk/experimental...](https://code.google.com/chrome/extensions/trunk/experimental.webRequest.html)

------
patangay
I'm an engineer at facebook. I want to clear up a few things that you guys are
talking about.

For starters, it's true that a visit to a news story or watching a video will
trigger a feed story. The point that most people seem to be missing is that
this requires you to knowingly allow a social application. For example, in my
case, I installed the social plugin for rdio (rdio.com). When I listen to a
song on rdio, it publishes it to my friends ticker feeds. (Ticker is the bar
on the side where likes, listens, reads, etc go). There are a couple websites
that are doing read social browsing, for example the Washington Post's social
reader (<https://apps.facebook.com/wpsocialreader/>). Again, just by visiting
this page you will not trigger anything unless you have already allowed the
application access.

In the past I've setup my music player on the laptop to publish the songs I'd
been listening to, to my IM client (as away messages) - Adium let's me do this
out of the box. It's kind of the same idea, instead this is just built in to
the website you visit or music you listen to.

You can also disable any application you previously installed by going to
Privacy Settings and clicking on Apps and Websites. It should all be there.
You don't have to log out of facebook or close your account. Just delete all
your social apps. (<https://www.facebook.com/settings/?tab=privacy>)

~~~
paulsmith
Is it retroactive to apps that you've installed previously? For example, I
signed in with my Facebook account on 3rd party site X and accepted the
permissions, and at the time it didn't auto-publish to my feed (or "ticker" or
whatever), but now suddenly it will be publishing automatically without my
explicit say-so?

~~~
ptarjan
No. It is a brand new permission that must be granted.

You will know since the dialog will be centered around "Add to Timeline"
instead of "Authorize this app".

------
orijing
I am a software engineer at Facebook. Bear with me because I don't have any
PR-quality answer to give you. I am not on the platform team, but I have built
apps before in the wild-west days.

The app requires explicit permission from the user in order to post activities
automatically. The idea, if you watched Mark's presentation, is called
"frictionless sharing." A lot of people don't share because it's another step,
but if they could install an app like the Washington Post Reader (a great app
--even Mark has it installed), they are happy with sharing articles they've
read with their friends.

I understand you might be concerned, for example if you added that app without
realizing that it will post content. If you are concerned about the privacy
implications, you can always change individual permissions for an app by going
to your account settings, then selecting the 'app' tab on the left, or by
going to <https://www.facebook.com/settings?tab=applications>. If you are
concerned about spamming your friends' news feeds, that's why we built ticker,
for the light-weight activities like "watched a movie" or "listened to a song"
or "read an article".

If I remember correctly, the exact wording of the app permission request was
alarming enough to get my full attention ("I, the application, can post as
you" or something like that), so I'm worried less about a user missing that
part. In my known experiences, the app was installed with the knowledge that
it will share your experiences--because the idea is you want to share your
activities with your friends. As soon as I read an article, my first action is
to either send the link to specific people who are interested, or post it on
my wall if I think everyone is interested.

We operate under the assumption that users will not do what they don't want to
do, as long as we make it explicit what might happen. And if they make a
mistake, they can always go change their settings. So I'm not so worried about
users who sign up for the Washington Post Reader app, which is marketed as a
social reading experiment, and subsequently complain that it shares your read
articles.

You might still be concerned, in which case, please let me know why (users
being misinformed?), and I'll try to pass it onto the platform folks, who were
really heads-down the past few months.

~~~
X-Istence
The reason why this bothers me is that there is no longer any EXPLICIT
confirmation that I want to post something. Not sure who said it but I read it
in a TechCrunch article, "Just hit play in Spotify and it will share with your
friends".

No, any sharing I do HAS to REQUIRE an EXPLICIT action on my part. I have to
be in full control. Visiting a web site does not mean that I believe it will
be interesting to my friends NOR do I want that information shared with people
on Facebook.

A like button that shares, much like the Google+ 1+ button is perfectly fine,
I have to hover over it, and choose my circles to share with, and then share.
It is not automatic once I visit the site.

I don't want articles automatically being linked just because I visited a
page, or clicked play in Spotify, or put the toilet seat up.

It is not just privacy concerns, it is the image I try to convey while using
social media sites where it is common place to be friends with your boss and
or co-workers. I don't need them knowing I like the Bloodhound Gang or that I
read articles about atheism in the NYT but have never read a single article
about religion.

Eventually all this collected data will be used against me. What if I do a
simple Google search for cancer and I end up reading an article about it, that
is now shared publicly, my insurance company a few years later gets a claim
for cancer they claim it was a pre-existing condition and deny me coverage.

These are all scenarios going through my head. I am all for the interconnected
web, and making it easier for me to introduce my friends to new content across
it, however it has to be done on my terms, it has to require explicit
authorisation and must never do something automatically without my consent. If
I like the content enough I am extremely likely to copy and paste the URL into
my social networking sites, I don't mind that extra step. Create a bookmarklet
that fills in some of the forms ahead of time for me (I have a reddit
bookmarklet that fills out title, URL and the sub-reddit to post in (personal
one for me to share links with friends)). I am more than happy to continue
using the platform, but this frictionless sharing scares the crap out of me,
and will see me closing my account sooner rather than later if it continues
down the path that it looks to be going down.

~~~
anigbrowl
It's eminently possible to just live life without Facebook. I stopped using it
a few years ago, although more because I was being drowned with useless
information from other people ('hand stuck in toaster again, LOL') than out of
privacy concerns.

~~~
jrockway
I agree with you there. I hated Facebook because I made everyone I ever knew a
"friend", and it was depressing because of how dull these people were. I
canceled my account and haven't thought about it again; Facebook provided me
with no value. I still don't see why other people like it so much; if you want
to chat with your friends, why not go get some coffee or beer together?

~~~
mgkimsal
Maybe because not everyone lives 10 minutes from each other and is 100%
independently mobile? And gee... occasionally even people that you really
enjoy spending time with have to move to other areas of the planet.

As much as I'm not a fan of FB re all the privacy stuff (not to mention a
history of horribly under/wrongly-documented and semi-broken APIs), it's done
wonders for a large generation of web users in terms of allowing them to
easily (and consistently) share their lives with a lot of their friends and
family. I see that aspect as a good thing.

~~~
perfunctory
People could easily share lives with their friends and families long before
Facebook. Email, IM etc. But not a whole lot of people seemed to bother with
it. Now Facebook brainwashed everyone that it's almost irresponsible not to
share.

~~~
edanm
Alternate explanation: Facebook made it much easier to do things which were
once possible, but hard. So more people do them more often.

~~~
perfunctory
Facebook is not the only and surely not the first easy-to-share service. Why
are we so focused on Facebook today? Marketing.

~~~
AbyCodes
No, because the people you know are there and use it.

------
badclient
I recently decided to RSVP for a meetup on meetup.com. It was a meetup I
don't, in fact, want most folks I know to know about. I made sure to use my
junk email account that doesn't have my name tied to it.

So I was scared shitless when after RSVP'ing I see faces of all my facebook
friends and an offer to invite them. I always thought you had to do the whole
facebook connect crap before websites could just splash your fb friends list
at you? Then I thought about all the billion different ways facebook has to
integrate them into your site and figured this must be one of the ways.

~~~
watmough
If you don't immediate terminate your fb account when you see this, you're
like one of those people who can't leave their abuser.

That's just all there is to it.

Just as a matter of interest, has anyone ever taken a close look at what's
actually in the static content that you can download when you quit fb?

~~~
haldean
Pretty much any of it. If there's a photo I want a friend of mine to see, but
they don't have permission to see it, I just send them the URL of the static
content and it works every time, whether or not they're logged in.

~~~
rw
No longer. Images are obfuscated (view the source of a gallery image to see
what I mean).

~~~
X-Istence
So you are not able to view the following link:

[https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-
snc4/148199_...](https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-
snc4/148199_509098132490_138900699_30219016_5205632_n.jpg)

Just for reference the picture should be this:

<http://imgur.com/UYs6H>

Oh ... the way I uploaded that to imgur? Using that URL above, so clearly that
is wide open to the world.

~~~
thamer
Bert, your facebook profile ID is in that URL (the number starting with
1389...).

Also, there is no restriction on who can see pictures when you a direct link
to an image. This is mostly due to the fact that CDNs used to store static
files usually don't send cookies and thus have no concept of a session.

~~~
X-Istence
My personal portfolio site is listed in my HackerNews profile, on my portfolio
site I have a link to my Facebook profile (so that people I give my business
card to are able to more easily find me, and not my dad).

I am familiar with what is in the URL, and I am also familiar with CDN's. I
was merely posting my rebuttal to the OP who said it was obfuscated.

------
Bo102010
I ditched Facebook this morning when I realized my carefully-constructed
"Don't show this part of my profile" list was wiped out in the last redesign.

I've always thought the complaints people make after each redesign were simply
resistance to change, but this time it doesn't seem worth it to continue.

~~~
zdrtx
Could you be a little more specific? What kinds of things were you not showing
that are now showing?

~~~
Bo102010
I had my privacy settings set to "Custom" for wall posts, photos, and some
other profile elements.

I excluded a list of people from seeing posts I made and posts other people
put on my wall.

When I used the "View my profile as," I wouldn't see the excluded elements.

Once the new design launch, I realized that all these settings were lost - I
can do "View my profile as" one of the people on my excluded list, and see the
stuff I didn't want shown.

------
nextparadigms
If people think Zuckerberg had "vision" doing this, I suppose I agree. But his
vision wasn't "how can I help people have better online connections and
experiences?" or anything like that. His vision was "how can I get people to
share everything about their life, so Facebook can make more money?"

They are not one and the same thing, because in the latter, the priority is
put on optimizing the experience for _Facebook_ , not for the _user_.

Zuckerberg actually believes that there should be no privacy - at all. This is
where he's leading Facebook. I believe that's a flawed vision, but he's
probably sticking to it, because the less privacy you have, the more it helps
the company.

~~~
orangecat
_Zuckerberg actually believes that there should be no privacy - at all. This
is where he's leading Facebook. I believe that's a flawed vision, but he's
probably sticking to it, because the less privacy you have, the more it helps
the company._

My impression is that Zuckerberg honestly believes that the world would be
better without privacy. Which is even worse than companies that are only
focused on the bottom line, because at least they won't invade your privacy
without a good business reason.

------
codeup
The apologetic posts by Facebook engineers give deep insights.

Of course they can argue well on what are, for average users, technical
details. On that level, it is possible to get entangled in endless
discussions.

The real problem is that these posters seem to totally lack (or ignore) an
understanding of the bigger picture of what they are contributing to.

------
codecaine
I think Ghostery deserves some promotion here : <http://www.ghostery.com/>
available for all major browsers. It blocks near to all webbugs including the
facebook social plugins.

~~~
Lagged2Death
Great Scott, they've got an Opera plugin.
([https://addons.opera.com/en/addons/extensions/details/ghoste...](https://addons.opera.com/en/addons/extensions/details/ghostery/))

------
suprgeek
A good time to point out the Ghostery Browser extension. Use this at the most
paranoid setting so that when FB and others pull stunts like these you have at
least some measure of protection.

------
sneak
Logging out doesn't necessarily disable the tracking, though, as the cookies
are still there. You could delete them, but I bet the like buttons reset new
ones, which correlates your history to you the next time you log back in.

Much better is to just nullroute their netblocks at your router. That's what I
do.

~~~
grovulent
where does one find these netblocks?

~~~
netaddict
You could use chrome's facebook disconnect extension
[https://chrome.google.com/webstore/detail/ejpepffjfmamnambag...](https://chrome.google.com/webstore/detail/ejpepffjfmamnambagiibghpglaidiec)

~~~
sneak
That only works in one browser, on one computer. I have an iPad and there are
two iPhones in this household as well. A few lines in the firewall
configuration is a much easier and effective solution.

I am working up to doing the same for Google. I might transparently proxy
google.com/search to Scroogle just so browser search bars continue to work.

------
zerostar07
As always Winer is worried, rightfully so, but people aren't going to log out
of facebook. It seems Zuck really wants to get back at people for making him
pull "Beacon" back then, so he reintroduced it. Of course it's a privacy
concern, but i think people no longer have illusions about their privacy on
facebook.

~~~
Alex3917
"people aren't going to log out of facebook."

I actually have a separate browser that I use just for Facebook. Granted I
only do this because FB doesn't work for me in Chrome, but it's still a pretty
easy way of getting the same result.

~~~
emehrkay
Correct me if I'm wrong, but flash cookies are cross-browser

~~~
Nick_C
Here's my crontab:

    
    
      # NJC 08/07/10      Remove Flash cookies and everything to do with Flash, including left-over Flash files in /tmp
      01  13  *   *   Wed     /usr/bin/rm -rf /home/nick/.macromedia/Flash_Player/*
      02  13  *   *   Wed     /usr/bin/rm -rf /tmp/Flash*

~~~
emehrkay
Nice stuff. I would have never thought to do this.

------
stfu
Oh, so Facebook already sent their minions to HN? That was fast! Lately the
negative stories are gaining a bit of a momentum. Very much like that
development.

------
kragen
I've been logging in to Facebook and Google+ _only_ in a Chrome Incognito
window for this reason for a while now. I recommend the practice to everyone.

However, yesterday Facebook locked my account because I was browsing "from an
unknown device" (the netbook I've been using for years, on the IP address of
PyCon Argentina). I unlocked it by identifying five of my Friends from 15
photos. So it's not without its drawbacks.

~~~
nbm
In this case your account probably was not locked, you just needed to provide
additional information to log in because something seemed unusual. So if you
logged in from a known-good environment (ie, a computer we know you have
logged in before), it would work - you aren't locked out of your account.

This is one of a few different systems we have to protect our users - in this
case from having their credentials used if they are exposed through others
sites, through phishing, or through some other mechanisms. You can a little
about it at <https://blog.facebook.com/blog.php?post=389991097130>

The social authentication is one way we help people verify their identity in
these cases - you can read about it at
<https://blog.facebook.com/blog.php?post=486790652130> . There are others -
the easiest for most people is through sending a text message to your phone
when you log in from a new device, which you can read about at
<https://www.facebook.com/note.php?note_id=10150172618258920>

If you are concerned about privacy, but not happy about having to log in from
scratch each time and occasionally have to go through these steps (or not
comfortable giving or not able to give a phone number for text message
authentication), you might want to use a separate dedicated browser for
Facebook that does have cookies enabled.

------
keeran
This is why I block FB in the hosts file (<https://gist.github.com/1197453>)
and only use my mobile devices for FB messaging.

------
random42
One of the good way to make general users/facebook realize the privacy
concerns of auto-sharing, if popular Porn websites install the FB like
buttons.

------
molecularbutter
LOL at all the facebook employees who are chiming into this thread (and
others) to defend the latest creepery from their professionally invasive
advertising company. I know you're just waiting for the IPO to cash in, but
come on, how can you defend this nonsense?

~~~
nak3d
It's the All-Hands Kool Aid Q&As with Zuck on Friday.

------
nikcub
Logging out of Facebook does not do enough. It still retains cookies that
specify your account ID even after you logout.

You need to delete all of the Facebook cookies. Here is what cookies are
retained, but you can test it for yourself to see.

While logged in:

    
    
       datr, lu, openid_p, c_user, sct, xs and act 
    

act is your account number. now a new, fresh request after hitting logout
still sends the following cookies:

    
    
       datr, openid_p, act, L, locale, lu, lsd, reg_fb_gate, reg_fb_ref
    

If you do not delete cookies Facebook know and can track every user that has
ever logged in at your computer.

------
wedesoft
I can recommend Fanboy's "Annoyance Block List". It will block requests to
Twitter, Facebook, ... unless you are opening one of their sites directly.

(*) <http://www.fanboy.co.nz/adblock/>

~~~
BrandonM
Don't miss the "Tracking/Stats Blocking" as well.

Note that these are simply filters for AdBlock Plus. If you're already using
it, it's pretty easy to add a couple more filters.

~~~
wedesoft
To block tracking I subscribed to EasyPrivacy ( _).

(_) <http://easylist.adblockplus.org/>

------
mike-cardwell
RequestPolicy users are protected against this entire class of problem. When
I'm looking at a webpage, I know it isn't pulling in content from any other
site, including Facebook, unless I specifically allow it to.

------
dasil003
This is the wild west and Facebook is doing a land grab.

------
mtogo
127.0.0.1 facebook.com

127.0.0.1 www.facebook.com

127.0.0.1 connect.facebook.com

127.0.0.1 fbcdn.com

~~~
BrandonM
If you're going to go that route, it's much better to use 0.0.0.0 so that
you're not sending HTTP requests to your machine. Otherwise, anything
listening on port 80 (or 443, in some cases) will be receiving the requests
intended for Facebook.

~~~
nieve
Good point, though that leads to a really simple hack to see part of what gets
sent to facebook - just hook up something listening on those two and look at
the logs? I like ngrep for that kind of thing, but it's perhaps perverse
overkill.

------
chemmail
I recently built a website on wordpress and put in facebook connect plugin. It
saves ppl a few minutes to login ect. I was extremely scared about the widget
that shows who has been on the site. I do not believe that just logging in
gives a website permission to publish that user has been to that website. This
is just the tip of the iceberg. Facebook is getting out of hand.

~~~
nbm
There is no widget that shows who has been on the site, and it is not related
to using Connect.

There is a "Like" widget, which shows who has "Liked" the site.

------
dmoney
From the RWW article, it looks like you have to enable a "social news app" for
this to be an issue. I don't know why anyone would do that.

~~~
sp332
Nope, the JS that Facebook gives people to embed a Like button on their page,
sends the URL of the page back to FB without actually being clicked.
[http://www.zdnet.com/blog/facebook/germany-facebook-like-
but...](http://www.zdnet.com/blog/facebook/germany-facebook-like-button-
violates-privacy-laws/2837)

~~~
mpclark
So how many of us are concerned about this from a personal privacy point of
view, but still have all the Facebook buttons and markup all over our sites?

I'm a little concerned that, as a website operator, I really ought to work
with Facebook because it will lead to more PVs because it is advertising my
site for me.

But I've been uncomfortable for some time as I watch my friends and my
children slowly confuse the web and Facebook. It's easy to see a day when, for
most non-techy folks, the web _is_ Facebook.

So, I can close my FB account. But I think, in the spirit of doing the right
thing for the world, the web and the future, I also have to take Facebook off
my site and face whatever consequences that may bring.

Or am I being a fuddy-duddy old reactionary?

~~~
sp332
You can implement a "two-click like" button that mostly solves the problem.
[http://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-
Datenschut...](http://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-
Datenschutz-1333879.html) (German) Just be sure not to make your non-standard
FB button look like the official one because they will get on your back about
trademarks. [http://adland.tv/content/heise-creates-two-click-facebook-
bu...](http://adland.tv/content/heise-creates-two-click-facebook-button-avoid-
traffic-tracking-facebook-peeved)

------
martingordon
As the two FB engineers mentioned, you have to allow access to the app before
it can know anything about you or take action on your behalf. See Step 2 of
the Open Graph tutorial:
[https://developers.facebook.com/docs/beta/opengraph/tutorial...](https://developers.facebook.com/docs/beta/opengraph/tutorial/)

Publishing actions requires the publish_actions permission, so if the app
previously didn't ask for it, I believe you will be asked to re-authenticate
the app with the new permissions.

I, for one, am going to be reviewing the apps I've previously added to ensure
that none of them are doing anything I wouldn't want to. Not sure where to
file FB API feature requests, but it would be nice to not have an "all or
nothing" approach to authentication (this is a problem with the Twitter API as
well, FWIW). For example, if an app requires X, Y and Z permissions, I might
want to only allow X and Y and just not use the features that require Z.

~~~
rhizome
Indeed there is a race condition (if that) where you have to allow access at
the default privileges before opting out of any of them. I'm sure every single
application sucks in your entire graph as soon as you click that button, so
the solution to limit permissions after installing the app is just so much
closing of the barn door after the horses have left.

------
Garbage
I guess, I should always browse Facebook in "Private Browsing" mode, without
any other site open in that session.

------
haberdasher
You can use this Chrome extension to kill cookies when logging out:
[https://chrome.google.com/webstore/detail/bgonpegbhnjepleakg...](https://chrome.google.com/webstore/detail/bgonpegbhnjepleakgjdbaepkfedhhnf?hc=search&hcp=main)

------
xpressyoo
Another analysis/viewpoint:
[https://plus.google.com/111297306144520956414/posts/JLQogwzo...](https://plus.google.com/111297306144520956414/posts/JLQogwzooYd)

------
tarekayna
Anything that you don't want to be published on facebook, just don't do it on
facebook. So that article you want to read privately, just go to
news.google.com and read as much as you want. Don't use the facebook app for
that. Same thing, if you want to listen to spotify, don't link it to your
facebook account, etc...

This is how things have been for years, and if you are a more private person
(like me), just reading news and listening to music "offline" and go to
facebook when you feel like sharing.

------
motters
I've been in the process of minimizing my Facebook presence, but have left the
account open just in case a specific need to use it arises in future. I'm
already on other social networks, and Facebook is relatively high maintenance
in terms of chasing privacy issues and dealing with other nonsense. For me the
cost/benefit just isn't worth it, although I realize that this won't be the
case for everyone.

------
jordinl
So it seems the solution would be to have different browser profiles. For
instance, one for regular browsing, one for FB and one for gmail?

~~~
cpeterso
Flash cookies ("shared objects") are across shared across all browsers and
browser profiles. If FB uses Flash cookies, you could log into FB on Firefox
and they can still track you in Chrome!

~~~
jordinl
scary...

------
joelanman
Doesn't this 'frictionless' sharing have plenty of precedent online? Anyone
can view the tunes I listen to on my Last.fm page, the pages I bookmark
(visible by default) on Delicious. How are these social apps on Facebook
different?

On the point of 'noise', both these examples provide ways of making sense of
the streams. Last.fm charts, Delicious popular streams, and tags.

------
eldina
Life is fine without Dorkbook. Never used it and hopefully never will,
although it is getting harder and harder as my school has started to actively
use it for e.g. communication regarding potential jobs for students and
graduates in companies and institutions the school cooperates with.

------
mwsherman
Wouldn’t disabling third-party cookies take care of this? (And many other
questionable things?)

~~~
nostromo
In Chrome the option is to block 3rd party cookies from being set, not from
being sent. Since Facebook sets its cookie while I am on their domain, I don't
believe Chrome's blocking option is of any use.

~~~
mikewest
In `about:flags` there's an option to change third-party cookie blocking
behavior to prevent reading third-party cookies as well.

~~~
nostromo
Cool, thanks!

------
akulbe
What most people fail to realize is this... Facebook is _not_ the product
Facebook is trying to sell. YOU (and everything about your life!) are what
Facebook wants to sell.

Facebook is the next great advertising platform, after Google.

------
brudgers
Am I the only person who has a virtual machine which is used only for
Facebook?

~~~
zorked
The big question is, if you don't trust it, why use it at all?

~~~
brudgers
Because people I know use it as a communication channel.

------
indrax
<http://webgraph.com/resources/facebookblocker/>

<http://sharemenot.cs.washington.edu/>

------
Angostura
I've been ensuring I log out for quite a while now. I also have all platform
functions disabled in my settings. It's all extra work though. There's a lot
of friction involved in remaining private

------
guelo
The latest url for app permissions is
<http://www.facebook.com/settings?tab=applications>

------
altrego99
Don't log out, because logging out each time and logging back in is
inconvenient. Use a tracker blocker instead - like Easy Privacy with Adblock
Plus, or Ghostery.

------
saraid216
It's not about privacy. It's about _discretion_. Why is this hard to
understand?

------
jfb
One idly wonders if it is possible to turn the (to me) useless ticker feature
off.

------
erikpukinskis
Facebook needs to let you uncheck rights when you Connect to a site.

------
kositlaorngsri
ผมอยู่ในสมาคมแห่งการแบ่งปันและมีนํ้าใจแบ่งปันกับเพื่อนๆในfacebook

------
matjazf
My reply: [http://matjaz.posterous.com/why-you-should-log-in-to-
faceboo...](http://matjaz.posterous.com/why-you-should-log-in-to-facebook)

------
pointyhat
All the Facebook engineers on here sound like I imagine IBM executives do when
asked about the involvement of IBM in the holocaust...

I'm genuinely surprised that the EU haven't stepped on Facebook yet. It's the
creepiest, most invasive thing ever developed.

------
poona
Maybe because not everyone lives 10 minutes from each other and is 100%
independently mobile? And gee... occasionally even people that you really
enjoy spending time with have to move to other areas of the planet.

------
chailatte
Switch to other services (Instagram, Twitter, Google+). Problem solved.

Unless you like to be in S/M relationship. You're the S.

~~~
nemik
I think you got those mixed up.

------
ngmcs8203
This really comes down to Winer's tin foil hat obscuring what's actually
happening and writing the story to reflect his lack of facts. For these
"reading a story" posts to get to your timeline, you have to opt-in by
installing the app and giving it permission to do that. If you're dumb enough
to do that and get offended, maybe you should close your Facebook account.

~~~
X-Istence
Some webapps require using Facebook to login to even create an account on
their site.

Now you can say that then they shouldn't use said site, but soon this is going
to become more and more common, what then?

