Logged In or Out, Facebook Is Watching You

kaos07 links to this ZDNet story, according to which "Researchers at software vendor CA have discovered that social networking site Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial 'Beacon' tracking service. Responding to privacy concerns, Facebook has since moved to reassure users that it only tracks and publishes data about their purchases if they are both logged in to Facebook and have opted-in to having this information listed on their profile. But in 'extremely disconcerting' findings that directly contradict these assurances, researchers at CA's Security Advisory service have found that data about these transactions are sent to Facebook regardless of a user's actions."

Re:Well

[SMacD]

facebook does use your email address as the login

Here's the list:

[GameboyRMH]

Facebook is currently affiliated with the following sites:

        * Art.com
        * Blockbuster
        * Bluefly
        * CBS Interactive
        * eBay
        * ExpoTV
        * Fandango
        * Gamefly.com
        * Kiva, Kongregate
        * LiveNation
        * Mercantila
        * NY Times
        * Overstock.com
        * Redlight Mgmt
        * Seamless Web
        * Six Apart
        * STA Travel
        * TheKnot
        * Travelocity
        * Viagogo

http://www.facebook.com/help.php?page=57

The first bloody Google result |: |

http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=facebook-affiliated+sites&spell=1

Unsubscribe

[kellyb9]

I just wish I could delete my facebook account. It's actually close to impossible, first you have to delete all your information (wall posts, friends, etc.), and then they'll delete your account. Very, very time consuming. But I doubt any of that info is REALLY gone.

Re:Unsubscribe

How to permanently delete your facebook account.
http://www.facebook.com/group.php?gid=16929680703

Go to this page:
http://www.facebook.com/help/contact.php?show_form=delete_account

Select the checkbox and click "Submit".

Eratum

[wattrlz]

TFA's source [corrected] indicates FB gives their affiliates javascript to include in the page that connects to a FB server for cookie exchange. Pretty sneaky. I wonder if google does something like that with google analytics.

Corrected Link! This is why one should not slashdot before one's midday coffee. Please mod parent down, or something. That's a very small server and it will die.

Dupe!

[Thelasko]

The CA article is the same one from 2007. Read the date at the bottom.

Published Nov 29 2007, 11:39 PM by Stefan Berteau

It was already posted on Slashdot. http://yro.slashdot.org/article.pl?sid=07/12/03/0656205 That's two dupes in a row guys! Care to go for three?

What shall we call this

[sjames]

Let's see, what do we call it when someone follows someone around to see where they go, their tastes, who they know, etc, etc.

Yeah, that's right, it's STALKING!

When you restrict those activities to the internet, it's cyber-stalking.

Why is stalking suddenly OK if you're trying to sell stuff? It certainly doesn't feel any less creepy to the person being stalked.

The fact that these things are done in secret and too often in spite of public denials tells me that they know at some level what they're doing is unwelcome and wrong.

If they want to cyber-stalk in exchange for a free service, then it's not REALLY free, it just happens to have a non-monetary price. Let them be honest about the price and then the users can decide for themselves how acceptable the deal is.

Re:What if it's an un-used email?

[wattrlz]

They actually use your facebook cookie, which would contain your school email, to track you. So just delete your cookies and you should be OK.

Re:Clear your cookies

[nimbius]

I've found its easier to reject all cookies and establish a list of trusted sites (banks, etc...) for whom you accept cookies. as an added level of protection in firefox, you can force these cookies to be "session only."

Re:Well

[Vectronic]

Facebook uses a e-mail address as the login.

Slight difference, and Facebook doesn't do any extensive verification either, so any e-mail address will do. Still amazes me that people don't have a dedicated "trash" e-mail for stuff like this.

That said, one of the most disconcerting things is when you first sign up, is that to a novice/n00b/idiot a lot of people would assume:

Email: _____
Password: _____
[+] Remember Me

"oh, it wants my e-mail address, oh and now it wants my password" as if they had to use their e-mail password as the login, like MS Passport, or Yahoo, or GMail, or even a legitimate one.

They have since (I signed up about a year ago) changed the sign-up though and added Create Password, as well as a "password strength" (Weak/Med/Strong) thing.

But yes, even when you are not signed in, I imagine they track the cookie (or possibly any number of Java "you need this to do this" crap on the site). PLUS, if you sign in without checking the [+] Remember Me, close the site, and go back to it, it signs you in automatically, and I'm not sure how long that takes to 'expire' if ever, it only removes it if you sign-out before leaving, otherwise you sign in automatically.

Re:Well

[bartok]

If you use Firefox you can also block it:
http://www.ideashower.com/blog/block-facebook-beacon/