
Facebook Privacy: Site Confirms It Tracks You After You Leave - rams
http://abcnews.go.com/Technology/facebook-tracking-scrutiny/story?id=14960711&singlePage=true
======
Periodic
The part that scares me is that we, as web designers/developers/owners, are
complicit in this. We are the ones who are putting social buttons on every
page. We love this functionality, but they aren't giving it to us for free. We
are trading them our user's information and browsing habits.

I'm not worried about the ethics of Facebook. I don't think a site like
Facebook should be prevented from doing this openly. I'm worried about whether
I can ethically include all these social plugins knowing that they will, in my
opinion, invade my users' privacy.

~~~
mike-cardwell
Proud to not be a part of this "we". These social buttons are a plague on the
web. They take something which is beautifully decentralized, and then create a
single point of failure, and allow companies to create massive databases of
private information from it as well.

You can host an image locally, and create a link using it. You don't need to
hand over the browser of all of your visitors to one or more AD companies by
letting them execute arbitrary JavaScript on your pages.

~~~
ceol
I think your parent post was talking about the Facebook Like/Google+ +1
buttons. In order for those to work, I believe they need to be loaded on the
page via an iframe.

Things like Facebook's "share" and Twitter's "tweet" buttons don't execute any
arbitrary (i.e. not specified by the developer) JavaScript.

~~~
umarmung
Am I the only one who,

1\. Doesn't have a Facebook account.

2\. Runs NoScript to whitelist scripting and site trust.

3\. Runs Cookie Whitelist to whitelist cookies.

4\. Runs BetterPrivacy to wipe Flash/LSO cookies.

5\. Runs Adblock Plus to prevent viewing ads wherever possible.

?

That said, at least some like Heise.de, have put in place solutions that do
not add to the underlying problem.

------
rblion
Big Brother Blue is always watching.

It is becoming more and more obvious that we are nothing more than a pile of
data to facebook, they don't look at us human beings who have a need for
respect and privacy, but as potential data and revenue. I have always gotten
the feeling that they think we are 'too dumb' to catch on, it's only a matter
of time until the bubble bursts. They may still be a billion dollar company
but the respect and loyalty will shift when something greater is envisioned
and realized.

~~~
cheap
+1 I couldn't have said it better myself.

------
iamandrus
Facebook has said that it's rooting for an "open web", but it can't even be
honest about what data it's collecting, how much tracking is done, and how
that data is used by the company.

A scary aspect of Facebook is that most users are completely unaware and care-
free. Their friends are on there, so why should they leave? A lot of my
friends are leaving for Twitter because of the recent porn spam and the ticker
nonsense, but that's a tiny chunk of the userbase (maybe a few hundred at the
most).

------
orijing
> Bejar acknowledged that Facebook could learn where specific members go on
> the Web when they are logged off by matching the unique PC and browser
> characteristics logged by both the session cookie and the browser cookie.

> He emphasized that Facebook makes it a point not to do this. " We've said
> that we don't do it, and we couldn't do it without some form of consent and
> disclosure," Bejar says.

A better title would be "Facebook /could/ track users via the Like widgets,
but doesn't do it yet"

------
thematt
Would Ghostery be successful at blocking this?

<http://www.ghostery.com/>

~~~
JonnieCache
Yep. It blocks the Like buttons and other stupid widgets, which is how the
cookies get sent. That also has the pleasant side-effect of drastically
decreasing load times.

I highly recommend it. Be aware that it does block disqus by default, I
usually whitelist that one.

~~~
Periodic
I had a few problems with the blocking when actually going to the sites in
question. I believe I had to unblock Google Plus, Google Analytics and
Facebook when actually visiting those sites.

However, I'm happy that most of the time it prevents the annoying features of
a page from loading.

~~~
JonnieCache
I've never had that problem. That'd be a pretty big flaw in ghostery if that
was the case.

~~~
cpeterso
I've had problems with Ghostery blocking cookies and web bugs that prevent
some Flash videos on YouTube, Hulu, and the New York Times from playing.

------
droz
I'd like to think that developers wouldn't implement this kind of
functionality on ethical grounds -I bet there are some at facebook who
refused- but I also bet there are some there who will do anything for buck no
matter how questionable it is.

------
alain94040
To be fair, Google is doing the exact same thing with adwords and adsense.

~~~
esk
Doesn't Google Analytics also phone home? Google's tracking is far more
widespread than Facebook's if that's the case.

~~~
sp332
Google Analytics seems somehow less harmful than AdSense. Almost every big
website has some kind of analytics running. I assume that GA data isn't sold
to advertisers, but I'm not sure.

~~~
stingraycharles
I think this might be of interest to you:

[http://www.google.com/support/analytics/bin/answer.py?answer...](http://www.google.com/support/analytics/bin/answer.py?answer=87515#0.1.1_1)

GA users can choose to "share" their data with Google, and this page describes
the advantages users will get if they choose do to so.

------
kogir
Just disable reading and writing of third party cookies. I've been using this
option in Chrome for quite some time.

Hint: Facebook is not alone in doing this.

~~~
icebraining
Cookies aren't the only way to be tracked, unfortunately. I don't know if it
still works, but some sites were using custom ETags to track users.

------
GoodIntentions
No Script + RequestPolicy + AdBlock ftw.

This combo makes your browsing a little frustrating, but very educational. Try
it, even for a day and be amazed at how many sites load content and scripts
from 8, 10, or more unrelated domains.

I gave up trying to keep an up-to-date host file for all the web beacon/scam
urls. I just vet requests now as they occur. You wanna believe it has changed
my surfing habits.

------
moozeek
As a side note, according to Ghostery the publishing site abcnews.go.com is
using 13 external tracking services, including Facebook.

------
rosser
This is why I visit Facebook in one browser, G* in another, and everything
else in yet a third.

~~~
folkster
There is not much use switching browser. They tracks you using cookies even if
you dont login(like button and other plugins) You need to block/remove all the
facebook related cookies.

~~~
untog
Cookies do not cross browsers. If he's using a second browser, Facebook cannot
read the cookies set in the first browser. They could use some IP matching
logic or something, but it would be prone to a lot of false positives.

~~~
jr299
I believe this isn't always the case. If you're using multiple browsers in OS
X all built on Webkit for instance, they share the same cookie store.

Firefox and multiple firefox profiles isolate cookie storage and I also use
Fluid on OS X to build site-specific browsers. The paid version offers a
feature to isolate cookie storage within each app.

~~~
gord
Webkits share cookies = ouch.. so you really need a VM.

New browser feature - open this site in a temp VM.

~~~
randomdata
These days, most browsers come with a private browsing feature, which will
dump your cookies, caches (for etag tracking), etc. when you're done.

~~~
cpeterso
If users must visit _social_ websites like Facebook in privacy mode in
separate browsers, perhaps they should rethink whether they should be using
Facebook _at all_.

------
modeless
The hypocrisy of news sites decrying Facebook's tracking while putting Like
buttons on every page is palpable. (There are no less than five different
Facebook widgets on this article's page, plus multiple Twitter and Google+
buttons.) The reality is that website owners are the ones sending Facebook
this data.

------
bobwaycott
Doesn't it seem like time for a browser to get involved in protecting privacy?
Maybe that's a stupid question. This just leaves me thinking I'd really like
it if my browser only shared my cookies when I'm actually visiting the site
requesting them, else it'd ignore the requests altogether.

No doubt that's either dumb, not possible, or something someone already
thought of.

~~~
ahrjay
There is the do not track initiative[1] but it's kind of a pretty please
solution.

[1] <http://dnt.mozilla.org/>

------
dspillett
This is why I keep facebook in a separate browser. The could technically still
track me using flash cookies but as the site isn't on my "can play flash
content" whitelist this is no issue either.

It means I can't comment on a growing number of sites that use fb for their
comments system, but that is no loss to _me_ in my not-so-humble opinion.

------
americandesi333
Question- Would people be more willing to let a platform track browsing
activity if there was 100% transparency? Asking this question for the startup
that we are working on, where we want to get permission from users to follow
their certain activities- which is directly applicable to the platform value.

~~~
rhizome
It's hard to say without seeing it. Implementation is everything, but opt-in-
wise, it sounds like you're describing browser bars. Maybe it's time to
resurrect browser bars for the social age? :) Good luck!

~~~
americandesi333
When you say 'browser bars' I am thinking of an address bar in browsers today.
Is that what you are referring to?

I am thinking of something that does not interact with the user but captures
some of their web usage based on their consent. Would love to share it with
the community when its ready!

~~~
rhizome
Nope, I mean browser bars from the early-mid 2000s. Comet Cursor, HotBar, and
other adware companies that were the Groupon of their day. Lots of deal site
plugins used these kinds of plugins to do a kind of rudimentary tracking. You
got some..."thing"..and they would have this snippet of js that submitted your
clicked urls to their servers. Same as it ever was.

------
psychotik
Wait, how is this even technically possible?

Sure, Facebook can see sites you visit which use Facebook Connect in some
form, but can they actually "create a running log of the web pages that each
of its 800 million or so members has visited during the previous 90 days" like
the article claims?

~~~
raganwald
They can certainly track visits to those sites displaying a Facebook “Like”
button or other FB spoor.

------
firefoxman1
It sucks that Facebook can get away with this but services like KISSMetrics
and ad networks get sued for tracking users...even though that's what the goal
of analytics is, whereas Facebook's job is to provide a social network that
protects its users' data.

~~~
drumdance
Seems like a distinction without difference. If Facebook weren't doing this on
their own they would very likely be working with someone like KISSMetrics.

------
lurchpop
solution is to install the adBlockPlus extension, open up any page, say,
techcrunch.com, then open the extension dialog and block external domains like
twitter, facebook, google, google-analytics, etc.

~~~
nickand
Do you need the paid version to block external domains?

