Hacker News new | comments | show | ask | jobs | submit login
Twitter is tracking you on the web (dcurt.is)
47 points by phillco on May 17, 2012 | hide | past | web | favorite | 27 comments


"Widget Data: We may tailor content for you based on your visits to third-party websites that integrate Twitter buttons or widgets. When these websites first load our buttons or widgets for display, we receive Log Data, including the web page you visited and a cookie that identifies your browser ("Widget Data"). After a maximum of 10 days, we start the process of deleting or aggregating Widget Data, which is usually instantaneous but in some cases may take up to a week. While we have the Widget Data, we may use it to tailor content for you, such as suggestions for people to follow on Twitter. Tailored content is stored with only your browser cookie ID and is separated from other Widget Data such as page-visit information. This feature is optional and not yet available to all users. If you want, you can suspend it or turn it off, which removes from your browser the unique cookie that enables the feature. Learn more about the feature here. For Tweets, Log Data, and other information that we receive from interactions with Twitter buttons or widgets, please see the other sections of this Privacy Policy."

Thank you for highlighting that section. I'm surprised dcurtis left out this nugget.

> After a maximum of 10 days, we start the process of deleting or aggregating Widget Data

This make is much less nefarious. I guess it isn't much of a story when you have the full context. They are only keeping it for 10 days. Sure they are still aggregating data but at that point it is anonymized data.

So if I understand correctly Twitter is not storing what pages a given user visits. Although, they could easily find out this information. If this is the case then this is the correct way to do this. The average user does not expect any of their browsing history to be given to a service just because they are logged in while browsing the web even if this is common practice.

Basically, every time you visit a site that has a follow button, a “tweet this” button, or a hovercard, Twitter is recording your behavior. It is transparently watching your movements and storing them somewhere for later use.

Of course. This is likely true for all social buttons, not just Twitter. I've never known a social site to throw away free user-related data.

But it also Implements Do Not Track Privacy Option[1]

[1] http://bits.blogs.nytimes.com/2012/05/17/twitter-implements-...

Twitter is tracking me like Google is reading my emails.

> The privacy implications of such behavior by a company so large are sweeping and absolute.

Like most articles about tracking cookie this, and tracking widget that, it does come off as overly sensationalist to me and makes me think it's meant to scare people more than they should be about such a thing.

> Is it okay for Twitter to sell your web browsing history to advertisers?

Serious question, where are the people/businesses that buy peoples browsing histories? It's an argument raised a lot of the time as responses to this sort of thing and I've never seen evidence that a market exists for it.

> I'm amazed that Twitter is overtly admitting to this behavior without considering the privacy implications.

This is a bit of a confusing sentence, do you expect them to hide it? Or what makes you think they haven't considered privacy implications?

Edit: According to tech crunch they have considered your privacy as they are having a switch that lets you turn this functionality off: http://techcrunch.com/2012/05/17/twitter-wants-an-interest-g...

I agree with you that this is overblown.


Serious question, where are the people/businesses that buy peoples browsing histories? It's an argument raised a lot of the time as responses to this sort of thing and I've never seen evidence that a market exists for it.

There are plenty of businesses that pay for this.

Look at the "DMP & Data Aggregators" and the DSPs section of the chart http://imgur.com/M60MM for some example companies.

Oh right, fair enough. Just checked out a couple of them and they appear to do as you say. Thanks for the interesting link!

I don't think gmail is exactly analogous, the twitter situation is something that you can't avoid in all of your activity anywhere on the web; simply having a twitter account at all makes every website a tracker, and you have absolutely no way of knowing until you get to the site and it's already too late.

Don't stay logged in. Use NoScript. Delete cookies from Twitter. No tracking remaining.

Though it is easier to enable "Do not track" in your browser for the Twitter case.

>> you have absolutely no way of knowing until you get to the site and it's already too late.


It works.

Of course "admitting" it, can also be phrased as "being fully transparent" and is actually required by many privacy regulations. If you tell a user you are doing something with their personal data, in the US, you generally have the right to do it.

Oh, look another Dustin Curtis blog post on Hacker News, again. While some of the things Dustin says are true and interesting, this post assumes we're all idiots that don't know that companies like Twitter are tracking user information. What's the big deal here? Oh, Twitter will know what links or sites I'm visiting? Good for them, if they find that information valuable then so-be-it.

I think it's more than obvious Dustin is targeting his posts at the HN community who lap them up, it's all just too easy for him now. Sorry about that rant.

This issue raised here is nothing new or specific to Twitter. (Not that it makes it any less concerning.)

Here's an article from over a year ago talking about how Facebook does the very same thing with their like button: http://www.geek.com/articles/news/facebook-like-button-track...

"Any time the Like button is displayed, information is zapped back to Facebook’s servers. As long as you’ve been logged into the site in the past month, Facebook happily continues warehousing your whereabouts."

Does the Firefox 'No 3rd Party Cookies' setting avoid Twitter-tracking?

Yes, the No 3rd Party Cookies stops the twitter buttons on other sites from working at all.

It doesn't matter if you accept cookies or not. If the site you visits presents content ( script, button, whatever ) served from another site, you may be tracked server side via log + all the goodies in your request header.

With No third party cookies enabled, the only thing the hosts of the other content should get is IP address. It's possible that they are storing that and cross-referencing against the ip logs otherwise but that would lead to a lot more embarrassing situations considering how much more likely it is that 2 different people are behind the same NAT than logged in to the same account, and it would be explicitly going out of their way to track people who clearly were trying to opt out.

Surprising someone as experienced in the web would post a rant like this when not only do Facebook, Google and other large/"webscale" sites, but also much smaller ones that participate in ad networks.

When I worked at Glam Media we were given a presentation on the ecosystem related to our ad networks and let me tell you the presenter (a VP or C-Level) couldn't come close to fitting all the logos on a moderately large screen.

Bottom line is unless you take substantial measures to avoid tracking you are going to be tracked by many interested parties, both direct and indirect!

A lot of outrage for something that many other websites are also doing, and an acknowledged behavior by any of the major companies running social networks with social widgets - i.e. Google, Facebook, etc.

Heck, Google recently got in trouble because they were using a fairly standard technique that got around the third-party cookie blocking in Safari, and Facebook had to admit that they are able to track users who are logged out, presumably by comparing IP addresses of those who load the widgets against IP addresses of users when they are logged in.

OK, so it's not exactly news. But we only have these 'privacy implications' because our browsers give mines of information to any website that cares to ask for it. GET requests used to be seen as OK to make on behalf of a user, but these days I feel that the hostname in my location bar should be the only one I send any HTTP requests to, for a given page.

I love the irony of @dcurtis complaining about twitter dirty tricks while trying to get "Kudos" using a scammy widget.

So is every advertising network. This really isn't new, but it's certainly over-sensationalized.

This is certainly no worse than what Facebook's collecting, and their opt-out controls mean there's not a lot to be worried about.

If you're really paranoid about privacy you should be concerned about Google, not Twitter. Try counting the number of websites with Google Analytics or AdSense (or Google-hosted jQuery, or a +1 button...)

What would be surprising Mr Curtis, is if Twitter wasn't tracking it's users.

Duh. As dumb a comment as that seems, I'm sticking with it.

Curtis lives in his own little bubble where the average internet user is COMPLETELY unaware of the possibility that they're being watched. Even my parents, who are nontechnical, in the mid 90s, would warn me about these sorts of things.

Regardless, Twitter went about this the proper way and I'm glad they're doing what they're doing. Happy to have the Do Not Track option too.

Nice sensationalist story though... what will he throw a fit over next time?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact