Hacker News new | past | comments | ask | show | jobs | submit login
Facebook is scaring me (scripting.com)
553 points by moses1400 on Sept 24, 2011 | hide | past | favorite | 270 comments

I recommend Ghostery: http://www.ghostery.com/


Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.

Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

Choose to block - or not. You get control at a company level - are there some marketers you trust, but others you'd rather turn away? Ghostery lets you open the valve of your web behavior as wide or as narrow as you'd prefer.

Ghostery and Disconnect are essential privacy tools in Firefox, Safari, or Chrome. Also try ShareNot on Firefox, which is experimental, but has somewhat more extensive blocking coverage than Disconnect.

But more fundamental: don't log in unless you have to, log in only in private browsing windows or separate browsers from your other surfing, and also clear your cookies often to keep your not-logged-in browsing cleaner from a privacy perspective.

Just a note: Neither Ghostery or Disconnect work in Chrome, since Chrome doesn't have any kind of ability to block requests from being made. The experimental webRequest API should help with that, but it hasn't been released yet.

can you clarify? both ghostery and disconnect do install and run in chrome - i have them running now. are you saying that there is some particular functionality that they don't provide?

also, responding to the (grand) parent, someone else mentioned that flash cookies are cross-browser. so if fb uses those you need to also make sure that the fb browser doesn't have flash installed.

They both install and run, but they use beforeRequest and edit the page content. This works in theory, but in practice there is no guarantee that the script will be loaded into the page before the tracker assets are. The ghostery/disconnect addons succeed in blocking trackers sometimes, but not all. Ghostery handles it a bit better than Disconnect does, as it will actually tell you which trackers it was able to block and which it wasn't.

The experimental webRequest API will solve that by providing a synchronous way for scripts to deny/allow connections before any requests are made, but webRequest won't be made available to non-experimental addons for a few months at the minimum.

More info: https://code.google.com/chrome/extensions/trunk/experimental...

Another very useful addon in Firefox is the RequestPolicy plugin, which blocks requests to other sites. You have to explicitly allow a site to connect to Facebook or Google analytics.

The only downside is that it is sometimes a hassle on pages that integrate third-party payment solutions which often have a lot of redirects and off-site scripts and iframe content. But then, like in noScript, you can always allow all or some request types from a page permanently.

I use noscript, ghostery and requestpolicy, but so far, I haven't managed to integrate requestpolicy into my daily browsing (I have it set to 'allow all' with a few blacklisted sites) because it's too much effort to figure out exactly what is needed by every single website.

It's hard enough with noscript to randomly guess at what should be allowed for a given site. You take a guess, then slowly expand the number of temp permissions til the site eventually loads properly.

I just tried it and browsed to TechCrunch.


Try avc.com next...

i think venturebeat.com wins. viewing an article there shows 18 blocked pieces-of-crap.

Kind of amazing how it loads 10x faster, eh?

Came across Ghostery professionally earlier this month, seems to be quite primitive in it's detection which surprised me. A site I knew to have tracking on didn't get picked up due, as far as I could see, a change in the filename of the tracking .js file. I was expecting it to track domains in a similar way to AdBlock.

I use Ghostery as well, but few people seem to be aware that you can also use AdBlock for this. Subscribing to the Fanboy (or EasyList) "Tracking/Stats Blocking" filter will block cross-site requests to sites like Google Analytics and Facebook just like Ghostery will.

Another option I have installed as a Chrome extension is Disconnect.me

How does this compare with addons like Adblock and Noscript?

It doesn't. Noscript blocks scripts and plugins from executing on the page and AdBlock blocks a specific list of ads.

Ghostery blocks a list of trackers such as google analytics, KISSmetrics, and facebook social plugins[1]. Ghostery generally won't affect the page at all except in invisible ways, but it will remove Like, Tweet, +1, etc buttons to prevent requests from being made to Facebook/etc.

You can also fine-grain set Ghostery to allow certain trackers, like Google+ buttons, while still blocking all the others.

[1] The tracker that this article is about.

P.S.: Watch out as Ghostery doesn't actually work on Chrome. See https://news.ycombinator.com/item?id=3034093

Adblock with Easylist Privacy compares to this though. However you won't get ghostery's eye opening popup with it. I use both in conjunction just to be sure.

thanks for posting this, just installed Ghostery and it's the best thing I've done. very eye opening into what some sites are doing

I'm an engineer at facebook. I want to clear up a few things that you guys are talking about.

For starters, it's true that a visit to a news story or watching a video will trigger a feed story. The point that most people seem to be missing is that this requires you to knowingly allow a social application. For example, in my case, I installed the social plugin for rdio (rdio.com). When I listen to a song on rdio, it publishes it to my friends ticker feeds. (Ticker is the bar on the side where likes, listens, reads, etc go). There are a couple websites that are doing read social browsing, for example the Washington Post's social reader (https://apps.facebook.com/wpsocialreader/). Again, just by visiting this page you will not trigger anything unless you have already allowed the application access.

In the past I've setup my music player on the laptop to publish the songs I'd been listening to, to my IM client (as away messages) - Adium let's me do this out of the box. It's kind of the same idea, instead this is just built in to the website you visit or music you listen to.

You can also disable any application you previously installed by going to Privacy Settings and clicking on Apps and Websites. It should all be there. You don't have to log out of facebook or close your account. Just delete all your social apps. (https://www.facebook.com/settings/?tab=privacy)

How narcissistic must we be these days to think that our friends actually care about every little thing we do? It has apparently reached the point that we just want to share everything we're doing without applying any kind of personal filter to the stream of data we are sending out. This is silly. We're going to be swimming in a tide of noise and get sick of this whole social thing if someone doesn't slow down and consider what it is that we actually care to know about our friends.

Is it retroactive to apps that you've installed previously? For example, I signed in with my Facebook account on 3rd party site X and accepted the permissions, and at the time it didn't auto-publish to my feed (or "ticker" or whatever), but now suddenly it will be publishing automatically without my explicit say-so?

No. It is a brand new permission that must be granted.

You will know since the dialog will be centered around "Add to Timeline" instead of "Authorize this app".

According to some the app will have to ask for those new permissions before it will be allowed to do them, for now.

I'm sure you're still storing all of that data, whether we opt-in or not. Because why throw away such valuable data?

And that means it will be made public some day, by accident or by design.

So let me get this straight, only white listed websites (not apps, websites) will have content shared from them?

If that is the case this whole thing is overblown. We were all thinking that BuddyApp would be able to publish your generalized browsing. Which is terrifying for a whole host of reasons.

That's very helpful, thanks.

I am a software engineer at Facebook. Bear with me because I don't have any PR-quality answer to give you. I am not on the platform team, but I have built apps before in the wild-west days.

The app requires explicit permission from the user in order to post activities automatically. The idea, if you watched Mark's presentation, is called "frictionless sharing." A lot of people don't share because it's another step, but if they could install an app like the Washington Post Reader (a great app--even Mark has it installed), they are happy with sharing articles they've read with their friends.

I understand you might be concerned, for example if you added that app without realizing that it will post content. If you are concerned about the privacy implications, you can always change individual permissions for an app by going to your account settings, then selecting the 'app' tab on the left, or by going to https://www.facebook.com/settings?tab=applications. If you are concerned about spamming your friends' news feeds, that's why we built ticker, for the light-weight activities like "watched a movie" or "listened to a song" or "read an article".

If I remember correctly, the exact wording of the app permission request was alarming enough to get my full attention ("I, the application, can post as you" or something like that), so I'm worried less about a user missing that part. In my known experiences, the app was installed with the knowledge that it will share your experiences--because the idea is you want to share your activities with your friends. As soon as I read an article, my first action is to either send the link to specific people who are interested, or post it on my wall if I think everyone is interested.

We operate under the assumption that users will not do what they don't want to do, as long as we make it explicit what might happen. And if they make a mistake, they can always go change their settings. So I'm not so worried about users who sign up for the Washington Post Reader app, which is marketed as a social reading experiment, and subsequently complain that it shares your read articles.

You might still be concerned, in which case, please let me know why (users being misinformed?), and I'll try to pass it onto the platform folks, who were really heads-down the past few months.

The reason why this bothers me is that there is no longer any EXPLICIT confirmation that I want to post something. Not sure who said it but I read it in a TechCrunch article, "Just hit play in Spotify and it will share with your friends".

No, any sharing I do HAS to REQUIRE an EXPLICIT action on my part. I have to be in full control. Visiting a web site does not mean that I believe it will be interesting to my friends NOR do I want that information shared with people on Facebook.

A like button that shares, much like the Google+ 1+ button is perfectly fine, I have to hover over it, and choose my circles to share with, and then share. It is not automatic once I visit the site.

I don't want articles automatically being linked just because I visited a page, or clicked play in Spotify, or put the toilet seat up.

It is not just privacy concerns, it is the image I try to convey while using social media sites where it is common place to be friends with your boss and or co-workers. I don't need them knowing I like the Bloodhound Gang or that I read articles about atheism in the NYT but have never read a single article about religion.

Eventually all this collected data will be used against me. What if I do a simple Google search for cancer and I end up reading an article about it, that is now shared publicly, my insurance company a few years later gets a claim for cancer they claim it was a pre-existing condition and deny me coverage.

These are all scenarios going through my head. I am all for the interconnected web, and making it easier for me to introduce my friends to new content across it, however it has to be done on my terms, it has to require explicit authorisation and must never do something automatically without my consent. If I like the content enough I am extremely likely to copy and paste the URL into my social networking sites, I don't mind that extra step. Create a bookmarklet that fills in some of the forms ahead of time for me (I have a reddit bookmarklet that fills out title, URL and the sub-reddit to post in (personal one for me to share links with friends)). I am more than happy to continue using the platform, but this frictionless sharing scares the crap out of me, and will see me closing my account sooner rather than later if it continues down the path that it looks to be going down.

It's eminently possible to just live life without Facebook. I stopped using it a few years ago, although more because I was being drowned with useless information from other people ('hand stuck in toaster again, LOL') than out of privacy concerns.

I agree with you there. I hated Facebook because I made everyone I ever knew a "friend", and it was depressing because of how dull these people were. I canceled my account and haven't thought about it again; Facebook provided me with no value. I still don't see why other people like it so much; if you want to chat with your friends, why not go get some coffee or beer together?

Maybe because not everyone lives 10 minutes from each other and is 100% independently mobile? And gee... occasionally even people that you really enjoy spending time with have to move to other areas of the planet.

As much as I'm not a fan of FB re all the privacy stuff (not to mention a history of horribly under/wrongly-documented and semi-broken APIs), it's done wonders for a large generation of web users in terms of allowing them to easily (and consistently) share their lives with a lot of their friends and family. I see that aspect as a good thing.

I have no car, a lot of my friends are several hours away by public transport (even here in San Francisco), my birth family lives on another continent, and my wife's extended family lives on a different continent again. I couldn't manage without the internet, but somehow I manage just fine without facebook. I've kept a FB as a sort of notebook in case I need to find someone, but I think I've only logged in once or twice this year. At this point, I think everyone I care about is on LinkedIn.

I'm not for or against FB; it's not my cup of tea, but I might not be like the typical user. What I don't understand is the 'forced to use facebook' meme that comes up every time someone is unhappy with some changes there.

People could easily share lives with their friends and families long before Facebook. Email, IM etc. But not a whole lot of people seemed to bother with it. Now Facebook brainwashed everyone that it's almost irresponsible not to share.

As much as I want to agree with that, no, it wasn't as easy.

If I wanted to share a picture with 12 people, I had to send 12 emails, or CC 12 people, or BCC them because they didn't want their emails shared with people they didn't know.

Not everyone understood IM, and not everyone was on at the same time.

The bigger question would be why more people didn't latch on to friendster or myspace before facebook. It's as much a social trend as much as a technical one. As computers got cheaper and more people got net connections (or faster ones), there was more of a need/demand for sharing info. Facebook hit at the right time to capitalize on network effects amongst 'regular' folk.

Alternate explanation: Facebook made it much easier to do things which were once possible, but hard. So more people do them more often.

Facebook is not the only and surely not the first easy-to-share service. Why are we so focused on Facebook today? Marketing.

No, because the people you know are there and use it.

I'm self-aware enough to know that if I weren't single, I wouldn't use facebook at all. As with many things in life, facebook is attractive to women, and the men follow the women.

I think it's why facebook really rules. It's the most casual place to ask a girl for a cup of coffee. If you sms it's a lot closer to harassing. And you can assume that you find practically any girl on facebook that you have met.

Why use Facebook and not OKCupid?

Facebook is 55% women. Dating sites are...not.

There are naughtier pictures on Facebook.

The people I know that get the most utility out of Facebook, are attempting to keep in contact with a large base of friends/family once they've move away from them.

This has always seemed so "burger without the meat" to me.

Unless your friends are conveying intellectual stimulation that stands on its own, you're just reminiscing and should probably just some make new friends and call your mom now and then.

I think you're wrong in that department. It's become a fundamental in online identity, especially for younger people. I watch my younger siblings (teenagers) who depends on that for their social lives. Sure, they wouldn't die without it, but it's an essential part of being a part of their community. I could say the same for myself, I don't like Facebook and what they do, but if I wasn't on it during college and especially grad school - I would have missed out on a lot of the experiences with my colleagues.

I have no idea on how you live, how old you are and who you keep as company, but I think you're going to be in the minority or already are) soon enough. It's a social organizer that everyone has opted into which means breaking from it makes it infinitely harder to remain social.

That's more or less saying: "Let's do this because everyone else is doing this."

There's some merit in your argument. I've argued elsewhere that 500,000 daily Android activations means that the kids growing up now form their first impression of a "computer" to mean "smartphone" and not a desktop. This world-view is totally different, and as people who create products, we have to stop and think, are the things we are doing now relavent in an age where "computer = smartphone"?

Applying this with Facebook, we have kids growing up and learning how to socialize through Facebook. It suggests that that, unless I dive deep into Facebook, I will remain on the other side of this generation gap. As a product creator, I would make products suited for the older generation -- already obsolete. It extends outside of making products. We've already seen policy makers make bone-headed moves, attempting to restrict internet access for its citizens. That's like grounding a teenager from using Facebook. Grounding a teenager and making sure they can't use Facebook? Really?

However, on deeper reflection, this points to a huge flaw. It comes back to, "let's do this because everyone else is doing it."

I've written about this as an answer on Quora. We used to have rites of passage conducted by elders and parents. Now these rites of passage form from peer interaction. That's not such a good thing.


So yes. Stepping away from Facebook means missing out on being social. Something that's broken right now. Hmmm.

You're trying to describe network effects without using that term it seems. It's a pretty well documented area and the fundamental idea is the more users, the more value generated (with some sort of exponential benefit). I don't think there is a flaw in the logic that the value of the service is immense when every single person in your community is on it. If you do, could you please explain further?

It might be sad or disappointing in your mind that people behave like this, but that's not a flaw in the logic of the behavior, just an opinion on how people tend to behave.

I've never framed it that way. Analyzing this as "network effect" is an interesting thought. But no, network effect is not the key insight I'm attempting to communicate.

I'm talking about a generation of kids growing up with technology. This isn't about the value of the network increasing as people use it. It's about a fundamental shift in one's worldview by encountering the technology during formative years. I'm basing much of this on Clotaire Rapaille's work, as described in his book, The Culture Code (http://www.amazon.com/Culture-Code-Ingenious-Understand-Peop...).

Rapaille conducted a study for Nestle. Nestle wanted to open up the Japanese market for hot chocolate. Using his research methods, Rapaille found that adult Japanese never formed early childhood impressions of chocolate, and so introducing chocolate products to Japan would fail miserably. As a result of the study, Nestle shifted its marketing strategy towards introducing chocolate to Japanese children, with the idea that twenty years down the road, they can sell chocolate products when they become adults.

Half a million daily Android activations means that a generation of children grows up encountering a personal computer in the form factor of a smartphone. Having come from the older generation, I still picture a desktop computer in my mind when I see the word "computer", despite working primarily with web technologies and cloud servers. To make sure my products do not become obsolete, I have to step into the shoes of someone who grew up picturing "smartphone" when someone says "computer". It means that any web/cloud application I make must be delivered on a smartphone first, with the desktop experience being an after-thought. I can live with that. That will mean twenty years from now, software development will mean keyboard-less IDEs, but I can still live with that.

I apply the same frame to these Facebook announcement. What is it like growing up where your first impressions of social dynamics is Facebook? I can separate my online identity because I entered my teenage years in the era of text-based MUDs and email. I had access to the internet when most of my friends do not know what it is. I could and did interact with adults. But a pre-teen or a teenager growing up now, knows that you can't separate the social identity like that. What, are you crazy?

What would a society with the unexamined assumption of "Facebook = Social" look like? One that accelerates the general trend for the past several generation: further isolation from the deep wisdom of previous generations; rites of passages conducted by clueless peers that end up in tragedy; a new life stage to describe young adults in their 20s to describe an extended childhood, much the way "teenage" was invented to describe the emergence of an extended childhood.

I do not like what I see in this thought-experiment. So while I might embrace the future when it comes with mobile devices, to this ... travesty ... called Facebook = Social, I say, "bah humbug."

(And next thing you know, I'll be walking out my front door with a cane, shaking a fist, "Dang kids! Get off my lawn!")

You make some interesting points and I will probably have to check out that book at some point.

I will skip the computer/phone stuff, I don't really think we have an disagreement about changing consumer behaviors.

Facebook=Social, your conclusions are a bit different than what I perceive. Further isolation from the deep wisdom of previous generations is not the conclusion I would necessarily make. To me it seems they could actually be the most connected to older generations simply because they are sharing a social space (facebook) with them. Sure, not everyone is going to be friends with older generations, but the opportunity is greater, the barrier for communication is lower and older generations are watching them closer than before.

Each generation has to go through its own unique rite of passage given cultural, technological and social standards of the time. I think they'll figure it out and make it work, somehow that always seems to happen.

"To me it seems they could actually be the most connected to older generations simply because they are sharing a social space (facebook) with them."

You make an excellant point here. I have not seen examples in the wild of the kind of "deep wisdom" being shared across the Internet by private family groups, but that doesn't mean it does not exist. However, I know certain wisdom cannot pass on through the internet, can only pass on by face-to-face. They are typically transmitted through body language, physical motion, and sheer charismatic presence.

"Each generation has to go through its own unique rite of passage given cultural, technological and social standards of the time. I think they'll figure it out and make it work, somehow that always seems to happen."

This has been true only within the past several generation, and only due to Moore's Law. In other words, this uniqueness for each generation is an aberration.

Tribal wisdom used to be told through folklore, myths and initiations. These days, in the mainstream and in geek subculture, we use the word "myth" to mean "superstitious", and "something to dismiss" in contrast to "facts." The surviving stories appear in the better science fiction and fantasy novels and pop-culture TV shows. Comics. Anime. Some movies. A tiny handful of video games. Often tainted by consumer lifestyle values.

An example of what I mean, that's meta enough to discuss this within the story: Neal Stephenson's Diamond Age

It comes back to what I wrote in that Quora answer. Today, peers, not elders, conduct modern rites of passages. Elders today cannot keep up with Moore's Law, so peers conduct them. You end up losing things that still remain true, generation to generation regardless of technological changes (hence, "deep" wisdom), and you learn them from your clueless peers.

Out of curiosity, can you describe what sort of 'deep wisdom' you think isn't/cannot be passed along? It's a rare thing to be deeply moved by what someone is saying (at least in my experience), but I don't think the times I've truly been moved by information being imparted on myself is exclusive to the realm of 'real life.' There are wonderful movies, books, even conversations I've had that have had profound impacts on me as a person. I am not sure if perhaps you think this isn't possible or we are thinking about fundamentally different experiences?

I actually thought about this point when I wrote my response, that perhaps it may be limited to the past hundred or two hundred years. However, I am not sure if that's the case or not, I don't know enough history/sociology to make any sort of qualified statement on the subject. The pace at which technological change is happening has certainly increased since the industrial revolution, and I presume that has been a major driver of cultural change as well.

I am still not really sure what you mean by learning form clueless peers. It isn't as if all the elders in a society disappeared - most children still go to school, have parents, get jobs, are exposed to role model figures. In fact what do you think of most western countries where population is actually getting older and there is a lack of young people?

"Out of curiosity, can you describe what sort of 'deep wisdom' you think isn't/cannot be passed along?"

I assume you mean, "cannot be passed along Facebook, or other Internet-like communications network".

Mindfulness is one example. It's difficult to convey over the internet, and still challenging in person. It's the kind of skill that requires someone present to point out when you're being mindful and when you become distracted. You can't force someone else to be mindful. Hell, you can't force yourself to be mindful. Many stories disguise lessons of mindfulness.

Fear and dealing with fear is the biggest example. All fear roots back to existential fear. Some (not all) older people have a peculiar attitude because they see their own demise coming, accept it, and live on. The TV show, Breaking Bad is a great example, a man who saw the end of his existence, stripped away all the BS and decided to leave behind a legacy.

However, it's one thing to watch characters on the screen deal with fear, and quite another to deal with your own. The mind plays many tricks to comfortably avoid fear. Another person in the same room witnessing your discomfort has significant impact; if they are able to mindfully witness and convey a sense of safety, such interaction helps you gain insight about your fear, and possibly change habits and actions resulting from that.

"The pace at which technological change is happening has certainly increased since the industrial revolution, and I presume that has been a major driver of cultural change as well."

Though off-topic, you might find this interesting: http://www.ribbonfarm.com/2011/06/08/a-brief-history-of-the-...

Venkat's blog post led me to a book, Lever of Riches ... which I think has a lot of useful insights yet seriously flawed. But, it is interesting as a survey of technological history and look at changes within culture as well. I did not know, for example, that clockwork mechanisms reached high art before the invention of moveable type. These clockwork mechanisms directly paved the way for industrialization, and accounts for the obsession some cultures have for gadgets and gadget making.

I've also asked this series of questions on Quora. Perhaps you might have some insights:

"How has the invention of moveable type accelerated the tempo of invention and innovation?" ( http://www.quora.com/How-has-the-invention-of-moveable-type-... )

"How has Open Source accelerated the tempo of software innovation?" ( http://www.quora.com/How-has-Open-Source-accelerated-the-tem... )

"How has Github accelerated the tempo of software innovation?" ( http://www.quora.com/How-has-Github-accelerated-the-tempo-of... )

"How does the tempo of innovation within Github differ from that of a geographic technology hub such as Silicon Valley?" ( http://www.quora.com/How-does-the-tempo-of-innovation-within... )

"In fact what do you think of most western countries where population is actually getting older and there is a lack of young people?"

I have not studied up on Western cultures as much as I did American and East Asian cultures. I'll think about this.

As a distraction, I offer this story. Japan has a cultural value in which the elders (now mostly from the WWII generation) believe that they can and should sacrifice themselves for the future generation, the children. It's a sort of a, strange mix of bushi and Confucian values. Another interesting thing: the Japanese Shinto values of spirit ex machina leads to a great obsession with robots and androids ... and exoskeletons to help the rice farmers continue growing rice. Because many of the younger generation do not want to farm. There's big problems with social recluses.

Yet, I have also read reports of the attitudes of the generation just now entering ... post-high school. Unlike their older siblings (about half a generation older), they ... don't quite outright reject their boomer parents workoholic attitude, yet don't seem to run and hide away in a closet. I look forward to the stories coming out of this generation. Maybe I'm wrong about "rites of passage conducted by clueless peers" after all.

Thanks for clarifying what type of things you think cannot be passed along. I think that's a good example. I guess my biggest question becomes - can we design ways to pass that information along more effectively? Sure the world isn't just facebook, I think of more as a nexus for organizing and documenting social lives. It doesn't take away from the fact that most of the 'actual' socializing happens in the presence of others physically.

The blog post was very long and I think he missed some of the major historical points (especially about finance). You should checkout The Ascent of Money for a good history of corporations and the financial innovations that made them possible. It would argue spain/portugal didn't become irrelevant because they weren't as good, it was almost because they were too successful. The flood of physical wealth prevented financial innovation which allowed the dutch and brits to get ahead.

Japan is especially fascinating to me (I am half Japanese) and the culture is very bizarre in a lot of ways. It's probably one of the most (if not the most) homogeneous society on earth. I do wonder what the effects of that are on determining people's beliefs and behaviors. For instance, would the willingness to sacrifice and contribute to the greater good be diminished in a less homogeneous society? The recluses, while a problem, I am not sure what percent they ever actually made up. There is a lot of social problems in Japan for so many different economics, political, cultural reasons. However, I do wonder how much they were blown out of proportion in the media as a scare versus a real threat to the very fabric of society. I have a number of japanese friends who would be in your recluse age group, even the worst off one (I don't want to tell their personal story here, but it's not good and probably sounds like many great struggles to find identity for young people), ultimately became a salaryman. I think they are finding their way eventually, most of them at least. It's always been strange for me to try and understand Japanese culture. I am Japanese but I don't think I would ever be considered Japanese, so it still feels almost like an outsider looking in, with maybe a slightly less foggy window.

> I guess my biggest question becomes - can we design ways to pass that information along more effectively?

That's a very good question. Something to mull over.

> You should checkout The Ascent of Money for a good history of corporations and the financial innovations that made them possible.

Sure. I'll check it out.

Just want to address your "500,000 daily Android activations" comment.

During the C64's lifetime, sales were around 15 million units in total. The C64 was "relevant" between 1981 and 1991. So, roughly 125,000 units sold a month. "Making it the best-selling single personal computer model of all time." -Wikipedia, with sources.

Computers have never sold as much as phones. Phones of any variety. So what?

I don't equate "Skateboard = Automobile" because they both have wheels. I don't change my thinking from skateboard to car because cars sell more.

I like skateboards. I like computers. Neither are going away any time soon.

I think you are confusing "relevant" with "popular" or "big piles of money i'd like to take a bath in." I applaud developers who broaden what they are doing. I applaud investors who want to make money investing in whatever makes money. But, businesses come and go. Commodore, in fact, is a perfect example of botching the business, while others continued to make the product, improve the product, and the product is still relevant.

Furthermore, Facebook didn't invent the "generation gap". It's the same thing over and over and over dating back thousands of years. "Being social" is "being human" and not necessarily "being Facebook." There's a bigger picture here.


Apparently I was not very clear in my writing with what "500,000 daily activations of Android" means. I elaborated my reasoning in a followup post. Feel free to rebut that.

By definition, being social means doing things other people are doing.

You can be mindful or mindless in "doing things other people are doing." Many people choose to mindlessly "do things other people are doing." Leaders take a step in a direction, and the crowd may or may not follow them. If they do, it's because people tend to follow, rather than to lead.

Which is interesting, considering that many of us are here because we want to take some risk as entrepreneurs, to step out and do what people are not doing. Does that mean entrepreneurs are not social?

It is definitely possible to live without a Facebook account and also have a social life. If that is not the case, there is something seriously wrong with the society you are in.

You're probably not a member of a community which has fully adopted it. I also wouldn't impart your judgement so easily without considering what it would be like to enter into a community that had 100% adoption of a service and how you would behave in that instance. I am not saying it's impossible to live without it, but it certainly makes it more difficult and adds friction to your life that could easily be removed by just joining.

The problem is that it is not only facebook. I think this is an issue that needs to be addressed at another level.

Facebook is definitely the most of evil of them all, but Google is also doing it.

Not only that, but I have a feeling that if Google and Facebook fail at providing some institutionally-derived level of default sharing by users, the next company is going to try something else. And there will be a "next company" to try this, just as there has been in the MySpace > Friendster > Orkut > Facebook > G+ > etc. chain.

This is an institutional desire, probably by the advertising industry, that will not stop.

Yes I agree. I don't currently have a win-win solution in mind. A great solution would be one that allows facebook to still gather information provided that the "correct" privacy controls are in place for users.

I think, since this is so new, there is no clear understanding of what the "correct" privacy controls are. That is why I love the fact that G+ exists. Competition will help solve this problem.

Agreed. Once privacy becomes the driving issue of social networks, either Facebook, G+, or the next evolution, will offer users what they consider to be proper security/privacy. Although we can be seen as the products and not consumers of Facebook, if we are being harvested for social data, we will require proper care and growth to deliver a good product.

To clarify on Spotify, there're options to (a) connect with Facebook (i.e. use it for login purposes) and (b) send the music you play to Open Graph. One does not depend on another, and (b) can be turned off without impacting (a).

I've been using ShareMeNot (http://sharemenot.cs.washington.edu/) for a few months now. I don't know if it's a perfect solution to go around but it's a solution nonetheless.

If you don't want to share anything, then don't use the app. Nothing is automatically sharing unless you tell it to. Nothing can magically share the fact that you read a Techcrunch article unless you install a "Techcrunch Reader" app or something, in which case it would have to ask your permission to share that information. If you didn't like it, you can remove that permission. For example, here's the relevant permission from the Washington post app:

Add app activity to your timeline Washington Post Social Reader may publish your app activity to your timeline.

If you don't want the app to automatically publish something, then just x out that permission.

The amount of stuff that is starting to require Facebook Connect or access to Facebook is what worries me. Most of them ask for every single permission under the world and only ask me once.

For example, Spotify, it is practically neutered unless you connect it to Facebook, but as soon as it is connected to Facebook it can send data to Facebook as me.

There was an app not too long ago that required Facebook to login, it too asked for those permissions. Now it can without my permission start sharing content based upon actions in the webapp. I am not okay with that.

First of all, when I go to spotify and "log in with facebook". The site sends me to a facebook page asking me to "log in to spotify" with my facebook. On this page, it specifically says "This app will not add activity to your Timeline." In other words, the basic spotify login with facebook isn't social. If you "Connect" your spotify account to facebook, it pops up a permission dialog asking you for various types of access. This is the social portion. Don't do this if you are concerned.

The second part of the application is the social part. Again, if you don't trust an application you can always go to your app settings page on facebook (https://www.facebook.com/settings/?tab=applications), select the application you are worried about and deny specific items that you don't want the app to have access to.

If you "x" out too many things, you might cripple the application, but that's the way it works.

I don't want to first opt-in to something and LATER have to deny it those permissions. I want to deny it those permissions and only give it some permissions to start with.

How much damage would it be possible to do in the 3 - 4 minutes it will take me to go back to Facebook, go to my account settings, look at my app settings, find the app in the huge list, and then start removing permissions I don't want to grant it?

After that I have to go through the effort to find the post content in my timeline, one by one delete the items and hope that my friends have not yet seen the content (and it being posted to the ticker makes that unlikely...)

My point was that most pages hopefully will have two levels (like spotify). One to log in and do basic things, and the second level a social one.

So, if you don't do the second part, you should be fine?

Also, I personally would be careful in installing apps. This goes for any application (not just facebook). If you trust an app, go ahead, if not, just avoid it. This is going to be different for different people.

Edit: Ok, I think I see your point. You don't want an app to ask for too many permissions right off the bat and then you having to go back and remove them.

Again, I think this is going to be developer and users driven. The more people ask for apps to start off with minimal permissions the developers will have to comply. Does that make sense?

Why should this be developer and user driven? Facebook on their permission page when I first visit it should be more than capable in allowing me to change what permissions are given.

If they can retroactively remove them, they should be able to do so before I even grant any permissions.

Give me two columns, one "Allow" and one "Disallow" and I can drag the permissions to the columns as I see fit. Can an app give me a template or ask for certain permissions by default, yes, absolutely, but let me change them.

This is an excellent point, let me pass that on to the platform permissions people.

If I remember correctly,they sort of had that earlier, then it was removed to make apps powerful and sign ups easier!

I think it has to re-ask you for new permissions, it doesn't get any permissions 'grandfathered' in. But yeah, the fact that many apps ask for too-many permissions is a pain :/ Means I always have to go back and remove the permissions I don't want, and hope I don't forget.

How is Spotify "neutered" without Facebook? I've never connected it to Facebook and everything works fine for me, including sharing playlists with other users.

Reportedly the Washington Post reader gleefully designs around the Facebook opt-outs.

If you have your privacy setting in Facebook on "only me," then what you read within the app will not go to Timeline or be seen by friends outside of the app. However, _inside the app_ friends who have also downloaded Social Reader _will_ be able to see what you’ve read http://www.forbes.com/sites/jeffbercovici/2011/09/23/relax-f...

If that isn't a violation of the spirit of Facebook's privacy settings, I don't know what is.

Of course it's been possible to build newsreaders that spy on people's browsing habits and share them with Facebook friends (or anyone else) since the early days of the Facebook API, but this particular app is promoted by Facebook themselves as a flagship for the way new passive sharing apps should be.

I rarely use my FB account and never install apps or post anything on it, just use it to follow a couple of friends/family. I've got all privacy settings (that I can find) set to the most restrictive settings.

I checked the list of "authorized" apps from the post upstream (https://www.facebook.com/settings?tab=applications) and there were 4 things in the list (Bing, Pandora, Yelp and one other that I'm forgetting) none of which I'd ever explicitly authorized for facebook access. If I ever use OAuth for anything, I use my twitter account, never facebook.

Any idea how those got in there, and what setting I can use to never let them back in?

Actually, Facebook's 'publish_stream' extended permission, which has existed for 1-2 years, already gave developers the ability to publish on your wall, without getting explicit confirmation on each article.

Similarly, for Spotify to do this Activity stuff, you need to give them an extended permission called 'publish_actions'.

If anything, actions are less dangerous, since the size and visibility of the content is significantly more limited than are wall posts.

Anyone saying otherwise either is linkbaiting or truly does not understand the Facebook platform.

And a consequence of that is my "Facebook stress" everytime I allow an app to publish on my wall. I don't want them to, and I am forced to accept because otherwise I could not get access to the app. I have to check my Fb profile that nothing gets posted everytime this happens.

In theory you could just not use the app. Also, tell the app owner why you're not using it. However, I'd say that there's generally no consistently way I've seen that FB gives you to give feedback to app owners - certainly ones which you're not actually a user of the app too.

If enough people did that (or started to from now on) the demands for extended app privileges might drop.

Yes, The Sims Social did this well before the F8 conference. You just had to opt in

I would recommend that app publishers, has a good practice, explicitly put the action as buttons to replace or complement the Like. So, I could click "read" and then it would publish the action. I think that doing so automatically on behalf of the user is asking for trouble.

You do realise you don't have to use these features, don't you? The features are there for those of us who wish to have this information automatically shared with our friends, but if you don't wish to, you can turn the automatic sharing off in some of the applications, or just don't connect/remove the application to/from your Facebook account.

Why complain about features you don't have to use, when many of us like to use them?

This is 100% the correct way to look at this.

Facebook originally just allowed you to share what you wanted to. Now it is simply ridiculous.

Only we care about this. All the privacy invasions facebook has forced upon its users have been readily accepted, and it keeps growing. Facebook knows this. Most people care more about UI changes, rather than this invasion.

I run facebook on the iphone, or in a separate browser, to keep in touch with some relatives in far away countries. It is great for that, and I am very happy to be able to do that.

I totally understand your concern about sharing things that might hurt you in the future. Anyway, I guess the Washington Post Reader wasn't designed for a lot of people like you, so there's nothing lost from not installing the app. But I have lots of friends who do love sharing all the articles they read, so to each his own.

I sympathize with people's concern about apps requesting more permissions than they need to do their job, but here, "sharing articles I've read" is a core part of what the product is.

So if you don't install the app, and I do, what's the problem?

Looking at where we have come from and where we are moving towards...

There are already webapps that require logins using Facebook connect and provide no alternate means for me to login (I've started creating many a fake Facebook account) and require a whole laundry list of permissions. It won't be too hard to in the future see that people are going to gloss over what permissions they are giving away so that they can get to their free article from the NYT or the Post.

This slow erosion is exactly what I am worried about. That is how the United States is slowly losing all forms of civil liberties and are slowly becoming a police state.

Naked scanners at airports didn't just suddenly happen, it was a long process with some fear thrown in from some stupid jackass with an underwear bomb. DHS used fear to allow them to patrol 150 miles inland from the United States border. The patriot act keeps getting renewed and the only reason it passed was because of 9/11.

No, saying "but it's okay right now, it won't do anything automatically unless you give it permission" doesn't help. Soon it will be "What do you have to hide? Permissions? The web is open..."

Say it like it is, brother!

"The Eternal Value of Privacy" by Bruce Schneier, http://www.wired.com/politics/security/commentary/securityma... (article for Wired)

"Why Privacy Matters Even if You Have 'Nothing to Hide'", http://chronicle.com/article/Why-Privacy-Matters-Even-if/127... (for the Chronicle)

But I have lots of friends who do love sharing all the articles they read, so to each his own.

Not to cast aspersions, and I really don't mean this personally (which would be impossible since I don't know you), but is it possible that these friends are simply boring people? There's always an unspoken corner-case (perhaps a "center-case"?) where there are people with nothing to hide. I'm not talking about extroverts and exhibitionists who don't care how their personalities translate to the commenting-online world, but those who watch the news, have a couple of kids, go see a Luke Wilson movie, etc. and that's the extent of their external lives. There are lots of perfectly contributing members of society who have no interest in politics or celebrity, play Bridge on Wednesdays with that awesome Chex Mix that Annie makes, and so on.

Beware of selection bias.

Visiting an article need not be same as reading an article. Many times I end up clicking link baits with out knowing what they contain. So combined with auto posting, I'm increasing the noise for everyone without meaning to.

This is bogus, and a slight of hand meant to further erode privacy while giving Facebook an argument to fall back on other than "it's in our interest to post everything you do into our stream."

The bottom line is that what is actually going to happen here in the real world is that people are going to connect their Facebook account to these web sites, not realize or forget (yes, people forget these things) that this web site has been given the keys to the castle to post whatever it wants on their behalf, and a ton of shit is going to get posted to the internet that was beyond the intent of the user originally clicking buttons just to get past an annoying confirmation dialog.

That said, the people fighting against this are fighting a losing battle. Facebook is basically going to control the world unless someone comes in and tries to beat them at their own game and impose their own vision of how and when information like this should be shared.

orijing (the engineer at Facebook) is right in that you do have to auth the app.

It's not as though could be browsing one day in search of "abortions Chicago" or "genital warts" and have that auto-published to your FB page. You'd have to give an app explicit permission to share activities on your behalf.

I think the point is that you could sign up with LocalTimes' funky new daily deals site using Facebook Connect one day, clicking through a generic permissions screen as you do, because you trust LocalTimes aren't going to do anything spammy. If you know what the signup permissions mean (which if you're an average person, you don't) you decide you can live with some of your friends wondering whether you bought the half price pedicure you perused.

A month later, you're Googling for a local STI clinic and have no reason to believe that clicking on the top result (LocalTimes' eclassified section) is going to share your interest in local STI clinics with all your social network. But it is, because LocalTimes' single signon site which you're already logged into makes no distinction about what is and isn't to be shared, but they have made efforts to adopt this revolutionary new form of passive sharing which is going to push up their pageviews.

But I think the OP's point is that privacy will eventually fade away, so if I'm doing a Google search on "cure for HPV" this will be published publicly to my Facebook profile. I don't really care that "oh, it doesn't publish automatically unless you grant it permission!". I want to be notified when something is posted on my profile.

On another note, I'm seriously considering closing my FB account once and for good and leaving for G+. I have a good crowd of friends willing to do this (and invite their friends), but G+ offers no way to import FB data, which would be a nice feature.

I don't understand. You're afraid that your Google searches will be published to your Facebook stream, so you want to close your FB account and move to G+, because presumably Google is less likely to publish to your G+ profile than to your Facebook profile?

I'm with you there, which is why I've closed my FB profile long ago, and my G+ profile within the first day (as soon as it forced me to link Picasa).

G+ makes as little sense for a private person as Facebook, if not even less.

Wouldn't it be easier just to continue using Facebook, but never grant any permissions to any apps?

And what if Facebook decides that apps no longer need permission to access profiles? They don't care about using privacy /at all/. They purposely make the privacy controls hard to use.

There's always g+ from Google. So far they're staying true to the deliberate opt-in mindset instead of the facebook all-in then opt-out later mindset.

What exactly has Facebook opted everyone into? You have to explicitly allow applications to post things to your wall.

Um, let's see... they started with opting people's profile updates into the newsfeed back in 2006 and went from there.

You forgot the final clause: " later followed by the removal of the choice to opt-out, for your convenience."

Or one day Facebook could overstep and piss off it's common user permanently.

We operate under the assumption that users will not do what they don't want to do, as long as we make it explicit what might happen. And if they make a mistake, they can always go change their settings.

This breaks down with the deluge of snippets of information, voluminous and arcane privacy settings, and the increasingly complex and cluttered UI. It's simply impossible for a normal user to keep up with.

Frankly, it's this assumption that makes Facebook untrustworthy. Perhaps you should assume that your users value their privacy. Asking for forgiveness rather than permission works for startups, but facebook is not a startup any more. Facebook has the users. They should start acting like they want to keep them.

I'm perplexed. If you find Facebook's privacy settings arcane and its UI complex, how do you get around Linux or Photoshop at all?

I totally fail to see how it can ever be a good business model to encourage users to share embarrassing stuff. Pretty sure, as a private entity who looks out for their own interest, they work to reduce this happening otherwise people would be leaving in doves.

Most people can't use photoshop or linux. I can, but do everything in my power not to, especially for something as trivial as a social network. But, with photoshop and linux, and when a user fails, they get frustrated and ask for help or give up. With facebook, they unknowingly spew semi-private communications all over the web. You're right- it's a terrible business model for an established company, and one that should have been snuffed out years ago when they still had a chance. It's now institutional, and I fear, permanent. Thankfully, Google appears to be ready to pick up the slack.

A lot of people can't get around Linux or Photoshop at all.

I think most people here can probably make sense of the privacy settings, but facebook has 750 million members. I am certain most of them do not even know where to find privacy settings, let alone know how to use them. Yes, they may be idiots for posting personal data to a site they don't fully understand, but it is reality. Simply trusting facebook not to exploit these people seems naive to me.

What ever made you think anyone would want this functionality, other than the sleazier, spammier publishers?

Why would any person _ever_ want to automatically broadcast on Facebook the URL of every web page they read on a particular site? What is the benefit, to them? "How do I publicize a big chunk of my browser history" is not a problem any real person has.

The problem with this feature has nothing to do with disclosure or opting out. It's that it seems designed SOLELY for the benefit of publishers, who get more clicks and promotion, and of Facebook, which gets more social content.

You forget that you are not the customer, you are the product. Facebook do not care what functionality you want, beyond what is required to keep you using the product. They care what their paying customers want, and that is access to as much information about the product (you) as possible.

You forget that you are not the customer, you are the product.

Or maybe GP hasn't forgotten this and would just like GGP to admit to it.

Indeed. Since the post I was replying to purported to be confused at the negative backlash among Facebook members, I engaged on its own terms. I suspect at higher levels Facebook is at least somewhat aware it is acting exploitively.

One of my clients is a porn site, and we're currently debating whether it would be a good idea to even give users the option to post what scene they're watching on Facebook. Some users will legitimately want that (they don't care if people know), but we would rather err on the side of not publicly embarrassing people.

> And if they make a mistake, they can always go change their settings.

That is a really bizarre response. If a user makes a "mistake" and unwittingly publishes something embarrassing or damaging to their feed because Facebook made that transaction possible, the damage is done.

Bizarre? I can't imagine any other response.

There's no way Facebook (or anybody else) can completely prevent people from making mistakes.

So, the best they can do in that situation is give people an easy way to clean up the mess, and make sure they don't do it again.

Sure, but by removing a simple step (the act of explicitly sharing something) it now becomes easier for these mistakes to happen...

One of my Facebook friends posted a link to a story from The Guardian yesterday, I thought that was interesting so I clicked to read.

The Guardian pretty much demanded that I installed their app. In the end, clicking 'cancel' turned out to be the non-intuitive way to actually read the article.

Yes 'cancel' let me continue with the action that I had been attempting.

I'm curious, was there any user testing done? It seems odd to me that someone would actually want something shared automatically that they simply read. I understand wanting to make user interfaces more streamlined, but reading something and sharing something with your friends are distinctly different activities.

Seriously! How could this be anything but a crappy user experience? Who would want to share something before they even read it?

What would really suck is googling something private and clicking on a result that just happens to be on one of the sites that has permission to share. Oops.

> Who would want to share something before they even read it?

Apparently Mark would, as he has already installed the "great app" Washington Post Reader, as the OP pointed out.

Business decisions are typically not subject to user testing.

It's a problem because you guys keep trying to push us closer to sharing being opt OUT.

Thanks for posting that, I have often wondered how Facebook could make such horrible usability decisions but it really seems like you guys have little understanding of why someone would want to use your service. 'You' had a relative spam free replacement for email and wasted that huge opportunity by letting random apps spam the channel. I don't want to share that type of crap not because I care about privacy, but because I don't want to waste the time of people reading my activity feed.

PS: I understand a huge part of FB's appeal and page views is the stalker aspect, but just think of all the people that would love to be able to flag all farmvill traffic as spam or simply ignore all posts by apps.

If there is something in your news feed which you don't want to be there, you can click the down-pointing arrow. If it is created by an app, you can even hide all posts from that particular app.

A hide from all apps would be nice, but I think that would catch updates from cell phones and the like too.

Interesting post.

While I have nothing against making it easier for people to share their lives or interesting things they come across, I want these things to be opt-in, not opt-out. Facebook has a history not really giving a crap about user privacy. And honestly, Facebook isn't a company I want to trust very personal information to. That's why my FB profile is pretty much only bare bones stuff and a few pictures.

I prefer Google's approach with G+ - your information is only shared with those who you explicitly allow sharing to. And they never automatically share something. You're in full control. If you're making an online identity, that's the way it should be. There shouldn't be opportunity for things to get out of your control. And I fear that the general public won't realize this is an issue until it's too late.

I'd like to point to another article that was posted here earlier: http://public.numair.com/2011_fbfool.html

Now, you can just dismiss the guy as bitter or whatever, but he does have a point. Facebook isn't the company you'd want managing your online identity. I have no problem with competition, but I have issue when one of those competitors acts sketchy and doesn't have the users' best interests at heart. It's even worse when the people either don't care or don't realize it.

Others have brought up the privacy concerns but for me the other issue is this: a share is an endorsement and if I havent had a chance to evaluate the content, I am endorsing it blindly. I may read an article and think it sucks so I wouldnt share it.

> If I remember correctly, the exact wording of the app permission request was alarming enough to get my full attention ("I, the application, can post as you" or something like that), so I'm worried less about a user missing that part.

Users don't read such messages, they press confirm buttons. Even if they read them most users will not understand the implications. It would be interesting to hear if you have done any user surveys related to this.

A lot of people don't share because it's another step, but if they could install an app like the Washington Post Reader (a great app--even Mark has it installed), they are happy with sharing articles they've read with their friends

I can't see the logic in this. I don't know if I want to share something until I've read at least some of it. I don't want it shared as soon as I open it in my browser. There should be another step...

Yeah, I just can't imagine a single user on facebook who would think this was a good feature.

I really have 2 quarrels with this; the larger one is that it shouldn't be acceptable for the behavior to change so radically without reauthorizing these apps. There should have been a separate permission for "automatically post without my action" which was turned on, and then let people enable it if they want.

The second quarrel concerns the design of the page that you linked to. I just checked the link that you sent, and I had about 50 entries, about half of which I don't remember adding and absolutely all of them were "more than 6 months ago" (in reality, some of them were more than 4 years ago).

Using your link, it was multiple clicks with a ~5s delay in the middle to remove a single entry. If you click a second X without waiting for the first response to pop up and click ok, it doesn't visually remove the original thing you X'd meaning you can't just go through and click all the X's.

No way to remove multiple entries at once. To remove all of the entries that I don't want took me something like 5 minutes, which is completely absurd. I have always been in general opposed to facebook apps so the average recent college grad could easily have something on the order of several hundred of these entries.

For anyone who knows anything about UX, it is fairly obvious that the page was explicitly designed to prevent people from removing apps. It is depending on a "laziness" factor to get people to do things that they actively don't want to do, which is horrible. It appears to be deliberately only removing the entry when you click ok on a delayed dialog even when the client side is 100% is sure that the entry is removed (click X, click another X without waiting for the dialog, the first item X'd will stay in the list since you didn't wait for the confirmation). Either a huge UI bug or a deliberate and unethical UX decision.

My issue with facebook is not at all what features they have or what privacy settings they have. The issue is that they deliberately use underhanded tactics to get their users to do what they want them to do. In the past they would change your privacy settings without telling you, and in this case they are using a privacy setting that meant one thing in 2007 to mean something very much different in 2011.

People who aren't as technical as you and I won't even think to look for the page that you linked to to begin with. In fact, people who aren't as technical as you likely won't even realize that the reason that these stream posts are showing up is because they clicked some facebook button on a website 4 years ago.

Existing apps that have been authorized will need to be reauthorized to get any new permissions, so you need not worry about previous apps suddenly doing something that you previously did not agree to.

I'll let the guys who maintain that page know about your comments about the UI. I suspect the one-app-at-a-time design is a combination of:

a) simplicity of implementation due to less code and reuse of components,

b) simplicity of use in the common case (just removing a single app),

c) not expecting people to selectively want to delete a whole bunch of apps (although there is a single "disable all" link),

d) that the platform team wants to collect ratings on the applications when you remove them to reduce distribution of apps that people don't like (and to take corrective action on apps that get bad reviews).

People who see posts on their profile page and find them irritating can easily hide them, and an immediate option is to remove that application. Each post is attributed to the application that made them. I'd say a level of web savviness is required, but not "technical" ability.

> so you need not worry about previous apps suddenly doing something that you previously did not agree to.

Except that pretty much every single app requested permission to post as you, even though almost none of them actually did. I don't know if this was because they wanted to leave themselves open to add extra features, or if there were obscure features that posted as you, but everything from bumper sticker apps to WSJ apps had the permission to post as you. In very close to none of these apps did they actually post without you taking a specific action and answering a prompt saying that yes, you really do want a post. I absolutely do not want any app to be able to post as me under any circumstance, and I have apparently had dozens of apps with this permission so far without me even realizing.

Because there is (apparently) no permission "allow them to post after prompting me", "allow this app to post as me" is the defacto choice for the former. If I authorized netflix to post as me in 2007, and it 4 years pass without it posting as me, then it suddenly starts posting as me in 2011 without me taking any additional action that is a serious problem, and that is the situation as I understand it right now.

From what I understand, this is an entirely new permission and is part of the new "Add to Timeline" system. I don't work on that part of Facebook myself, but this is how it was described in the F8 introduction to the system.

See also ptarjan's comment at http://news.ycombinator.com/item?id=3034233

As soon as I read an article, my first action is to either send the link to specific people who are interested, or post it on my wall if I think everyone is interested.

Really? You've never read an article that you didn't feel compelled to share with somebody? Ever?

My criticism applies to users of the feature as well as developers of the feature. You wrote:

"As soon as I read an article, my first action is to either send the link to specific people who are interested, or post it on my wall if I think everyone is interested."

In such cases, you are deliberately being selective in your sharing. I think this is as it should be.

Everyone is overloaded with information now, and one of the best ways to deal with that is to be good filters for our connections. This implies being selective in what you send, rather than broadcasting a high volume, low signal-to-noise ratio because doing so is "frictionless".

The more people act as good filters/routers of information, the better signal-to-noise ratio we'll all get.

Ok... i'm miffed, as Facebook has embarrassed me twice this week!

First when I created a new list called "Hotties I still want to X." I thought only I would know what friends were going to be added to this list. Unfortunately, that isn't the case, as Facebook sent a notification to each person on that list. That was very embarrassing, thanks a lot Facebook!

Second is when I downloaded Spotify. The ease of use of installing and starting to enjoy music was great. So much so that when I chose to play my first track I forgot Facebook was notifying my friends what song I was listening to(one i want to keep private due to ex-girlfriends)!

Thanks again Facebook! You have embarrassed me twice in one week! ERRGGGghhhhh!!!!

Are you being serious or is this parody?

okay. so, i always wanted to ask this. under privacy settings -> apps, there is a option to turn of all platform apps where i could select a few applications or all, and turn them off. but, the button to click on to turn them off is _always_ unchecked for me!

screenshot for reference - http://i.minus.com/itBcjOfzcchw4.png

This functionality is already available by requesting the "offline_access" permission when adding an app. Until now facebook asked developers to cautiously make use of the permission, now it's actively promoting it. By making it the default behavior there is going to be a lot more content than it is today that is posted automatically, thus raising the chances of unhappy accidents. The user dialogs will become transparent to users over time, as they always do.

"We operate under the assumption that users will not do what they don't want to do, as long as we make it explicit what might happen."

That's a BAD assumption. Average users aren't nearly as smart as folks posting here, in that they don't understand things the same way we do. If you've worked on apps with real users, or observed what even average Facebook users do, I would be very shocked if you disagree.

"And if they make a mistake, they can always go change their settings."

Try this out with your 10 non-techie family/friends sometime - ask them to show you a list of apps they've granted perms to. That experience might change how you look at users.

"So I'm not so worried about users who sign up for the Washington Post Reader app, which is marketed as a social reading experiment, and subsequently complain that it shares your read articles."

What about family computers/tablets? Dad wants to share with friends - kid uses iPad and now stuff goes to dad's timeline. Who do you blame? How do you fix this?

> We operate under the assumption that users will not do what they don't want to do...

This assumption is either totally disingenuous or shows an extraordinary lack of self-awareness on Facebook's part.

Possibly it is true, in sensu stricto, that "users will not do what they don't want to do". But for far longer than the internet has existed, the foundation of the advertising industry (of which Facebook is unquestionably a part) has rested largely in convincing people to "want to do" things that are actually contrary to their greater interests.

In other words, Facebook has the critical mass to spawn an "opt-in" culture when they damn well please. And a network as large as Facebook has the potential to be quite corrosive to civil liberties and the social milieu, merely in how it it structured.

Why are users misinformed? Because facebook has only crept more outside the nice boundaries of its own website. There is a line somewhere in between facebook knowing only what I explicitly post, and it knowing absolutely everything about me that users will not accept. Seeing that we're only accelerating towards the "knowing everything about me" side with no sign of braking scares me. Whether that's where you're at now doesn't matter all that much to me. I've seen no sign that this isn't where you're headed, and I don't want to be a part of it when you get there.

Bottom line on why auto-sharing sucks: Just because you read an article on the Washington Post or click play on a random song you found doesn't mean you like it and want to share it. You might be promoting a article you hate, disagree with, or find boring.

You shouldn't stand up for facebook and scummy Mark Zuckerberg so much. You realize he's postponing IPO again and again so he can get you guys to work late nights month after month on tasteless projects like tracking people over the internet, kind of like carrots on a stick for donkeys, right?

Who the hell is Mark?

I recently decided to RSVP for a meetup on meetup.com. It was a meetup I don't, in fact, want most folks I know to know about. I made sure to use my junk email account that doesn't have my name tied to it.

So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you? Then I thought about all the billion different ways facebook has to integrate them into your site and figured this must be one of the ways.

If you don't immediate terminate your fb account when you see this, you're like one of those people who can't leave their abuser.

That's just all there is to it.

Just as a matter of interest, has anyone ever taken a close look at what's actually in the static content that you can download when you quit fb?

Pretty much any of it. If there's a photo I want a friend of mine to see, but they don't have permission to see it, I just send them the URL of the static content and it works every time, whether or not they're logged in.

No longer. Images are obfuscated (view the source of a gallery image to see what I mean).

So you are not able to view the following link:


Just for reference the picture should be this:


Oh ... the way I uploaded that to imgur? Using that URL above, so clearly that is wide open to the world.

Bert, your facebook profile ID is in that URL (the number starting with 1389...).

Also, there is no restriction on who can see pictures when you a direct link to an image. This is mostly due to the fact that CDNs used to store static files usually don't send cookies and thus have no concept of a session.

My personal portfolio site is listed in my HackerNews profile, on my portfolio site I have a link to my Facebook profile (so that people I give my business card to are able to more easily find me, and not my dad).

I am familiar with what is in the URL, and I am also familiar with CDN's. I was merely posting my rebuttal to the OP who said it was obfuscated.

Not at all, they now even give you a link to download the image. You can share this publicly. Or just right click and choose "Copy Image URL". I viewed source and it's a standard container div setup, nothing obfuscated about it. The image URLs are all right there.

Thanks for the correction--I got so used to being treated adversarily by FB that I failed to look for a link like that :-)

That's it? So if I rationally weigh my cost of having to watch where I click and find it to be significantly less than the benefits from hanging out with friends online, I'm a victim of an "abuse"?

It's a sad day for HN when thoughtful discussions have been replaced by such obvious sensationalism nonsense. We can compile kernels but Facebook's super-complex privacy settings reduce us to wimps.

Here's the text I was thinking of when I wrote that:

"So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you?"

Someone was petrified that fb knows and may have already revealed something that person really wants to keep private. Sounds fairly abusive to me.

How long is until you'll be able to 'connect' to the DMV via fb? What if you're a serial scofflaw, and have a trail of unpaid speeding tickets. We already have instances of debt collectors attacking fb profiles. What if state agencies try to get in on this act?

> I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you?

No, you're wrong.

> Someone was petrified that fb knows and may have already revealed

Based on that someone's own mistaken idea.

> How long is until you'll be able to 'connect' to the DMV via fb?

Then just quit when that happens? Or don't let people post to your wall? Or don't friend strangers? Sorry, but these aren't rocket science and they in no way resemble an "abuse".

Watmough, you have to opt in to a site in order for that site to be able to access your information. However, social plugins allow your information to appear inside iframes on third-party sites (without revealing your identity or your friends to the site)

The website doesn't have access to your friends and cannot post anything without your consent. It can just set up an isolated iframe which is controlled by Facebook. There is no communication between the iframe & the page you're on (except for the initial setup data) so the website cannot post on your behalf. It might sound creepy but it's actually very safe.

In the article, the writer is at issues with social apps that he allowed to post on his behalf. It's entirely different.

My take on this: the (only) problem is that Facebook has changed the way info is displayed (with the ticker feed) and in that new context, the rights we gave to social apps on our Facebook accounts have been extended. Not technically but that's what it amounts to in pratice, since it's much more likely for stuff getting posted to be seen.

The fact that you can be going about your regular Internet life and not know if something you do will or won't be posted to a social network is a huge problem. Facebook's approach seems to be to boil the frog toward people not giving a crap about privacy at all, to voluntarily give it up as a reflex or instinctual action, or not to notice that it is already gone, all under the cover of "being friendly." I mean, you aren't such a grump that you don't want to tell your friends what you're doing, right?

Facebook is using peer pressure against privacy.

If you can handle the broken Canvas IFRAME apps on Facebook.com, Facebook Privacy List for AdBlock http://www.squirrelconspiracy.net/abp/facebook-privacy-list.... prevents this kind of thing from happening.

Also as a nice side effect, no more dumb share buttons on every web site.

Does EasyPrivacy accomplish a similar thing? Anyhow, I've added this in to my AdBlock. Thanks!

use Firefox "Private Browsing" when you want to drop into a temporary session free of cookies.

This is why I closed my Facebook account two years ago (happened to me on cnn.com). But I'm back. I just wanted those "connections," I don't think that it is worth it.

I ditched Facebook this morning when I realized my carefully-constructed "Don't show this part of my profile" list was wiped out in the last redesign.

I've always thought the complaints people make after each redesign were simply resistance to change, but this time it doesn't seem worth it to continue.

Could you be a little more specific? What kinds of things were you not showing that are now showing?

I had my privacy settings set to "Custom" for wall posts, photos, and some other profile elements.

I excluded a list of people from seeing posts I made and posts other people put on my wall.

When I used the "View my profile as," I wouldn't see the excluded elements.

Once the new design launch, I realized that all these settings were lost - I can do "View my profile as" one of the people on my excluded list, and see the stuff I didn't want shown.

I too for the same reason have deleted my account. I don't feel i'm in control. Its too risky.

Accessing facebook.com/watmough ('deleted' account) shows 'content currently unavailable'. This used to be my account.

Accessing facebook.com/jonathanwatmough (likely not an account) shows standard 'page not found error'.

Deleting a fb account may not mean what you would expect it does. I think they are keeping my data warm for me.

And keeping your data warm too.

Your information will likely never leave Facebook. I know of a few people who "cancelled" their accounts, only to rejoin at a later time. Their information was preserved. They didn't even have to re-friend me.

If people think Zuckerberg had "vision" doing this, I suppose I agree. But his vision wasn't "how can I help people have better online connections and experiences?" or anything like that. His vision was "how can I get people to share everything about their life, so Facebook can make more money?"

They are not one and the same thing, because in the latter, the priority is put on optimizing the experience for Facebook, not for the user.

Zuckerberg actually believes that there should be no privacy - at all. This is where he's leading Facebook. I believe that's a flawed vision, but he's probably sticking to it, because the less privacy you have, the more it helps the company.

Zuckerberg actually believes that there should be no privacy - at all. This is where he's leading Facebook. I believe that's a flawed vision, but he's probably sticking to it, because the less privacy you have, the more it helps the company.

My impression is that Zuckerberg honestly believes that the world would be better without privacy. Which is even worse than companies that are only focused on the bottom line, because at least they won't invade your privacy without a good business reason.

"We Are Building A Web Where The Default Is Social" - Mark Zuckerberg

Mark Zuckerberg is dead set on making Beacon work. This is his latest attempt by making the apps do their dirty work by asking for a permission and auto-sharing.

The apologetic posts by Facebook engineers give deep insights.

Of course they can argue well on what are, for average users, technical details. On that level, it is possible to get entangled in endless discussions.

The real problem is that these posters seem to totally lack (or ignore) an understanding of the bigger picture of what they are contributing to.

I think Ghostery deserves some promotion here : http://www.ghostery.com/ available for all major browsers. It blocks near to all webbugs including the facebook social plugins.

Great Scott, they've got an Opera plugin. (https://addons.opera.com/en/addons/extensions/details/ghoste...)

A good time to point out the Ghostery Browser extension. Use this at the most paranoid setting so that when FB and others pull stunts like these you have at least some measure of protection.

Logging out doesn't necessarily disable the tracking, though, as the cookies are still there. You could delete them, but I bet the like buttons reset new ones, which correlates your history to you the next time you log back in.

Much better is to just nullroute their netblocks at your router. That's what I do.

It's a pain, but I just white-list third party cookies.


You have a lot of determination! Kudos.

I do the same thing, and it really doesn't take much. I've been blocking 3rd party cookies for over a year now, and the only one I had to add was rememberthemilk, so that I could include my TODO list in a GMail widget.

It's pretty simple, really: Edit Preferences -> Privacy -> "Firefox will: Use custom settings for history" -> <uncheck> Accept third-party cookies. To add an exception, click "Exceptions..." on that same page, type the domain name, and click Allow.

You can still receive normal cookies, but now third-party sites can't track you unless the sites you're visiting are sharing data server-side.

Thank you for the info! Much appreciated.

It's been already shown that FB creates an unique ID for you even if you don't have a Facebook account.

Where has this been proven?

Poster may be referring to the phone address book scandal, probably only one example. In that case importing your facebook contacts from your phone grabbed your entire address book, with what looked like account placeholders for anyone in your phone that wasn't already on facebook. Oh, and it published all their phone numbers too.

I'm sure facebook has myriad nefarious ways for tracking everyone you interact with regardless whether they have an account.

And do we need to point out Double click got caught tracking individual users and lying about it over 10 years ago.

Some sources would obviously be helpful, but I don't think anyone is kidding themselves about what's going on.

It was a blog post I can't find right now, but it's easy enough to reproduce: I deleted all the cookies from Facebook and then open a tab to a site with the Like button. A cookie for facebook.com is created called "datr" with an obvious ID and an expire date two years from now.

where does one find these netblocks?

You could use chrome's facebook disconnect extension https://chrome.google.com/webstore/detail/ejpepffjfmamnambag...

That only works in one browser, on one computer. I have an iPad and there are two iPhones in this household as well. A few lines in the firewall configuration is a much easier and effective solution.

I am working up to doing the same for Google. I might transparently proxy google.com/search to Scroogle just so browser search bars continue to work.

As always Winer is worried, rightfully so, but people aren't going to log out of facebook. It seems Zuck really wants to get back at people for making him pull "Beacon" back then, so he reintroduced it. Of course it's a privacy concern, but i think people no longer have illusions about their privacy on facebook.

"people aren't going to log out of facebook."

I actually have a separate browser that I use just for Facebook. Granted I only do this because FB doesn't work for me in Chrome, but it's still a pretty easy way of getting the same result.

Correct me if I'm wrong, but flash cookies are cross-browser

Here's my crontab:

  # NJC 08/07/10      Remove Flash cookies and everything to do with Flash, including left-over Flash files in /tmp
  01  13  *   *   Wed     /usr/bin/rm -rf /home/nick/.macromedia/Flash_Player/*
  02  13  *   *   Wed     /usr/bin/rm -rf /tmp/Flash*

Nice stuff. I would have never thought to do this.

That is correct.

I'm seriously considering only using facebook on my phone.

Your phone is where FB gets all your friends' phone numbers from whether any of you like it or not!

That's not true; there is a very, very specific alert shown before Facebook accesses any phone numbers. I'm not making this up, it's just how it works. Facebook does not get anything "whether you like it or not". They get the information if you specifically allow it, and only if you try to enable the Sync feature.

Hell, here's a screenshot if you don't believe me: http://www.askdavetaylor.com/6-blog-pics/iphone-facebook-syn...

Information leakage is much more difficult to prevent on your phone than in a browser.

The issue that people don't pay enough attention to, though, is that we're no longer "on" facebook.

Oh, so Facebook already sent their minions to HN? That was fast! Lately the negative stories are gaining a bit of a momentum. Very much like that development.

I've been logging in to Facebook and Google+ only in a Chrome Incognito window for this reason for a while now. I recommend the practice to everyone.

However, yesterday Facebook locked my account because I was browsing "from an unknown device" (the netbook I've been using for years, on the IP address of PyCon Argentina). I unlocked it by identifying five of my Friends from 15 photos. So it's not without its drawbacks.

In this case your account probably was not locked, you just needed to provide additional information to log in because something seemed unusual. So if you logged in from a known-good environment (ie, a computer we know you have logged in before), it would work - you aren't locked out of your account.

This is one of a few different systems we have to protect our users - in this case from having their credentials used if they are exposed through others sites, through phishing, or through some other mechanisms. You can a little about it at https://blog.facebook.com/blog.php?post=389991097130

The social authentication is one way we help people verify their identity in these cases - you can read about it at https://blog.facebook.com/blog.php?post=486790652130 . There are others - the easiest for most people is through sending a text message to your phone when you log in from a new device, which you can read about at https://www.facebook.com/note.php?note_id=10150172618258920

If you are concerned about privacy, but not happy about having to log in from scratch each time and occasionally have to go through these steps (or not comfortable giving or not able to give a phone number for text message authentication), you might want to use a separate dedicated browser for Facebook that does have cookies enabled.

This is why I block FB in the hosts file (https://gist.github.com/1197453) and only use my mobile devices for FB messaging.

One of the good way to make general users/facebook realize the privacy concerns of auto-sharing, if popular Porn websites install the FB like buttons.

LOL at all the facebook employees who are chiming into this thread (and others) to defend the latest creepery from their professionally invasive advertising company. I know you're just waiting for the IPO to cash in, but come on, how can you defend this nonsense?

It's the All-Hands Kool Aid Q&As with Zuck on Friday.

Is this -really- what hacker news has become? Really?

Logging out of Facebook does not do enough. It still retains cookies that specify your account ID even after you logout.

You need to delete all of the Facebook cookies. Here is what cookies are retained, but you can test it for yourself to see.

While logged in:

   datr, lu, openid_p, c_user, sct, xs and act 
act is your account number. now a new, fresh request after hitting logout still sends the following cookies:

   datr, openid_p, act, L, locale, lu, lsd, reg_fb_gate, reg_fb_ref
If you do not delete cookies Facebook know and can track every user that has ever logged in at your computer.

I can recommend Fanboy's "Annoyance Block List". It will block requests to Twitter, Facebook, ... unless you are opening one of their sites directly.

(*) http://www.fanboy.co.nz/adblock/

Don't miss the "Tracking/Stats Blocking" as well.

Note that these are simply filters for AdBlock Plus. If you're already using it, it's pretty easy to add a couple more filters.

To block tracking I subscribed to EasyPrivacy ().

() http://easylist.adblockplus.org/

RequestPolicy users are protected against this entire class of problem. When I'm looking at a webpage, I know it isn't pulling in content from any other site, including Facebook, unless I specifically allow it to.

This is the wild west and Facebook is doing a land grab. facebook.com www.facebook.com connect.facebook.com fbcdn.com

If you're going to go that route, it's much better to use so that you're not sending HTTP requests to your machine. Otherwise, anything listening on port 80 (or 443, in some cases) will be receiving the requests intended for Facebook.

Good point, though that leads to a really simple hack to see part of what gets sent to facebook - just hook up something listening on those two and look at the logs? I like ngrep for that kind of thing, but it's perhaps perverse overkill.

Noted, thanks!

I recently built a website on wordpress and put in facebook connect plugin. It saves ppl a few minutes to login ect. I was extremely scared about the widget that shows who has been on the site. I do not believe that just logging in gives a website permission to publish that user has been to that website. This is just the tip of the iceberg. Facebook is getting out of hand.

There is no widget that shows who has been on the site, and it is not related to using Connect.

There is a "Like" widget, which shows who has "Liked" the site.

From the RWW article, it looks like you have to enable a "social news app" for this to be an issue. I don't know why anyone would do that.

Nope, the JS that Facebook gives people to embed a Like button on their page, sends the URL of the page back to FB without actually being clicked. http://www.zdnet.com/blog/facebook/germany-facebook-like-but...

It's true that Facebook almost certainly tracks users through the like button, but that is different than what is being talked about here. When Facebook tracks that you read a webpage through a like button, they do not display it in your friends feeds.

While many people reasonably aren't comfortable with Facebook knowing where you're going all the time, it is a very different thing than Facebook sharing that knowledge with all of your Facebook friends.

That feature, the one the original article is talking about, requires you to specifically opt-in before the "Bob read an article about sexual dysfunction" starts showing up in everyone else's news feeds.

So how many of us are concerned about this from a personal privacy point of view, but still have all the Facebook buttons and markup all over our sites?

I'm a little concerned that, as a website operator, I really ought to work with Facebook because it will lead to more PVs because it is advertising my site for me.

But I've been uncomfortable for some time as I watch my friends and my children slowly confuse the web and Facebook. It's easy to see a day when, for most non-techy folks, the web is Facebook.

So, I can close my FB account. But I think, in the spirit of doing the right thing for the world, the web and the future, I also have to take Facebook off my site and face whatever consequences that may bring.

Or am I being a fuddy-duddy old reactionary?

You can implement a "two-click like" button that mostly solves the problem. http://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschut... (German) Just be sure not to make your non-standard FB button look like the official one because they will get on your back about trademarks. http://adland.tv/content/heise-creates-two-click-facebook-bu...

Having thought about this some more, I have taken Facebook off our site. As a business we may suffer some downside as a result, but I want to (a) protect the privacy of my site's users and (b) be able to hold my head up and say I'm not part of the problem when the revolution comes.

Google Analytics sends URLs to Google on a even larger majority of websites. FB was hardly the one to start this trend.

The different in FB case, that they are not "required" to track URLs so they could of chosen an alternate implementation where sites in-directly served FB scripts through their own servers. And FB would only received a request when someone interacted with their elements.

Google is providing a service to the owner of the website, that helps them track their content.

Google isn't using it to post to a users wall/feed so that advertisers have more keywords to advertise to.

>Google isn't using it to post to a users wall/feed so that advertisers have more keywords to advertise to.

Neither is Facebook. Facebook is not using their like buttons for this feature, it is a separate opt-in feature.

Yes, this is a great idea. 'Passive' like buttons. There's no need (from my POV) for them to be active.

That may be true, but even if it is, it isn't sharing this activity with your friends, that would be facebook doing exactly what google does with their analytics platform/js.

I don't get the freakout people have over fb potentially tracking you through something you can see (the like button) vs google doing it everywhere with something you can't (the analytics js)

The app still has to request 'publish_actions' permissions, which requires an FBConnect dialog.

That URL is being used for customization of Like button, so that on some sites you can see 'Friend A, Friend B and 345 others recommended it'.

As the two FB engineers mentioned, you have to allow access to the app before it can know anything about you or take action on your behalf. See Step 2 of the Open Graph tutorial: https://developers.facebook.com/docs/beta/opengraph/tutorial...

Publishing actions requires the publish_actions permission, so if the app previously didn't ask for it, I believe you will be asked to re-authenticate the app with the new permissions.

I, for one, am going to be reviewing the apps I've previously added to ensure that none of them are doing anything I wouldn't want to. Not sure where to file FB API feature requests, but it would be nice to not have an "all or nothing" approach to authentication (this is a problem with the Twitter API as well, FWIW). For example, if an app requires X, Y and Z permissions, I might want to only allow X and Y and just not use the features that require Z.

Indeed there is a race condition (if that) where you have to allow access at the default privileges before opting out of any of them. I'm sure every single application sucks in your entire graph as soon as you click that button, so the solution to limit permissions after installing the app is just so much closing of the barn door after the horses have left.

You can always remove Z later, but for the initial authentication I think you do have to grant all the permissions it asks for.

I guess, I should always browse Facebook in "Private Browsing" mode, without any other site open in that session.

You can use this Chrome extension to kill cookies when logging out: https://chrome.google.com/webstore/detail/bgonpegbhnjepleakg...

Anything that you don't want to be published on facebook, just don't do it on facebook. So that article you want to read privately, just go to news.google.com and read as much as you want. Don't use the facebook app for that. Same thing, if you want to listen to spotify, don't link it to your facebook account, etc...

This is how things have been for years, and if you are a more private person (like me), just reading news and listening to music "offline" and go to facebook when you feel like sharing.

I've been in the process of minimizing my Facebook presence, but have left the account open just in case a specific need to use it arises in future. I'm already on other social networks, and Facebook is relatively high maintenance in terms of chasing privacy issues and dealing with other nonsense. For me the cost/benefit just isn't worth it, although I realize that this won't be the case for everyone.

So it seems the solution would be to have different browser profiles. For instance, one for regular browsing, one for FB and one for gmail?

Flash cookies ("shared objects") are across shared across all browsers and browser profiles. If FB uses Flash cookies, you could log into FB on Firefox and they can still track you in Chrome!


Doesn't this 'frictionless' sharing have plenty of precedent online? Anyone can view the tunes I listen to on my Last.fm page, the pages I bookmark (visible by default) on Delicious. How are these social apps on Facebook different?

On the point of 'noise', both these examples provide ways of making sense of the streams. Last.fm charts, Delicious popular streams, and tags.

Life is fine without Dorkbook. Never used it and hopefully never will, although it is getting harder and harder as my school has started to actively use it for e.g. communication regarding potential jobs for students and graduates in companies and institutions the school cooperates with.

Wouldn’t disabling third-party cookies take care of this? (And many other questionable things?)

In Chrome the option is to block 3rd party cookies from being set, not from being sent. Since Facebook sets its cookie while I am on their domain, I don't believe Chrome's blocking option is of any use.

In `about:flags` there's an option to change third-party cookie blocking behavior to prevent reading third-party cookies as well.

Cool, thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact