Hacker News new | past | comments | ask | show | jobs | submit login
Facebook doesn't like privacy countermeasures (jwz.org)
346 points by xentronium on Sept 3, 2011 | hide | past | web | favorite | 106 comments



Facebook better wake up and realize that especially thanks to companies like them and their failure to self-regulate and respect privacy values outside the US, using Like-buttons for tracking is likely to become illegal in the EU and many other places in the next five years.

Technically, one could argue that they already violate existing laws, but incidents like these will make absolutely sure that these practices will be explicitly outlawed very soon.

It keeps surprising me how companies like Facebook and Google seem to be oblivious to the way privacy is perceived elsewhere, and are actively provoking stricter legislation than would be the case if they showed some respect. There is absolutely no question about these tracking practices being perceived as ethically unacceptable in many countries, so why provoke both negative publicity and legislation that is likely to handicap less intrusive solutions as well?


Google claims that they do not use or keep this information for anything. When they talk about for debugging purposes, they probably mean their web access logs.

http://www.google.com/support/+/bin/static.py?page=guide.cs&...


I would like to add that contrary to your impression we too value privacy in USA.


Consider the massive usage of Facebook and Twitter, the lack of outrage over the warrantless wiretapping scandal (running for 10.5 years now), easily available voter records (see e.g. the backstory behind Latanya Sweeney's original identifiability study), and lack of public comments about requiring ISPs to store all session information for a long time - I would say that is strong evidence that USA as a nation does not actually value privacy.

edit: wireless wiretapping scandal -> warrantless wiretapping scandal, silly me.


Lack of outrage is the phenomena here, not the lack of respect for privacy. It's not that Americans don't value privacy, I think we do. Rather, it is the general attitude against outrage or, perhaps, against complaining, what differentiates the US from Europe.

The country doesn't have a healthcare system for citizens outside of the military, and there's no outrage. Does this mean "there is strong evidence that USA as a nation" doesn't value not dying?

"Don't seek government help, work harder, smile more and make more money" appears to be the answer/advice to those who complain/express outrage. Then you can buy yourself healthcare, privacy or anything you wish.


I beg to differ. You may tell that to yourself and feel better (and many Americans do), but in the grand scheme of actions-speak-louder-than-words world we live in, there is no evidence for the American respect for privacy.

> Does this mean "there is strong evidence that USA as a nation" doesn't value not dying?

No, but it does mean that the country does not value a social safety net as much as it values monetary profit for the few at the top of the healthcare insurance industry.

> "Don't seek government help, work harder, smile more and make more money" appears to be the answer/advice to those who complain/express outrage. Then you can buy yourself healthcare, privacy or anything you wish.

If you believe that, you are naive. Here are some facts for you (you can google them if you want, I don't have time)

* 75% of people who file for bankruptcy because of medical expenses (and there are a lot of them) HAVE health care insurance. That doesn't happen in any country with socialized health care.

* 40M americans are on food stamps; that is, they seek and receive government help, and unlike other government perks (like extended unemployment), these will never go away because that's what is stopping blood from flowing in the streets.

* Senators and Congressmen are, on the average, millionaires (unlike military people). They can afford the healthcare they want. And they want state sponsored health care, for life (as long as they've served two terms); what's not good for the goose is apparently excellent for the gander.

* The government takes money from you -- taxes -- essentially at gun point. You might believe it is only on income, but by debasing the currency (which the Fed has been doing very diligently since 2008, and slightly less diligently since 2000, and only just diligently since 1971), they rob the value of money you already have -- and if you hold only anything like gold that retains its value -- why, that's taxed as capital gains; you can't win.

* What the government does with this money is -- among other things -- give it to their friends on Wall Street. To the tune of trillions of dollars.

You know, I remember in 2004 I was arguing with an American friend about how americans can re-elect Bush, and his reply was "we're not stupid, it's just apathy". I see this apathy as stupidity.

And you know what? It's not that it can't be changed. It's just the everyone prefers cheap iPods to actually facing things that matters. In general, that only delays the arrival of the bill - but it is coming.


You've written so many words I feel compelled to reply. Beagle, I am not arguing with you. Just pointing out that Americans aren't inclined to be outraged in general. Therefore you can't use the lack of outrage as a proof for anything, that's all.


Why the contempt? For each of these issues, a decent fraction of the population will make a reasonable argument for change, and a similarly sized fraction will make a reasonable argument against change, or at least against the type of change proposed by the other side (dissatisfaction itself is universal enough).

In the case of socialized health care, especially, a majority of the population is violently against it, and while I disagree with most of the arguments, they are neither unreasonable nor apathetic.


> a decent fraction of the population will make a reasonable argument for change

That's how it works in theory. In practice, there is one party (Lobbyists) with two representations, Democrats and Republicans. This guarantees that everyone keeps arguing about supposed merits (mostly about things like gay marriage and legal abortions, which make little difference overall, but occasionally also about things that do matter like health care), but little gets done on any argued front, while in the meantime wars and patriot acts happen.

I'm sure reasonable arguments can be made for both sides, e.g. on the health care debate. But I've listened and looked for them, and never heard them (on either side). I'm familiar with reasonable arguments on the "for" side for socialized health care. I haven't managed to find a reasonable argument for the "against" side. (By reasonable, I mean based on facts and comparison to other countries who have implemented similar programs ..... e.g. the entire western world except the US).

> a majority of the population is violently against it, and while I disagree with most of the arguments, they are neither unreasonable nor apathetic.

I remember reading about >50% support FOR one-payer system (the way Canada and the UK run theirs), before the rulers (eh, sorry, "leaders") decided it's not even on the table.

I would really like to hear some of these reasonable arguments against.

The contempt is from actually living in the US, talking to people daily who believe that they live in a democracy, or that their government is working to benefit them in any way.


Or the fact that all ATT (and possibly Verizon) traffic goes through the NSA.


doh! I wrote "wireless wiretapping scandal" but I meant "warrantless wiretapping scandal", which is what you are referring to explicitly. edited to note correction; Thanks!


Please don't equate a lack of change with a lack of outrage; that assumes we have the ability to fix things here just by getting outraged about them. I'd say "if only it were that easy", except that many of the broken things that need fixing exist due to supposed outrage/fear.


I use outrage as an indicator for the degree of caring (in the sense that "value privacy" means "care about privacy"); is that not an acceptable use?


> lack of public comments about requiring ISPs to store all session information for a long time

Data retention is there since a long time in Europe...


In some of the countries, not all of them (definitely not "for a long time"). But it is retained at the ISPs, with legally mandated security controls, except for government access. It would be better if they were not kept.

As far as I know, the only privacy of records the US law cares about is health care records, through the HIPAA act.


To some extent, though we've been less active in doing anything about it. In part we tend to be less keen than Europeans on having the government regulate these kinds of things, but the various private-sector and non-profit initiatives (like TRUSTe) that are supposed to fill the gap have been fairly ineffectual.


Unlike Germans - who had the Statsi to contend with, and before that the SS - Americans have never been exposed to a genuine, law-unto-itself, every-phoneline-tapped, free-to-kidnap-torture-and-kill secret police force.

One of the clearest lessons learned is that once these things take root, they are incredibly hard to dislodge. When they do go, it's only due to truly cataclysmic change. What naive Americans may regard as absurd hyper-sensitivity or a hopeless lack of technical sophistication is often an acute awareness that never letting it happen again means banning a lot of stuff that young innocents casually dismiss "as just being how the internet works".

Evgeny Morozov (author of "The Net Delusion" http://amzn.to/nOOxzQ) observes that casual openness is exactly how the web can be used to work against you. He makes the point that while folks safely ensconced in California should be grateful for their freedom from truly abusive government, they should also be a lot more sensitive to the concerns - and outright trauma - still found in places that haven't been so lucky.

Of course, I'm over-simplifying his argument a bit. If you want a more complete (and much more entertaining) introduction, RSA did an especially good animation of a talk he gave, which you can see here: http://www.youtube.com/watch?v=Uk8x3V-sUgU


You mean Gestapo, not SS.


Correct - thank you.


TBH, i would like to see all the like/+1/tweet/digg buttons gone, they are a big privacy hazard. This functionality should be included in the browser or available from extensions.


I use a few plugins to handle this, check out:

http://www.ghostery.com/

http://open-bits.com/shellfish/

http://webgraph.com/resources/facebookblocker/

With ad block it cleans pages up like you wouldn't believe. Many sites actually become readable :O


What does Facebook Blocker do that Ghostery (combined with AdBlock Plus) doesn't? Are these redundant extensions?


Ghostery is a general tracker blocker. FBB only blocks, as the name implies, Facebook related stuff - at least that's what I infer from a quick skim through the description.

So, if you only want Facebook gone, by all means use FBB. If you don't want trackers in general (Google Analytics etc), use Ghostery.


What about an add-on designed with the only purpose of implementing this 2-Click solution?

https://addons.mozilla.org/en-US/firefox/addon/2-click-like/

:)


Probably, I just had a look what I was currently running and noted them down. Could probably do with uninstalling it ;)


Handily, the functionality to make them disappear is available in many browser extensions, like Disconnect (http://disconnect.me/).


Friendly reminder, blocking all and any of Facebook's pre-click tracking measures can be implemented easily in AdBlock Plus (or any equivalent ad blocker) with the following rules:

    ||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
    ||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
    ||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
    ||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net


Corresponding blocks are already in the EasyPrivacy list.

https://easylist-downloads.adblockplus.org/easyprivacy.txt


I don't think they're as comprehensive. Regarding Facebook, it only has

    ||facebook.com/campaign/impression.php?
    ||facebook.com/js/conversions/tracking.js
    ||pixel.facebook.com^


Also worth noting that Firefox users who prefer the idea of whitelisting cross-site requests rather than blacklisting them, can install RequestPolicy.


If you don't like the annoyance of RequestPolicy you can also use Ghostery (avail on FF, Opera, Safari) which blocks a specific blacklist of trackers.


Does anyone know the equivalent Chrome extension?


I am working on it here:

http://www.github.com/nikcub/parley

I will have a new version out at the end of this weekend

I think it is time to kill all third-party requests. If you want to show users an ad, host it from your own server.


Thanks! Remember to 'Show HN' when you hit beta / have it up on the chrome extensions site.


Thanks! The only reason I am still using Firefox instead of Chromium is the availability of RequestPolicy.


I have heard that a lot - which is why I want to get a release out asap


Don't burn out for asap. We'll still be here. :)


Thanks for these. Is there a page I can go to for blocking rules on all of the "social networking" sites?


The Ghostery plugin can handle all this stuff easily.


Brian Kennish's disconnect extension/plugin for FF, Chrome, and Safari (available at http://disconnect.me/) very neatly does this for all of the major social networks.


Note: It doesn't work on Chrome, since Chrom(e|ium) is not capable of properly blocking requests. Ghostery also does the same but has a much (500+) larger blacklist of trackers.


I don't believe that has been true for a long time now.

I have disconnect installed, and, looking at the source, it checks a resource's URL on a beforeload event, and cancels the load if the domain has a match on the blacklist. Where is the problem?


I'm not sure about the internals of Chromium because i never use it and I'm not involved in the development of it, but from what i remember using beforeload is a hack that has a % chance of actually working per page load.

Proper resource blocking support is in development last time i checked, but it isn't done yet, which is why Ghostery, Disconnect, HTTPS Everywhere, etc aren't available/don't work on chrome.

Of course, Ghostery will still give you a list of trackers, but it won't always succeed in blocking all of them.


There's a new add-on for Firefox:

https://addons.mozilla.org/en-US/firefox/addon/2-click-like/

Sweeet :-)


  If it hadn't occurred to you yet that Facebook cares far
  more about the "Like" buttons that you don't click than
  about the ones that you do -- there you go.
I've been telling this to people since ages. These stupid Like buttons are an infestation, and exactly the reason why I care so much about Facebook's privacy policies despite not being registered on it - it's just not as simple as "not having an account". This goes for the other networks, too, by the way.

Besides, this solution with the two clicks is very clever, and privacy friendly. In addition, it speeds up page loading. It speaks for itself that the only measure Facebook has is trying to sue with a very broadly formulated policy, which I doubt applies in this case anyways:

  if such use could confuse users into thinking that the
  reference is to Facebook features or functionality.
Well duh, it is a Facebook feature/functionality.


This is a non-story for the reasons stated but a story for other reasons.

It's standard that widget publishers require to use their widget "as is". That's basically what Facebook is saying. Not only do you not know what any custom modifications will necessarily do but it's a completely valid argument that you want a consistent user experience with your widget.

As for user tracking, this is basically an inevitable byproduct of Facebook hosting the widget, a situation I'm sure they're not unhappy about, but this really isn't a big deal in the context of how the Web works.

The story here (IMHO) is trust. Most pages have a Google Analytics tracking script on them. Do you trust Google? I do (disclaimer: I work for Google). Protecting user data and privacy are key priorities here. It's why Google+ has relatively simple privacy controls and allows you to export your data at any time.

Do you trust Facebook? I don't. Then again, there aren't many companies I do trust. But Facebook's track record seems to be to befuddle the user and trick or opt them into sharing things wider than they understand or want.


"Most pages have a Google Analytics tracking script on them. Do you trust Google? ... Do you trust Facebook?"

I don't trust either.

I have blocked Google Analytics along with Facebook, Digg, Twitter, and a bunch of other "services".

Needless to say, I don't have an account with any of them. The "free" services they provide are of very dubious value compared to my privacy and information about my friends, interests, and online activity I'd be giving up by using them or allowing them to track me.


> But Facebook's track record seems to be to befuddle the user and trick or opt them into sharing things wider than they understand or want.

Just like Google did with Buzz

That was such a clusterfuck that for most people Google is in the same bucket as Facebook when it comes to 'caring about user privacy'


I never considered any of FB privacy curtailments to be 'clusterfucks' in the sense that they involved Buzz-level incompetence, bad planning, or lack of foresight.

To the contrary, I always felt FB knew exactly what it was doing, and was operating in a very calculated way. Three steps forward and (maybe) one step back.


Beacon?


> Facebook's track record seems to be to befuddle the user and trick or opt them into sharing things wider than they understand or want.

Are you saying that the product designers at Facebook want to design interfaces and settings that intentionally confuse users into laxer privacy settings? Turning this discussion into a rather presumptuous smear at Facebook in the face of many privacy failures by Google is rather childish.

Perhaps you're saying Google's privacy missteps were accidental, and thus tolerable. But what makes them more accidental than Facebook's? Bugs are accidental, sure, and are addressed as quickly as possible (last summer my mentor was locked in a room with a bunch of people for a week trying to fix the bugs that came up, and come up with long term solutions). As a result all privacy settings are as explicit as possible--especially with the most recent launch, the privacy settings of every single item is clear.

It is unfair to claim that Google values privacy and demonize Facebook for its privacy-related product decisions. If anything, privacy nuances are what prevented the new privacy features from launching for multiple months, as we iterated on details that an organization that cared less about privacy would have overlooked.

Here's an interesting comparison: Everything Facebook knows about me is something I or my friends entered (i.e. via tagging). In contrast, Google knows so much more about me than I told it. How did it automatically link my Quora, Twitter, etc accounts without my knowing or permission?


> Everything Facebook knows about me is something I or my friends entered (i.e. via tagging).

No. If person x is logged into facebook, they (or rather you, as it seems you work for facebook) get an indication of every page person x is browsing that has a "like" button, whether that person presses it or not. Furthermore, even if you're logged out of facebook, there's still a couple of facebook cookies identifying the computer you've logged in from.

I'm not sure I would you believe the claim that Facebook is not using any of that info right now, but I'd probably call you an outright fraud if you said that this data is never ever going to be used for anything.

Same way for Google, BTW - they've had a better track record of not abusing the data they have, but it is possibly because we haven't heard the gory details yet, and it is not going to stay that way when their profits take a dip if they ever do - they are in it for the money, and that data is worth a lot of money.

For those reasons, my firefoxen run ABP, RequestPolicy and/or Ghostery, AND I have multiple users for job / personal / porn browsing (and other measures), and multiple browsers (chromes, firefox versions) for de-panopticlicking.


> No. If person x is logged into facebook, they (or rather you, as it seems you work for facebook) get an indication of every page person x is browsing that has a "like" button, whether that person presses it or not.

OK, fair enough. I meant the stuff I or my friends see. Facebook doesn't display a list of "pages that had like buttons that orijing visited but did not like" although that would be interesting.


> OK, fair enough. I meant the stuff I or my friends see.

This is so very different from

> Everything Facebook knows about me is something I or my friends entered (i.e. via tagging).

As to be irrelevant - I don't have a single status update or biographic detail in my facebook account, and I remove tags of me from pictures -- and yet, facebook has a damn good idea of the websites I browsed before installing ghostery.


Google knows about my Twitter account because I gave them my homepage, which has semantic markup that exposes my FOAF data, linking to that account (and others). I was actually quite impressed by it...


Has Facebook (or Google) ever had a "privacy misstep" that was an error on the side of too-tight privacy?


Nobody gets outraged over privacy that's too tight — they just don't use the service. You could say that Google's longstanding reluctance to embrace social was an example of too much privacy. (I don't think that was the primary motivation, but it would look the same either way.)


Yes, but nobody knows about it.


Is that a "misstep," then? It seems to me that the logic of a too-tight misstep would be that the information simply does not get out. What would be the reason for FB (or whoever) to notice that too little of my information is getting out? I suppose the "misstep" is in the eye of the beholder. :)


> Are you saying that the product designers at Facebook want to design interfaces and settings that intentionally confuse users into laxer privacy settings?

Almost certainly, yes. Since that's how they derive revenue from users.

> Turning this discussion into a rather presumptuous smear at Facebook in the face of many privacy failures by Google is rather childish

/s/childish/factual/

Somehow, privacy UI changes at fb almost always lead to more rather than less confusion and more rather than less sharing. We could either assume the designers are incompetent or decide this is by design. Occam's razor says by design.


I would be happier if Google had a priority of not collecting user data in the first place.


(copying and extending myself from another reply in this thread, because it is actually more relevant here:)

The copyright issue is a red herring. Facebook could create an official "data:..."-url based "like" button that has the original image instead of linking to their server. It would be better for everyone involved, including facebook's bandwidth and the site's loading speed -- except that facebook would lose their tracking data.

The other thing that they would be unable to do would be to change the look of the image (because it would be _in_ the link); but I think it is a good thing that they (or a hacker) can't put a penis on every page that has a like button.

Really, the copyright thing is a PR deflection, not the real issue.


Google is by far the scarier big brother company. There is no escpaing Google and as far as I know Facebook has not to date sent teams of roving wireless sniffers in guise of map making.


This was a copyright issue about locally hosted images. Heise changed the initial image and everyone is happy.

I'm happy to hear you trust Google, but trying to warp this into a smear on Facebook (my employer) about trust is in poor taste.


So when are you guys going to back up the openness propaganda and open source something of substance other than protobuf?


The most important update, from Aristotle: "Tina Kulow of Facebook Germany has spoken again. In a tweet, she wrote: “To clarify: a 2-click button is not ideal – but not a problem. Only a Like button that merely visually pretends to be one is not OK. That’s all.” Since heise online changed the design of the button for the first click that activates the Like function, there should now be no obstacles on Facebook’s part to further use of the 2-click button by heise online and other websites."


Apparently it's more of a copyright issue than the 2-click process. They don't like their logo being used on a locally hosted image. So heise.de made the button more generic and it's all good now.


Are you pointing out that this is what they are saying, or do you believe that? The worst thing that could happen before is that Facebook would change their CI and the button would be outdated, looking dated. Now the button looks crappy from the start.


That's my interpretation of the following update posted by the original source (heise.de):

"[2. Update: Mittlerweile äußerte sich erneut Tina Kulow von Facebook Deutschland. In einem Tweet schrieb sie: "Um es klar zu stellen: 2-klick-Button ist nicht ideal - aber kein Problem. Nur ein Like-Button der grafisch so tut als ob er einer ist, ist nicht ok. Das ist alles." Nachdem heise online dem Button für den ersten Click, der die Like-Funktion aktiviert, ein verändertes Design gegeben hat, sollte demnach der weiteren Nutzung des 2-Click-Buttons durch heise online und andere Websites auch von Seiten Facebooks nichts mehr im Wege stehen.] (ju) "

So it says the two click button is not ideal, but not a problem. Though the graphic on the Like-Button is not okay, and so on.


A simple solution to this would be to not use facebook icons for your first click image. So maybe a simple 'social share' icon that brings up all the sharing options and at the same time loads the traditional facebook like button.


I think the 2-clicks "like" button is super smart. I am going to implement it as a Chrome extension, what do you guys think? I've created a repo on github:

https://github.com/hayeah/FaceOff


Before we spend too much time attacking Facebook over this, let's try and think of possible reasons why this might be not an "evil" move. No need to go out of our way to conclude "omg they're evil stealing our privacy".

Firstly, what if they just don't want to confuse users? I see people confused all the time of when you need to click and when you need to double-click, every time I see someone using the computer — I'm sure I do this myself, too. What does allowing someone to introduce uncertainty as to what's required here do, especially when their click-through buttons look just like Facebook's normal ones on other sites? I'd say it'd just confuse people. I don't have an issue with Facebook doing that, I'd actually rather have them enforce, this, so you know what is going on when you see a standard Like button.

(As a few other comments have noted, just replacing the button with a custom-styled one would solve this issue. It'd also solve user confusion, since it no longer appears to be Facebook requiring a double click.)

So, maybe they're not just after destroying privacy, after all? Maybe?

(I don't work for Facebook, or even know anyone who does. I just like to try and see both sides of something like this.)


  I just like to try and see both sides of something like this.
While I can certainly agree to that general notion, in Facebook's case that's simply a bit too stretched. I find it pretty hard - if not impossible - to assume honest intentions regarding these cases from a corporations whose founder openly opposes privacy and considers it "obsolete".


What are web browsers doing by sharing this accidental data between 3rd party sites anyway?

The default setting ought to be that connections to 3rd party sites are done in incognito mode. This would disallow tracking by looking up the referer and sites like Facebook couldn't also tell who's login cookies the browser is storing. You could then whitelist connections on a per-site basis.


Not sure how great it works because I only sought it out after reading this, but here's Facebook Disconnect for Chrome. https://chrome.google.com/webstore/detail/ejpepffjfmamnambag...


I'm glad this came up to make me think about it more; I'd already gotten in the habit of logging out of FB except when actively viewing the feed, for precisely this reason---I didn't want FB tracking me across browsing other sites. (The FB-hosted comment systems were actually the proximate worry, as well as the Like button.)

But that was my half-thought-through answer. Of course they're perfectly able to track me even without being logged in.[0] So the real answer is I need to be sure I'm not loading cross-site img and iframes... My Omniweb install I'd already configured to do that, but setting up proper privacy countermeasures on my Firefox install just jumped way up the priority list.

[0] http://panopticlick.eff.org/


I used to do that. I also started deleting any Facebook cookies before logging into Facebook, and after logging out of Facebook. I then realized that was stupid, because I have a static IP address (helps with my job, which requires remotely logging into servers).

With Facebook cookies everywhere, you don't need to be logged in for them to track you. And in my case, even if I used a different browser for logging into Facebook, they could (in theory---I have no idea if they actually do this or not) still track me based on the IP address alone.

Google is just as scary. A few months ago I did a few searches for local casinos (I was helping a friend of mine get a job at one) and now, I see ads for casinos on about a third of the webpages I visit. It's most annoying, and quite scary when I think about it too much.


>[...] and now, I see ads for casinos on about a third of the webpages I visit.

You should be able to remove that from your ad targeting here: http://www.google.com/ads/preferences/ It lists all the categories Google thinks you're interested in and allows you to add or remove categories.


I just use a totally different browser for Facebook.


This doesn't help as much as you'd hope.

When you are using your non-FB browser and visit a website with the FB buttons installed, FB gets click data about you.

You need to use a blocking extension in your non-FB browser in order to effectively implement your technique.


Facebook, google, all these other giant technology firms... They will be looked back on in the future as ruthless opportunists doing their best to take advantage of the public with technology before anyone can figure out what they're doing and stop them.

The world is not some cute friendly little place. It is equally as barbarous today as it was in the dark ages. The TVs have convinced everyone otherwise it seems. Evil people are using machines to take over the world.

http://www.youtube.com/watch?v=z9RiRfMYVlQ&feature=chann...


Is this really just a facebook problem? Isn't it a problem for any client side service that is used across the web? Analytics packages, ad software, value add stuff like disqus, etc.


I was surprised to find out that Facebook tracks not only what 'like' buttons you have been clicking but also where you have been browsing. Is there a privacy browser extension?


For Firefox, RequestPolicy adds a whitelist for requests to third-party websites. It's a hassle to set up, but it works. I don't know if an equivalent exists for Chrome.



Disconnect for Chrome is great, but it only blocks a limited number of social sites.


It's the visitor's choice to visit a webpage. It's the developer's choice to choose widgets. Do you really think it's fair to say, "I want to use your widget, FB, which happens through your servers, and I want to use them my way without your consent." The default option (not choosing the widget) is always fair.

My point is that to make such widgets illegal, widgets that service three consenting parties, is completely retarded.


I take that back. If people don't understand the natural laws of the Internet, it may stand to reason that blocking widgets is a matter of national security.

However, I think a better approach is to educate each other on how the Internet works, so that blanket measures can be avoided.


Is there an open-source implementation of this two-click system for Facebook's Like button (and others like Google's +1 and Twitter's tweet button)?


I often use a simple (button image) link to twitter.com/share or facebook.com/sharer.php (now http://developers.facebook.com/docs/reference/dialogs/). That is one-click without javascript execution or, worse IMO, company custom html tags.

AFAIK Google+1 doesn't, as of yet, have such an URL where you can share. Sharing seems to go through the +1 button. I'd really like a share url for Google+ for technical and privacy reasons and keep everything one-click to share.

I bet you could make a two-click system for the Google+1 button, now asynchronous javaScript loading is enabled, but I don't know if that is within TOS. Again I would love a simple share link (like Linkedin, Facebook or Twitter) and be done with it.

I know that sharing on Facebook is different from liking, but I feel sharing is more valuable from a marketing POV.


For Firefox there's an add-on, take a look:

https://addons.mozilla.org/en-US/firefox/addon/2-click-like/

It supports five or six like buttons.


A possibly related note: I use two browsers to browse the web in an attempt to protect my privacy (as futile as it seems to be); one is logged in to google, and the other is not.

When using the browser that is logged in, I get 15 "+1"s for google like-like button. however, when using the other browser that's not logged in, I get 0 "+1"s.

Can anyone explain?


I was doing it on my website, I never had any problems with facebook.

Actually, I had other problems with them, and what they did is just plainly banned my application and blocked my website from using facebook API.


what about the like buttons on techcrunch? they only load if you hover over them as well.


techcrunch uses a custom image for their preloaded button


Facebook is detestable. Just like its founder.


I forgot how when I click a like button on a foreign page, face book is keeping data about what pages I am visiting and (who,what,when,where,how) and is selling that click data about me to the highest bidder (and I cant turn it off) to advertisers or worse government agencies doing warrent-less surveillance.

I'm never clicking a facebook like button again until I can turn off user website tracking.


You don't even need to click the like button. Facebook get the information as soon as you view the foreign page.


If you use Chrome(-ium), there's an extension for that. I believe there is an equivalent FF extension out there as well.

https://chrome.google.com/webstore/detail/ejpepffjfmamnambag...


People, including myself, seem to forget that Google has a far more pervasive network that has been operating for much longer.


By 'selling that click data about me' you realize that the only monetization tool Facebook has is a anonymized and aggregated ads tool...it doesn't sell click data.


I find there's a general perception (especially Slashdot) that this isn't the case, I'm not sure why given that Facebook's been fairly explicit about it in the past


Don't use the Like button.

There, problem solved.

If your startup isn't social and free, it isn't hip. If you don't have a Facebook page and seven shades of "Like" buttons, you are destroying your business. Just stop.

Stop putting that social media flare (crap) on your website. Your users don't care, because sharing a link is not an unsolved problem.


I love the privacy "oh no they're selling our data!" paranoia that people still have without considering WHY and what legitimate reasons Facebook has for sending back data when a Like button is implemented.

First, they are a SOCIAL network, this data helps them figure out the engagement level with different brands that participate on the Facebook social platform. Second, in this case, the use of 2-click solution creates a disconnect with the expected behavior of the Facebook Like widget which means users going across different sites will not know whether they need to make one or two clicks to enable a "Like". Third, when you don't use the Facebook Like widget, you don't get any insight into your connections with your social graph unless you click on the Like button which defeats the purpose of being able to see that "4 of your friends like this".

There are real privacy concerns that we should consider but I'm tired of reading EU Privacy office statements that show a lack of understanding of how the web works and without regard to the impact to the monetization ecosystem which is the lifeblood of many web publishers. What bothers me more is that there's a lack of consideration that there are legitimate reasons a certain level of data is collected in order to make the web more social.


> What bothers me more is that there's a lack of consideration that there are legitimate reasons a certain level of data is collected in order to make the web more social.

It isn't for making the web more social. It's for making (e.g.) Facebook more all-knowing, which is a task on the way for more profit.

Just like the tobacco industry should be regulated against making cigarettes more addictive, privacy should be regulated -- either by attaching a mouse-over saying "warning: facebook tracks you on every page you visit that has a like button", or by limiting what and how they can collect.

The copyright issue is a red herring. Facebook could create an official "data:..." url like button that has the original image instead of linking to their server. It would be better for everyone involved, including facebook's bandwidth and the site's loading speed -- except that facebook would lose their tracking data.


First, they are a SOCIAL network, this data helps them figure out the engagement level with different brands that participate on the Facebook social platform.

Non-sequitur. What does their knowing the "engagement level" with a brand have to do with social networking? In what way would Facebook be less social if you eliminate the entire like-button feature (for the sake of argument)?




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: