If you need it to appear anywhere else temporarily then you use the AdBlock switch to temporarily whitelist a site or domain.
Block all third-party cookies.
When the option to block third-party cookies from being set
is enabled, also block third-party cookies from being read.
I routinely run with only direct cookies permitted (no third party ones) and with all cookies except those I have explicitly whitelisted being deleted each time my browser is closed.
I am not aware of any problem this has caused me for a long time, including on the sites you mentioned. Maybe there is some useful feature I'm not seeing at all because of the cookie restrictions I impose, but maybe they've just got better over time at not relying on cookies for things they shouldn't?
It may be that. I just tried and Twitter is working perfectly without third-party cookies. Some months ago it didn't allow me to login.
With Google I had a similar problem, I couldn't login into my Google Account in sites that weren't the search engine (Docs, YouTube, etc). I just tried them, and again, it seems that it works now.
I use Chrome stable. Maybe something changed in the management of third-party cookies in recent releases?
This might mean that they reject third-party cookies from being set, but not from being read. That is, once you get a cookie (e.g. signed in to Facebook), every other request to Facebook (even if it's through the "Like" button) will also send your cookie.
The flag that appeared in the latest Chrome beta specifically disables sending of cookies to third parties, even if you have them.
Chrome's about:flags option also blocks third-party cookies from being read.
So if you go to facebook.com and it sets some cookies and later you go to somerandomblog.com that has some images from facebook.com, Firefox will not send cookies to facebook.com, since you are not visiting it directly.
This is all speculation though.
I have no idea why people are so eager to give away their privacy to Facebook and others to sell and whore-out to the highest bidder. It's akin to getting a handful of bright, pretty beads for your property.
With Google you bid contextually, that is, you are guessing that because the page is about (for example) "The Beatles" that the people there are interested in The Beatles. This is generally right. But, you have no idea about the demographics of the viewers. Just knowing if someone is under 18 or over 21 pretty much means whether or not they have any ability to purchase your product after clicking your ad. And these demographic/behavioral trends go much deeper.
On Facebook you buy an ad based on the users demographics (age, gender, etc.) and what they explicitly said they were interested in. Most people don't list every single interest. Facebook, by pulling in all this external data now has a shitload more stuff advertisers can target ads on. Instead of targeting the tiny fraction of people who put "The Beatles" as their interests, now advertisers will be able to target users that are likely interested in The Beatles because they do things like, listen to The Beatles every week, or all their friends listened to The Beatles this month.
Its very likely that Facebook will be able to beat Google's CPMs with this deep targeting ability. Whether or not its planned, I expect that Facebook will attempt to syndicate their advertising and compete directly with Google
Users should be very concerned. Advertisers can figure out a lot about you based on you clicking an ad that they targeted to a narrow set of specifications. You might think the ad is about free ipods but its really only being displayed to users that did a certain set of criteria. This can and will be abused. To a limited extent it already is.
Back when Facebook first rolled out their ad network, there was an advertiser or two who figured out you could target females that were engaged, and by insulting their weight get them to buy their weight loss pills.
As you can imagine, Google needs a large Google + user base so they can build their own dat aset to sell ads based off of.
Ironically the next Facebook killer social network will likely have the main selling point of privacy. I'd sign up. Google + is not it.
If there is value in the graph, then the protection works. If there isn't value, then this is a fail-safe.
Right now machine learning is still a niche area for the majority of programmers. Looking at open source software landscape for ml, this is slowly changing. It's only a matter of time before people make breakthrough applications (that is if they haven't already).
I suppose that because people buy or vote for what they're told to buy or vote for, this will let those wanting to influence people more effectively spend their money. But the solution to that is not AdBlock, it's education. Smarter people mean less susceptibility to manipulation, which is what we are really trying to achieve, right?
It depends on who buys the data and / or the interpretation of that data from them. Just imagine a country like China buying it to predict who will become a subversive and arresting them before anything happens, something akin to pre-cog crime. When I think about it, we can probably aleady do this somewhat accurately with all the data we can collect right now. We have all the tools: open (and affordable proprietary) ML software, open big data frameworks (hadoop, storm, actor model, cassandra), as well as the cloud (AWS, Rackspace). People just need a comprehensive set of data.
> Smarter people mean less susceptibility to manipulation, which is what we are really trying to achieve, right?
Not necessarily, you can't constantly consciously fight thousands of years of evolution; but that's another topic.
Then there's the argument that in 30 years the US will be one of these countries, too. I wonder why people are so afraid of this, but not of the small chance that they'll be hit by a meteor when they go outside tomorrow to go to work. They've been hit by a meteor exactly as many times as their government has used a "social graph" to oppress them, after all.
You're vastly underestimating the potential value of access and storage of more and more precise behavioral data combined with the innovation of a startup vs the stodgy, uncreative, stubborn ways of both old world telecom and finance corporations. Back then, even with access to people's purchasing data and past addresses, I would have had to do a lot more work and ask for larger increases to our budget to figure out people's relationships as well as non-purchasing behavioral data aside from traffic. Now I can potentially have access to people's preferences to stuff as opposed to just guessing. Today it's much easier and cheaper.
And where they are is that they know everything about you (biographical info, hobbies, affiliations, marital status, number of kids, sexual preferences, web sites you visit and when), independently of who you know.
Right now, fb are only (?) using it to target ads at you, but you can be sure that all three letter agencies are cc:ed on every database update
It's about not letting Facebook track your every move on the web and beyond (or, more accurately, not let every site snitch on you to facebook).
Could possible make use of telehash.org or like.
I deactivated my FB account several weeks ago, not so much for privacy issues directly but out of concern of the overall psychological effect of so much sharing and the emphasis on superficial identity (something I don't see discussed much).
Anyway, I checked my cookies after reading this piece and, not surprisingly, FB didn't remove my old auth cookie (the one keyed 'datr') when I quit their site. I should have known better, but I still think it's shameful to some degree to track people after they've very clearly disengaged from the site and their FB "identity".
It might not be enough, though :D
Something like, for FireFox, IIRC:
Maybe I did something wrong...
Search that for 'face' and you'll find only 4 rules that would apply, and those are about removing pixel trackers whilst leaving content intact.
The rules above remove content, which is just as well as anything a pixel tracker can do content could do. Which is where the current paranoia level seems to be.
It has many filters for Facebook, and I can clearly see, for example, the one for Facebook Connect.
I can recommend this setup for any Mac users willing to spend $5 for Fluid. Alternatively you could probably rig up a 'Facebook' script to launch Chrome with a separate profile to achieve the same results.
It sure seems to speed up using the web.
$ dig @ns1.facebook.com facebook.com axfr
; <<>> DiG 9.3.6-APPLE-P2 <<>> @ns1.facebook.com facebook.com axfr
; (1 server found)
;; global options: printcmd
; Transfer failed.
$ host -l -t any facebook.com
; Transfer failed.
Host facebook.com not found: 5(REFUSED)
; Transfer failed.
I always use 0.0.0.0 (which is really wrong) instead of 127.0.0.1 (which really exists, there is my local apache), this works on Linux and Windows systems.
But this isn't right. Go on Facebook and tell me how many of your friends wouldn't even know the first thing to do with one of these extensions. So now the computer literate people know how to protect their privacy, but what about everyone else?
> So now the computer literate people know how to do X, but what about everyone else?
This is only a problem that will get worse with time. Computer literacy is important to contemporary society.
Why the outrage?
To understand this a bit better, imagine going to the grocery story, buying milk, eggs, etc. swiping your card, and not getting a total.
"Don't worry about that" says the store "as long as we (and our unnamed affiliates) have access to your bank account, everything will be fine."
Going home to look at your statement, you see a bunch of debits, most of which seem reasonable enough on their own, but none of which have a clear relation to specific purchases. All you come away with is a general sense that "I should save more" or "I can spend more".
So here's the question: if people started pointing that this arrangement was highly damaging to people's economic autonomy, and wide open to abuse, what would you think of someone who says "yeah, well, stuff isn't free"?
Would you think that this was an honest, intelligent reply? Or would you note that the person making it has just evaded the original question, shifting the topic away from concern about the deliberately unmanageable terms of the exchange and onto the (uncontested) subject of underlying economics? Also, would you notice that the jerk responding in this fashion added an extra layer of insult by suggesting that the person who asked the question must be a bit of an idiot because they don't understand basic economics?
Toxic politicians do this all the time. They 'reframe' questions before answering, allowing them to 'respond' by answering questions that nobody asked, while dodging the ones they did. If they're especially nasty, the land a rhetorical punch in the process, providing a disincentive to any further questioning.
It's bullshit. And people know it's bullshit. Ergo, the growing outrage.
Good that you ran with it, though, and illustrated the point.
Perhaps a better headline would have been "Facebook is still tracking you across the web even after you log out", though. Generally it's only hackers that know what "enough" means in this context, and Facebook's market is, as we all know, much much bigger than us.
I updated my post to make that clear, that this is an issue that is almost a year old.
As for your specific claim about cookies, there is a little checkbox labeled "Keep me logged in" or "Remember me" on the login page. If you don't trust the terminal, don't check that box. Leaving it unchecked will set the personally identifiable cookies to expire at the end of your browser session.
This is the same advice given for any website about unsafe terminals, and anyone who has 15 years of security industry experience would be aware of cookie expiration. What exactly are you claiming here?
I suppose that one big hole in this is tracking my IP address.
In my opinion, internet users must be aware that there is no easy way to be totally anonymous, whether it be Facebook, Google, etc. If you require complete anonymity, you might as well unplug your internet cable.
Dynamic IP addresses and use of the same IP address by multiple people.
All it takes is a couple of friends, acquaintances or others accessing using your home network and it'll confuse the hell out of the stats. And that's without going into IP ranges for universities, schools, offices large and small, and your local coffee shop.
Then add in IP address pooling by ISPs, where every time a user connects (or every week, month or year) they're issued a new IP, and you end up with an unclear situation.
I won't start on how cell/mobile phone networks further confuse the situation ;)
There's no solution to "I like using Facebook but I don't like Facebook using me."
If you don't want Facebook to talk to your computer, don't let your computer talk to Facebook.
Another solution is to set up a local proxy and apply filter rules, but this is also complicated.
I would love to agree with everybody who says: You don't like Facebook, then simply don't use it. I don't have an account there, but their clutter is everywhere on the web, "like" buttons and stuff like that. I wish that people who maintain their own website or blog would think more about these things and their consequences, before they add fancy buttons to their page layout from a third party site.
Where "cookies" can be stored in more than just the traditional cookie.db. I haven't looked to see if FB is making use of these alternative mechanisms, but other sites have.
Or from Analytics: http://tools.google.com/dlpage/gaoptout
And permanently delete your web history: https://www.google.com/history
And you can take your data with you when you go: https://www.google.com/takeout/
Privacy center: http://www.google.com/intl/en/privacy/
Also disable third-party-cookies entirely.
You realise you're hurting innocent users much more than Facebook itself by not reporting them, right?
No one is "honor-bound" to report vulnerabilities; in fact, it seems unethical to expect any random person to try to fix any random problem they stumble upon, don't you think?
My philosophy: it's backwards to look down on those who don't report vulnerabilities; it's better to be pleasantly surprised when someone does.
But he's certainly not "hurting" anyone at all. He didn't disclose any details of the attacks.
Normally these things are incredibly easy to report—sending a quick summary of the problem to a specific email address is all it takes.
(Facebook has a web form for it.)
It's easier to work for free like this if it is an open source group or a non-profit. It's a bit harder when it's a $100 billion company. If they don't compensate security researchers, let them find their own bugs.
Disappointing that Facebook won't do the honorable thing.
We also require some additional information from application developers.
We do offer a two-factor login authentication that sends a text message to your mobile phone, so that your username/password credentials aren't enough to log into Facebook by themselves if a login attempt is done from an unknown device.
is there a demand for this?
are people annoyed enough with facebook that they're ready for this?