Facebook's 'Like This' Button Is Tracking You

Stoobalou submitted a story about some of the most obvious research I've seen in a while ... "A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move. Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not. Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect."

No surprises here

[korkwin]

This is nothing new. We've all known this.

Re:No surprises here

[MorderVonAllem]

Sounds like any ad service like double click or whatever or analytic services.

Re:No surprises here

Yep. I've been aware of this long before Facebook even added that feature. After all, this is the reason that most email programs/sites don't display images by default because spammers use it to verify/track email addresses.

The stupid thing is that the websites just give Facebook the free space without getting anything in return. FaceBook has a free ad on every single page that sites display the Like button on, and all the site gets is the chance that the user will add it to their list of liked things, and maybe--if the stars align--their addition will be reflected in someone else's feed and make it go viral.

I'm tired of Facebook, but there really is no good alternative.

Re:No surprises here

[krazytekn0]

I'm tired of Facebook, but there really is no good alternative.

There is being social in person...but that's a little strange for us I admit

Re:No surprises here

[croddy]

tags: duh noshit noshitsherlock

Re:No surprises here

[cupantae]

Exactly. Can we get a !news tag on this?

Re:No surprises here

[CaptainPatent]

*CaptainPatent likes this*

Re:No surprises here

[dc29A]

Why is parent flamebait? If a service is free, then you are the product.

Re:No surprises here

[JackieBrown]

The stupid thing is that the websites just give Facebook the free space without getting anything in return. FaceBook has a free ad on every single page that sites display the Like button on, and all the site gets is the chance that the user will add it to their list of liked things, and maybe--if the stars align--their addition will be reflected in someone else's feed and make it go viral.

This is mutual advertising. I understand why sites add the like and share this buttons.

I know people see the stuff I mark liked because I have lost "friends" over it :)

Re:No surprises here

[sarysa]

Some people seem to have the delusion that companies actually care about who you are and why you're clicking this and that, but they only care about your statistics. They want to know that single white 27 year old female likes Lady GaGa, not that Janet Doe likes Lady GaGa...

Re:No surprises here

Anonymous Coward likes this.

Re:No surprises here

"...double click or whatever or analytic services" - Agreed. Why on EARTH do people run their scripts, anyway? I've never understood that. What do you get out of it? The web works fine for me without all that crap.

Re:No surprises here

yep,, facebook (or more correctly, website using it) is ruining the web.

Of course, cnn now reads tweets as part of their news. And what was once CourtTV is now youtbue videos with commentary from tonya harding and frank stallone.

fuck it, where's the "do not like" button?

Re:No surprises here

[gorzek]

Yeah, that's what I use it for: advertising. Not to make money from it, either, but rather just to get the word out.

If someone is not a Facebook member I wonder exactly what they're so worried about, though. As mentioned, Google and DoubleClick and other analytic services do the same thing with your anonymized data, and in return you get statistics about the people visiting your site. That's what companies who base their revenues on advertising do. They all want to track you and aggregate your data so they can target ads more effectively. If someone doesn't like that, I would suggest disabling all cookies and JavaScript as well as using a proxy, just to be safe.

Re:No surprises here

[rwa2]

Meh, facebook is just connective tissue; grey matter. I don't really use it all that differently from twitter... actually most of my FB posts come from twitter.

The real content gets posted to Slashdot, LiveJournal, Blogspot, Flickr, Picasa, Youtube, etc., sometimes even Buzz. Twitter / FB are just open / closed syndication engines for that content, sort of like a consolidated form of RSS with some extra integration features.

Relevant to the actual subject, StumbleUpon has always provided a much better "Like" button... since it includes a "don't like" button and actually does something useful with the information you provide by giving you more random links that you would probably like based on what you have in common with the other people who liked that link.

Strangely, I have no desire to share this StumbleUpon "like" information with the rest of my IRL friends on FB / twitter, partly because our pr0n tastes can be quite different, but in general I just don't care to share links as a feed. If there's an article someone should read, I send them a directed email. If I find something funny, I might go so far as to post it to our IRC channel.

Come to think of it, I think FB / Twitter might just be some sort of gap filler for people who don't lurk on IRC.

Re:No surprises here

[Nightlight3]

It's trivial to block this -- just add a batch file nofb.bat that replaces your host file with the one that has facebook redirected to 127.0.0.1. If you use fb and wish to actually go there, you can have another bat file, gofb.bat which changes host file back to the one with facebook entry commented out (the bat file may call a little executable that flushes local DNS cache on your machine by resolving the affected domain name). In general case, if you wish to do this selectively for n tracking sites, with n>1, you will need one bat file that blocks all of them and one for each site that has just one site site unblocked, hence you need n+1 bat files. Also, going to any of the tracking sites to use their services will also cost you an extra click for in and out.

Note that google, digg and many others are doing the same kind of tracking, whether you subscribe to their site or not. You get ID on their servers attached to your cookies, tracking your visits anywhere where their bug is placed. That way they can sell to some site A which you are visiting now the fact that you have also visited sites B, C, D, ... earlier (when and how many times each, what kind of content you used there, etc). Of course, if the tracking servers know who you are, they can also sell that info to sites A, B, C..., at a higher price.

Re:No surprises here

[icebraining]

If you load their images, they can still track you, including setting HTTP cookies.

Re:No surprises here

Why on EARTH do people run their scripts, anyway?

Because the out-of-the-box default behavior for every popular browser is to download everything referenced, pass whatever cookie it happens to have whenever it does that, execute every such downloaded script, and so on.

Facebook isn't really the problem here. Our browsers are.

Re:No surprises here

That is why I block ads and don't allow third party cookies to be set.

Re:No surprises here

[bhcompy]

Or you can use noscript and enable it on the fly in the browser, which is a lot more efficient than running through a batch file

Re:No surprises here

[Magic5Ball]

Simpler way:
Block www.facebook.com and facebook.com (which serve the offsite like buttons and such).
Allow m.facebook.com (which doesn't serve like buttons or any scripts).

The result is an ad-free light-weight facebook page without app spam in the feeds, faster page loads off-site, and no Flash cookies or other persistence, without batch file hackage.

Re:No surprises here

[oldspewey]

It's trivial to block this --

I'll give you $100 if you can somehow explain this process to my barely-computer-literate-but-facebook-loving relatives.

Re:No surprises here

Well, all you need to do is get rid of flash and you have successfully blocked out 99% of the internet! Yay for you! You can now only view a very small subset of the real internet! (Just like the iPad!)

Re:No surprises here

[TheGratefulNet]

stop the whole concept of 'mobile code' that runs on the browser.

bad idea from the start. putting WAY too much trust in 'webmasters' (cough) to let them run code on my machine! 9 times out of 10, its JUST to show ads and slow down my entire system (keyboard response and all).

Re:No surprises here

I'm tired of Facebook, but there really is no good alternative.

Why do you an alternative to facebook?

Re:No surprises here

[Logical+Zebra]

Firefox equipped with NoScript and Adblock Plus will do 99% of that without having to write code.

Re:No surprises here

[bhagwad]

This really shouldn't surprise anyone. I've long known that Facebook's like button is really slow and this seems to confirm my suspicions. I'd love it if Google came up with something similar - buzz is too much effort. Just a "like' button would be great.

Re:No surprises here

I tried being social in person all I got was alcoholism.

Re:No surprises here

[mujadaddy]

127.0.0.1

Wouldn't that cause a noticeable delay while the response timed out? Wouldn't a legal but "nonsense" IP like 0.0.0.0 work faster?

Re:No surprises here

[pete_norm]

Because he it useful!

Re:No surprises here

[dwinks616]

You can't tell me they'd rather send you ads they THINK you'll like based on age, sex, income versus sending you ads they KNOW you'll like. They use general stuff like age, sex, etc because they don't know what else to do, YET. And I'm sure they are trying.

Re:No surprises here

[Anachragnome]

"Or you can use noscript and enable it on the fly in the browser..."

Or you can just use NoScript ALL THE TIME. And I'll second that with Ghostery.

If you use Flash, use FlashBlock and only let through the stuff you want. Flash Cookies seem to be the way everyone is working these last few months, so much so that I think people are using Flash in their webpages as a pretext to drop Flash Cookies.

Re:No surprises here

[RenderSeven]

I'm tired of Facebook, but there really is no good alternative.

I'm tired of Facebook because it needs no alternatives. Narcissists may need an outlet but they always have, but I dont need to be part of their constant need for attention. The one thing I thank Facebook for, is teaching me that my 'friends' have boring lives, and they have as little real interest in my life as I do in theirs. I find myself encouraged to go DO things that are worth posting, and having DONE something really worthwhile the reward has nothing to do with posting it on Facebook.

Re:No surprises here

[hairyfeet]

That is why NoScript and Adblock Plus are Godsends. With those two extensions only I decide what will be run and where, not some website or worse third party ad server. With the huge amounts of "malware hidden in ads" we have seen lately one would have to be a little nuts to just let anything run willy nilly anyway. A site has to prove to me they can be trusted before I allow ANY ads, and if they betray that trust it is right back onto the blacklist they go. And whether they are allowed or not I have FB set as a no-no. Considering how easy it is to add those tools to FF if you don't want to be tracked everywhere it only takes a couple of minutes to kill that crap dead.

Re:No surprises here

[coolsnowmen]

HAHAHAHAHAHAa
I come from a family of geeks, so it wasn't until I got married, and met my in-laws that I realized that not everyone can edit their hosts file, delete registry settings, and set up an Apache web server.

Re:No surprises here

[coolsnowmen]

Possibly not. Your local computer may respond quite quickly with either "there is noting on port 80 at all", or "yes you have a web server running, but 404 not found, this page does not exist"

Re:No surprises here

[Jesus_666]

Of course this means that every other website you visit now depends on four or five different servers which may or may not respond in a timely manner (and some go overboard and use ten different tracking services). This can be very frustrating.

I now block all advertising/tracking/social networking-related domains I am aware of (with the trackers being handled by a regularly-updated Firefox extension) because the internet is much faster if your browser never loads content from notoriously slow domains like facebook.com or google-analytics.com.

I would actually be more receptive toward tracking if it didn't mean that every once in a while a page will load unbearably slowly.

Re:No surprises here

[sarysa]

Oh, it's definitely deeper than my one-liner up there, but they only know as much about you as you submit to them. (granted, computer alias can tell a lot) The spirit of what I was trying to say is not lost -- they really just want to figure out ways to sell you stuff with a higher clickthrough rate. The summary, on the other hand, has a bit of a Glenn Beckish FUD tone to it. Having cookies unchecked over a year will take ads from being analytics-driven stereotypes to more accurate ads based on your personal likes and dislikes, but it's still nothing to be afraid of. If anything, it's funny to see what happens when your SO starts rating stuff while you're both browsing on your personal PC. I get some weird recommendations from Hulu these days.

To be fair, I absolutely think Facebook has serious privacy issues. I realize now that anything I do there, despite how private I set it to be, will eventually be readable by anyone on my friends list -- friends, family, and co-workers. I hardly use the site anymore for that reason. TFA isn't in line with those issues.

Re:No surprises here

[mujadaddy]

Well, many home routers use 127.0.0.1 as the Info/Config page. I think mine uses 127.0.0.2, but still...

Re:No surprises here

I use a recursive resolver on my computer (Unbound) and have this in its config file:

        local-zone: "facebook.com." static
        local-zone: "googlesyndication.com." static
        local-zone: "google-analytics.com." static
        local-zone: "doubleclick.net." static

and quite a few more. These entries create zones which are empty and override the real zones. As far as my computer is concerned, facebook.com does not exist and none of its subdomains either.

Re:No surprises here

[GuruBuckaroo]

Well, many home routers use 127.0.0.1 as the Info/Config page. I think mine uses 127.0.0.2, but still...

I hate to be negative, I really do. However, this post merely illustrates that you have absolutely no idea of what you are talking about.

Unless your router has a monitor and keyboard attached to it, it is impossible for any machine to talk to any other machine using any address that starts with 127. These are "localhost" addresses that always, always equate to the same machine the request originates from. In other words, your workstation.

I'm pretty sure your router actually uses something more like 192.168.0.2. Linksys routers will default to 192.168.1.1, for instance.

Re:No surprises here

"The stupid thing is that the websites just give Facebook the free space without getting anything in return."

I wouldn't say they get nothing in return - don't 'likes' show up on people's news feeds such that their friends could end up being exposed to whatever webpage their friends like and thereby increase traffic to the site?

Re:No surprises here

It gets turned over with no warrant or subpoena to Total Information Awareness, and now you're being singled out for fitting a terrorist profile.

Re:No surprises here

[camperslo]

Go to NoScript prefs, Advanced tab, ABE button, select "user" under Rulesets, add this rule to the right:

Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny

I read that it blocks the Facebook open graph API when on other websites.

Another one for the hosts file too?

Re:No surprises here

[mujadaddy]

Yes, I made a mistake.

Re:No surprises here

[VisceralLogic]

It's trivial to block this --

I'll give you $100 if you can somehow explain this process to my barely-computer-literate-but-facebook-loving relatives.

Simple: "Call up oldspwewey, he knows this stuff!"

Re:No surprises here

The real content gets posted to Slashdot, ...

You're new here, aren't you?

(Looks at id.)

I mean, welcome back. It's been a while, huh?

Re:No surprises here

[silanea]

[...] they only know as much about you as you submit to them. [...]

To me there are two problems: First and foremost, it is increasingly hard to find out who is included in that latter "them". So many external resources are linked in websites, from JS libraries to advertising to tracking cookies from collecting societies to Flattr to Facebook to Amazon to what the hell else there is, that even with Adblock Plus and NoScript I am sometimes overwhelmed with what to block and what to allow. And it is only getting worse.

The second problem is that basically legitimate features are spreading beyond what is tolerable from a privacy-oriented point of view. I have a Facebook account under a fake name and registered to an e-mail address that I do not use anywhere else. I do share links and other resources through this account with contacts there. But I do not want Facebook to know what other websites I browse. I would have to go through quite some trouble to maintain perfect separation of concerns in day-to-day browsing. That is unacceptable. Browsers need to catch up to what is reality in the web of 2010.

Re:No surprises here

[hitmark]

Yep, it's quite a eyeopener how fast a page loads right after one installs noscript.

Re:No surprises here

[rjstanford]

Actually, Safari defaults to not allowing 3rd party cookies, including on the iPhone. Not sure about the others.

Re:No surprises here

[sarysa]

Oh, I agree with you fully re: Facebook's policies. Ever since the privacy issues earlier this year I started quarantining Facebook -- Linux partition only while using the Chrome browser. (since I typically use Firefox for everything else) Never use it on Windows (I'm 90% Linux and 10% Windows use on my home PC) so good luck with Facebook tracking me with my own information. IP address? Pfft, there's two other internet users in the house with wildly different interests from my own. So if Facebook ever comes up with a "sarysa's recent websites", it'll be really empty.

Re:No surprises here

[the+biologist]

Meh, facebook is just connective tissue; grey matter.

"Grey matter" refers to the nervous tissue you think with. "White matter" refers to nervous tissue primarily consisting of nerve axons.

Neither count as "connective tissue".

Re:No surprises here

[uninformedLuddite]

I didn't know it. I don't think much about Farcebook let alone its inner workings/failings. Is there something wrong with me?

Re:No surprises here

[tsa]

Yep. I have been on a short holiday to Maastricht and Aachen a while ago. After having looked for hotel rooms on the Web I was bombarded with ads about hotel rooms in Maastricht and Aachen for weeks afterward.

Re:No surprises here

Laugh all you want at IE, but turn on IE8's InPrivate Filtering (not to be confused with InPrivate Browsing, i.e. porn mode) and it drops everything that shows up on more than X number of sites. It has the side effect of killing most ads too, but it gets rid of all this tracking crap. Note that it will end up dropping jquery too, but you can import rules to allow specific things.

Re:No surprises here

I'm guessing "the pedantic biologist" was already taken when you signed up? ;)

Re:No surprises here

[KeithH]

Could you elaborate on these instructions please? Why is there an Accept line? Without knowing the specifics of the syntax used, this rule looks like it denies nothing. Also, you wrote "I read ..." - can you provide a reference please? Thanks, Keith

Re:No surprises here

[camperslo]

My initial reaction was similar. I'm not familiar with the syntax, but concluded it functions a bit like some kind of If / Else statement.
The If part applies when at facebook and that other domain, the else applies the Deny everywhere else.

With that entered Firefox often brings up a notification at the top of a page showing data that would be passed to a php plugin at Facebook. So it seems to work fine, I just wish it'd auto-hide the text after a short delay so I didn't have to click a close button or lose some screen space.

I didn't save the URL of where I found the entry a while back, but a post near the end of the thread below has what looks to be a slightly less efficient version of the same thing.

I think it's fairly harmless to experiment since the NoScript feature is for application blocking - it should only disable, not enable.

http://www.broadbandreports.com/forum/r24132642-Blocking-Facebooks-Open-Graph-API

Re:No surprises here

I'm tired of Facebook, but there really is no good alternative.

There is being social in person...but that's a little strange for us I admit

LOL,That's funny.So true.

Re:No surprises here

[camperslo]

A little more.... The pre-entered System ABE rule also illustrates things well, allowing local resources to be accessed locally, but blocked from outside.

The NoScript prefs notifications tab has a checkbox that can turn off the ABE blocking-info display.

Here's a bit more discussion:

http://www.in8sworld.net/blog/archives/1512
http://theharmonyguy.com/2010/04/26/facebooks-open-graph-still-faces-semantic-web-hurdles/

Re:No surprises here

[ffreeloader]

Why is parent flamebait? If a service is free, then you are the product.

You're kidding me, right? You can't understand why sarcastically flaming someone you agree with is modded as flamebait?

duh

duh.

Naw, really?

[drunkennewfiemidget]

I'm not a doctoral candidate, and I could have told you that.

Facebook's primary objective is data collection and selling it to marketers. It's kind of what they do.

Re:Naw, really?

[shadowrat]

maybe the writer is going for a PHD in fear mongering.

Re:Naw, really?

[cupantae]

...or in the bleeding obvious that has already been told to everyone that didn't work it out.

Re:Naw, really?

[DerekLyons]

Not so different from Google...

Re:Naw, really?

[The+Great+Pretender]

Obviously, Tilburg University for Law = Hollywood Upstairs University - doctoral degrees for $6K, no exams to take

Re:Naw, really?

[AP31R0N]

If the site is free to use, YOU are the product.

Wait so...

[Haedrian]

Facebook is actually using personal data and information which its collecting for me... in order to make profits? Facebook is tracking me in order to learn more about me?

Who would have thought that an innocent company like Facebook, with no privacy issues ever - would stoop to that?

I am shocked! This internet thing is so new to me.

Perspective, kthxbai

[girlintraining]

You have a website that has pictures of you, your current whereabouts, mood, who you like, where you live, work, sleep, and every interaction with anyone else has just as much information pulled out and sorted. And you're bothered by the Like this button?!

Re:Perspective, kthxbai

[TitusC3v5]

/likes

Re:Perspective, kthxbai

[Faylone]

Even if you're not going to read the article, could you at least read the summary? Even if you don't use Facebook, you're still being tracked.

Re:Perspective, kthxbai

[BitZtream]

The problem is that it is tracking ME. Someone who has NEVER had and NEVER WILL HAVE a facebook account, because I visit some random companies website and they have that retarded Like It button.

This has nothing to do with tracking facebook users, it has to do with tracking EVERYONE regardless of their facebook account, or lack of one.

In reality though, its no different than any other web tracker, except now instead of using 1 pixel sized transparent GIFs, they put a visible button on the page.

Re:Perspective, kthxbai

[_Sprocket_]

Yes. Perspective. What you choose to share with Facebook may be very different than what Facebook gets to know about you due to the proliferation of their "Like this" widget. And as others point out, not everyone chooses to share anything with Facebook.

Re:Perspective, kthxbai

[Gordonjcp]

The problem is that it is tracking ME. Someone who has NEVER had and NEVER WILL HAVE a facebook account, because I visit some random companies website and they have that retarded Like It button.

How exactly are they tracking you? They don't know anything about you, since you don't have a facebook account.

Re:Perspective, kthxbai

[gstoddart]

Even if you're not going to read the article, could you at least read the summary? Even if you don't use Facebook, you're still being tracked.

Unless you're running noscript, and have set your browser to ask you before you set cookies. At which point, Facebook can go pound sand.

Seriously, "ask before setting cookies" is one of the best features ever added to Mozilla (after tabbed browsing). However, this doesn't help Joe Sixpack, which is unfortunate.

Re:Perspective, kthxbai

[Sloppy]

They're tracking him because his user-agent downloads stuff from facebook every time it sees an iframe or script or img tag that points to flickr. Thus, it can do anything a doubleclick "tracking pixel" or "web bug" can do. And while that may be limited, it certainly isn't particularly limited by the fact that he doesn't have a facebook account.

People didn't (as far as they knew ;-) have doubleclick "accounts" either, but there was still widespread loathing, until eventually everyone (and by "everyone" I really mean "a tiny fraction of the population") told their local dns to return their localhost whenever it needed to resolve the doubleclick name, or started using more sophisticated browser or proxy based blockers, or whatever. Then once those people did it, they stopped bitching, so laymen stopped hearing that there was a problem.

Re:Perspective, kthxbai

[killmenow]

It also becomes a PITA fast. I run adblock and noscript and a number of sites just plain DO NOT "downgrade" gracefully. Many only half-ass work. Many others don't work at all. And I had to remove noscript from the home PC because my wife was sick of either not being able to use the web sites she actually wanted to use or the constant popups that she was just ignoring and clicking "YES" to anyway because fuqitol she just wants to check something on one of her favorite websites not be pestered to death and annoyed to the point she'd rather subscribe to the print edition of magazines than bother going through the root canal of visiting their websites.

That being said, I don't have a facebook or twitter account any more and block every domain and IP I can find that is tangentially related to them (and google analytics, etc)... But I know slashdot is tracking me everywhere I go. DAMN YOU COWBOYNEAL!!!

Re:Perspective, kthxbai

[killmenow]

They have an IP address. And every site you visit that has any integration with Facebook turned on. And the time and dates you visit those sites. And the characteristics of the browser you're using, the OS on your computer as well and what plug-ins you currently have installed and/or enabled in said browser. That's a lot to know about someone who doesn't even use their services or ever have anything to do with them.

Re:Perspective, kthxbai

[Xanbreon]

If you use chrome, have an easy way to "get rid" of facebook: (well its a few extensions, but never hurts)
General Widget Blocker
Facebreak, locks the "likes" from loading
FaceBookBlocker, blocks all the other facebook junk
Facebook Disconnect, stops the tracking
That lot will kill facebook and quite a lot of other similar things. Im sure theres extensions that do the same thing for firefox etc!

Re:Perspective, kthxbai

[Lord+Byron+II]

Noscript and "no cookies" are a start, but there's been plenty of evidence that the marketers are starting to dig even deeper than that. For example, linking all of the pages you visit (on their ad network) via IP address and Flash cookies.

And so many sites are using Javascript for the simplest things (like displaying images) and benefit from logons (Slashdot included) that it's really hard to just surf anonymously like we did 15 years ago.

I can only imagine that this is going to get much, much worse before it gets better.

Re:Perspective, kthxbai

[hedwards]

That aspect bothers me. I think a lot of us assumed that since we haven't agreed to let them do it that they shouldn't be allowed to do it. The main reason being that while doubleclick and Google Analytics don't have a particular agreement involved, Facebook does, and if you don't like their terms you don't create an account.

That makes it fundamentally different as Facebook advertises itself as a social network site. Most people would tend to assume that if they don't have an account that the button doesn't do anything.

Re:Perspective, kthxbai

[stretch0611]

They have an IP address.

You are correct. Even if you are on a DHCP network your IP will not change often if you are connected 24x7 allowing trackers to follow your IP.

However there is a solution. I block facebook and other major trackers at my router with a firewall rule. Any attempt to connect to facebook (or fcbkcdn) will be interrupted. If your router is not capable of blocking sites consider reflashing your router with dd-wrt, or use the simple technique of adding the domain you wish to block to your computer's host file pointing to 127.0.0.1. This will keep your home ip out of their logs and you will be virtually unknown to them

Thats for the home, if you use wi-fi (or a different network) on the road, use ghostery, no-script, and better privacy. This may not block your known ip address (depending on how your extensions actually work,) but you are on a public network that will not be associated with just one person/computer.

Re:Perspective, kthxbai

[Gordonjcp]

That does sound a bit "ZOMG YOUR COMPUTER IS BROADCASTING AN IP ADDRESS!!!11!!!one!!1" though.

Give me a compelling reason why I should care if Facebook know I visit two different sites with Facebook "Like" buttons on them, without knowing anything else about me.

Re:Perspective, kthxbai

[KiloByte]

... and like those 1x1 transparent gifs, they deserve nothing but getting added to AdBlock -- or your DNS-based block list.

Re:Perspective, kthxbai

[John+Hasler]

There is no such reason, of course. They don't even care about you qua "you": just certain statistical entities.

Re:Perspective, kthxbai

[John+Hasler]

What catastrophe will ensue if "they" do learn your IP address?

Re:Perspective, kthxbai

[Uzuri]

RequestPolicy makes it a lot harder for them to play that game.

Of course, it also makes it a lot harder to actually load any particular site. Amazing how many places load stuff from a dozen different places.

Time For

Facebookgate.

Yours In Electrogorsk,
K. Trout, C.I.O.

Are you kidding?

[Monkeedude1212]

If you even have a facebook session going - and the controls for a "Like this" button are on the page, I wouldn't be surprised if that information gets stored.

"Hey you're logged in! Hey this control knows you're logged in, so it'll work instead of redirecting you to login. Hey, why don't we just send information back to facebook that you visitted this page, even if you didn't hit the like button!"

Would this shock anyone? I haven't proven it but its not far off nor technically impossible. In fact it's pretty easy to embed it in the control, which people just put on their pages, they hardly look at the code.

Re:Are you kidding?

[MichaelKristopeit213]

it shocks me how little you understand web technologies.

the "like button" itself is a service of facebook. the site showing the "like button" has to send information to facebook which returns the code that creates the button and executes desired actions on pressing it... that way facebook can change the style of the button and the functionality without forcing the web site operator to make the changes themselves.

Re:Are you kidding?

[MyLongNickName]

So, basically you are agreeing with him 100% but then telling him he doesn't understand web technologies.... brilliant.

Re:Are you kidding?

[MichaelKristopeit188]

the information is not passed via control of the interface... the information is passed via initialization of the interface. no information is "sent back" to facebook... it was all sent in the inital request.

you're an idiot.

It Happened Late at Night

[eldavojohn]

Facebook's 'Like This' Button Is Tracking You

I now feel I have the courage to speak out about what happened one month ago.

I was walking home from a late night shift and noticed a glassy aero blue vehicle drive by me slowly. I couldn't see inside through the blue glass reflection but the vehicle moved at an ominous pace. I quickened my pace and made hast for my house now only five blocks away. I broke into a run at four blocks, I was so close to home and safety. But I heard the squeal of tires on pavement behind me and my pulse spiked. I covered the next two blocks as fast as the wind but the blue vehicle was faster. It pulled up onto my lawn in front of me and the doors opened as I ran by it. I didn't look, I couldn't look at them but I heard pixelated fingers running through the grass as I scrambled to find the key to open my front door.

I opened the door and turned around to slam it shut but there was a blocky thumb that caused it to bounce back. My wife came in to see what the commotion was about and screamed as the first hand with its blue cuff and erect them grabbed my ankle and tripped me. "Get the children to the panic room" I screamed. And in ten seconds my family was safe but I still grappled with the blue shaded hand holding me down mercilessly as three more hands with blue cuffs came in through the open door. Another held down my other ankle as the third raised his cuff to expose his fully erect thumb. The fourth pulled my pants down and I screamed in agony as I was viciously sodomized in my own living room while my family watched from the panic room camera. For hours it went on while the fourth Facebook 'Like' hand sat their smoking a cigar, laughing and rubbing his thumb and forefinger together when I asked why they were doing this to me. Why? Again, they rubbed their thumbs together with their fingers signifying money.

The police said I was powerless, I had given up my right when I had clicked through the Terms of Service to join Facebook. Zuckface could do whatever he wanted to do to me and I was powerless. The policemen told me to go back to my Farmville and watch my crops and just be happy the 'like' hands had left me alive, at least the Zuck had shown some mercy. Then they excused themselves and cautiously walked out to their squad car, hands ready on their sidearms, alert for any remaining 'like' hands.

It happened to me and it could happen to you.

Re:It Happened Late at Night

[geegel]

Funny? Troll?

Head explodes

Re:It Happened Late at Night

[truthsearch]

Thanks for the story. Now I won't be able to sleep tonight.

Re:It Happened Late at Night

[Junior+J.+Junior+III]

This post is exactly why Slashdot needs to implement a Like button for comments.

Re:It Happened Late at Night

[Rikiji7]

do you want to be tracked by slashdot buttons also?

Re:It Happened Late at Night

[vux984]

The police said I was powerless, I had given up my right when I had clicked through the Terms of Service to join Facebook.

The like hands are chasing me too. But I have not joined facebook, and I have not clicked through their terms of service.

Re:It Happened Late at Night

[backdoc]

This is too funny. Good job.

Re:It Happened Late at Night

[Ash-Fox]

do you want to be tracked by slashdot buttons also?

No, he wants a one click 'slashdot this site', to take down enemy sites.

Re:It Happened Late at Night

[Junior+J.+Junior+III]

No, I want to Like the comment so it shows up on Facebook.

Move along, nothing new to see here...

[KingRobot]

Not only is this pretty obvious (how do they think Facebook is trying to make money), but there are much bigger fish to fry. Did the researcher consider Google's Analytics, much more widely used than Facebook's "Like" button? Or how about any of the numerous other internet advertisers scattered across the internet who are well known for this kind of activity?

Re:Move along, nothing new to see here...

[Bucky24]

Google Analytics is used by site owners for measuring traffic on a site. Based on what it is supposed to do, I doubt anyone who has paid attention to the news recently would be surprised that Google archives that data too. It is DESIGNED to be doing this sort of thing. I think the surprise here for most people is that the "like" button appears to be just a simple innocent image-no one suspects that it would be logging website traffic.

Re:Move along, nothing new to see here...

[dreampod]

While it isn't surprising, it is important to keep noting the ongoing invasion of privacy that occurs online. Analytics is pretty upfront about the fact that it is going to be collecting data while Facebook Connect is not and adding it to a site is likely to be a choice made by less savvy marketing types rather than the technically inclined who would automatically assume anything that can track will be tracking.

It is also worthwhile from the fact that it covers how it tracks non-facebook users and how if they ever did get facebook (or log onto it) that it is capable of associating the entire history with all the other data now available.

ABP

[scheveningen]

And that is why we like Add Block Plus. Not only does it protect some of your privacy, it also speeds up your page loading.

Re:ABP

Specific Adblock Plus filters if anyone needs them:

||facebook.com^
||facebook.net^
||fbcdn.com^
||fbcdn.net^

(Add $third-party after the ^ if you want to still use Facebook but block the buttons on other sites.)

Re:ABP

[noidentity]

And that is why we like Add Block Plus. Not only does it protect some of your privacy, it also speeds up your page loading.

Unfortunately it makes your CPU slower, because it has to translate all the blocked ADD instructions into a NEG SUB pair.

Re:ABP

[scheveningen]

funny, and I stand corrected for my spelling.

Re:ABP

[Lucas+Jones]

They've rebranded Ritalin?

Re:ABP

ya but did you have ^demandbase.com ?

Re:ABP

With a name like "Add Block", it sounds like it just blocks people from adding you.

Uhm yea

[mwissel]

I'd say the Facebook Like-Button qualifies as "confines of its own web site" as you will send a request to it. This is not spooky at all and everyone should know by now that Facebook's attitude about privacy is evil, whether he's Internet literate or not.. Too less news for news imho :(

Re:Uhm yea

[hedwards]

The issue is that it presents itself as only applying to people that have agreed to the terms when in fact it applies to everybody that visits the page whether or not they've agreed.

Not that hard to kill facebook's tracking

[gurps_npc]

Noscript, Taco with Abine, BetterPrivacy.

Re:Not that hard to kill facebook's tracking

[jo_ham]

Even easier, I just keep Facebook sandboxed in a totally separate browser that never visits any other website. This browser is also equipped with adblocking, script blocking and so on.

They can't track you if you don't go anywhere. I also never click on links in facebook posts or on the facebook page - I copy and paste them into a text file and strip off any added facebook nonsense to get to the actual URL.

Re:Not that hard to kill facebook's tracking

[nospam007]

Just Ghostery gets rid of 390 trackers for me.

Re:Not that hard to kill facebook's tracking

[BitZtream]

Except the article is about facebook tracking everyone on sites other than facebook, such as when you go to some stores website and they have a 'Like It' button for all their products ... facebook is tracking you and that you've viewed that item, regardless of wether you have a facebook account or not.

But don't bother reading the article or even the summary or anything.

Re:Not that hard to kill facebook's tracking

[dreampod]

That isn't going to help you. If you had read TFA you would know that this is about the Facebook Connect 'Like' buttons that have been showing up on many of the popular websites and how it tracks you behaviour even if you aren't signed up with Facebook. Essentially Facebook has become another cross-site marketing tracker which given their abysmal outlook on privacy shouldn't be a surprise but is still worth noting because of their prevalence.

Re:Not that hard to kill facebook's tracking

[Tr3vin]

That doesn't protect you from tracking if you go to any other sites without ad-block, noscript, etc. from the same IP address.

Re:Not that hard to kill facebook's tracking

[mlts]

+1. Best place to keep FB is on its own Web browser separated from everything else using SandboxIE or a VM. Then on the other Web browsers used for general browsing, have their cookies auto-blocked. If you want to "like" something on FB, cut and paste the link into the FB browser.

Re:Not that hard to kill facebook's tracking

[shoehornjob]

Use a junk browser only for facebook and restrict cookies. Clean cache cookies thouroughly and often.

Re:Not that hard to kill facebook's tracking

[jo_ham]

I have an adblocker that keeps that crap off the page in my primary browser - I don't see those facebook "like" boxes.

Since the "clean" browser also has no idea about my facebook information, any tracking they are doing is totally unconnected to me.

Re:Not that hard to kill facebook's tracking

[Sonny_Jimbod]

I wouldn't trust Abine with anything after the way they sneakily bought out a trusted extension and shoe horned in their crap: http://www.theregister.co.uk/2010/06/17/firefox_taco_addon_beefs_up/

Re:Not that hard to kill facebook's tracking

[seandiggity]

Noscript, Taco with Abine, BetterPrivacy.

Too bad TACO/Abine had a release in June that was ridiculously bloated and annoying. I got a dozen or so e-mails/phone calls/IMs in the days the update went through, and I told everyone whose comp I had recommended/installed it on to get rid of it. There's no reason to trust that it won't happen again. As far as trustworthy ad-blockers go, I'd add Privacy Plus, Optimize Google (formerly Customize Google), and Facebook Beacon Blocker (although I don't know if Beacon is defunct or not, and this add-on hasn't been updated recently).

Re:Not that hard to kill facebook's tracking

[seandiggity]

...apparently the pre-Abine version of TACO has been forked as Beef TACO, so I'm giving it a second chance on this machine...hopefully it doesn't ever get updated with the Abine crapola.

Re:Not that hard to kill facebook's tracking

[mdm-adph]

You'd think that, but with a loose geolocating of your IP address combined with profile information such as the types of fonts you have installed, your user-agent string, screen resolution, etc. (all information transmitted by your browser), they've pretty much got us narrowed down to whatever computer/location we're at, even if you sandbox with another browser.

Re:Not that hard to kill facebook's tracking

[Lew+Perin]

Not to start a browser religious war, but right now in Chrome (7.0.517.44), selective blocking of cookies doesn't work. I just did the following:

- removed all Facebook cookies;

- set Chrome to block facebook.com cookies selectively;

- visited Facebook.

The cookies from Facebook were back. Maybe I should add that, in the words of leftists from 60 years ago, "I am not now, nor have I ever been, a member" of Facebook.

Dislike

[junkfish]

Where is the Dislike Button for this?

Re:Dislike

[The+MAZZTer]

I think it's the "Block all cookies from facebook.com" option in your browser.

No shit

[Picardo85]

No shit that the "Like" button tracks you ... everything on facebook is marked, tracked and cataloged ... it'd be crazy to do otherwise. This is the reason though why i don't press the "Like" button on commercial stuff.

Re:No shit

[Sloppy]

You don't press the like button? Dude, by the time you have seen the like button, you have already interacted with Facebook. Whatever it was that you wanted to avoid by not pressing the button, you probably didn't avoid.

Re:No shit

[hedwards]

Won't help. I've never clicked on that button and yet I had to remove the Facebook cookie earlier. Normally I'd have it completely blocked, because of this sort of thing.

Plugins

[mr100percent]

This is why I use plugins like Defacer, which hides the iframes for Facebook and (coming soon) the other Share buttons.

Re:Plugins

[Anti-S]

AdBlock exception rule: ||facebook.*$domain=~facebook.com|~127.0.0.1

Re:Plugins

[EvilIdler]

Defacer is great, and it automatically removes (part of the) button clutter. For some added Google protection, there's also this: http://www.orbicule.com/incognito/

I'm not sure if Top Sites in Safari load all scripts, but at the very least it loads images, which are also used for tracking, therefore Defacer is probably not enough.

Re:Plugins

[assemblerex]

Thank you oh wise one, 9 blocked attempts on one page! Why is this score 1??

Re:Plugins

[IronChef]

I was about to send you a fruit basket 'til I saw that extension was Safari only.

A quick search found "Facebook Disconnect" for Chrome... anyone have a recommendation for Firefox?

Re:Plugins

[janwedekind]

There's also a filter subscription for Adblock Plus to block social annoyances: Fanboy Annoyances List (I found it thanks to this article).

Re:Plugins

[Resident+Netizen]

Facebook Blocker 1.2 Firefox Add-on works for me.
https://addons.mozilla.org/en-US/firefox/addon/212323/

Re:Plugins

[Resident+Netizen]

Thought I posted this earlier, but I guess I muffed it.

Facebook Blocker 1.2 is a good addon for Firefox.
https://addons.mozilla.org/en-US/firefox/addon/212323/

They also make a version for Chrome and Safari.
http://webgraph.com/resources/facebookblocker/

Re:Plugins

Wouldn't you also need to block fbcdn.net/fbcdn.com where some of Facebook's scripts are located?

something like this:
||fbcdn.com^$domain=~facebook.com
||fbcdn.net^$domain=~facebook.com

But since I don't even use Facebook, I just use
||fbcdn.com^
(and similar for facebook.com/.net/fbcdn.net)

Re:Plugins

[yruf]

Alternative for chrome users: Facebook Disconnect. Blocks all traffic to facebook servers, but still lets you access facebook.

I Like This article

[tiedyejeremy]

SSIA? ;D

Obfuscation

[TheDarkener]

How about writing a browser extention that, in the background, visits all known sites that have the 'like' button (intelligently upgraded? That way, they won't know which sites you visited legitimately, thus the data they collect on you is worthless?

Re:Obfuscation

[DeathFromSomewhere]

Have fun crawling the entire internet on your 3mbit connection.

Re:Obfuscation

[MichaelKristopeit162]

25Mbit here...

even 1:10,000 signal to noise ratio makes the data useless... and the actual ratio would be significantly higher.

in other news

[blair1q]

every time you shower you're in danger of getting wet, and supporting socialist water works

Re:in other news

[Scrameustache]

every time you shower you're in danger of getting wet, and supporting socialist water works

This is about getting splashed from outside of the shower.

Re:in other news

[blair1q]

If you're standing outside the shower holding the shower wand in your hand and you turn on the water, what else do you expect?

It's a TRAP!

[shadowrat]

The article spins a good yarn about how evil and underhanded the facebook button is, then puts a facebook like button right at the bottom.

Re:It's a TRAP!

It's not a Facebook "Like" button though. Appears to be an internal "thinq.co.uk" button.

Beacon

[Thelasko]

The beacon is back, and better than ever.

Re:Beacon

Mmm... beacon.

Hardly news

[geegel]

I've been noticing this some weeks ago when, on cnn.com, a widget informed what my friends like.

I basically developed the habit of logging out of FB every time, it's not that hard.

As for the Adblock/Noscript solution, I refuse to use it. I wore the hat of a webmaster and I know how important advertising is.

Re:Hardly news

this has been replied to the previous 15 people who said something like this, but what TFA is talking about, is it's tracking you via cookies and possibly other manners regardless of if you are logged in, or even have an account at all.

Re:Hardly news

[Attila+Dimedici]

You seem to be missing the fact that Facebook is using this to track me, someone who has never joined Facebook. This is the sort of thing that is the reason I have not joined Facebook.

Re:Hardly news

[geegel]

I honestly doubt that this is how it works. When I'm not logged in, that data does not appear. Also for the sake of clarity I must bring to light the fact that I have several FB accounts. This might screw their profiling (the profiles have wildly divergent interests and behaviors).

Again, this is only my personal account, so take it with a grain of salt.

Re:Hardly news

[drinkypoo]

As for the Adblock/Noscript solution, I refuse to use it. I wore the hat of a webmaster and I know how important advertising is.

How important it is to sites that depend on polluting your mind, you mean.

Re:Hardly news

[geegel]

I'm not going to argue with you on this topic. It is a personal choice, which I made based on my personal experience. You are free to have your own opinion, just don't judge others who choose to think otherwise.

Re:Hardly news

[gstoddart]

As for the Adblock/Noscript solution, I refuse to use it. I wore the hat of a webmaster and I know how important advertising is.

Well, I wasn't going to click on the ads anyway, so I'm sure as hell not going to use my bandwidth to view them. Just because you signed a contract with someone who sells ads, doesn't mean you signed one with me -- I don't ow any advertiser my time, my eyeballs, or my bandwidth.

If your site folds because I didn't allow ads, well, your site would have folded anyway, and someone else will likely have another one.

Re:Hardly news

[geegel]

Ok, I'll bite. How do you know that you won't click the ads, if you don't even visualize them?

As for the "owing" part, you have no argument from me, I only see it as a gesture of politeness

Re:Hardly news

[drinkypoo]

You are free to have your own opinion, just don't judge others who choose to think otherwise.

That is a load of dingo's kidneys. The brain is one big meat-based discrimination machine. It lets you make yes/no decisions in an analog world. You felt free to share your opinion, and have clearly already made your own related judgments, but you don't want to hear anyone else's. You do not have the right to not be offended.

Re:Hardly news

[Reziac]

I don't use adblock because I use some basic settings (no flash, block unrequested popups, block images from certain servers) that filter the real crap well enough most of the time. But that's not the point:

I don't mind well-targeted ads *that don't slow things down*, but we hardly ever see those anymore. I was astonished the other day when I was at some tech site and was served simple, fast-loading ads directly relevant to the site topic itself -- and I'm like, hey, get a load of these ads that I *don't* want to block, cool!

But the constant barrage of sheer garbage taking 90% of the page-load time (and what does it say about your business model if you rely on that for revenue??!) -- either I do something to stop it or I don't visit that site at all. And that's why we've got the war we do today.

As to facebook, I'm so damned tired of its "like" widget taking its sweet time loading, stalling pages sometimes for several minutes, that I finally blocked facebook in HOSTS.

Re:Hardly news

[gstoddart]

Ok, I'll bite. How do you know that you won't click the ads, if you don't even visualize them?

Simple ... I'm not interested in what is being sold, because I'm not interested in being marketed to.

I don't click internet ads, and I never have. Where possible, I make sure not to see them. If it moves, it gets blocked -- that especially includes Flash and animated images.

Nothing about an ad on the web ever makes me think that I either care, or trust the source. After over a decade of ignoring/stopping internet ads, I can say with good certainty ... I'm not interested.

Re:Hardly news

[geegel]

Actually I do recognize the value of constructive arguments for determining your own actions. However, the tone of your reply led me to believe that such an argument would be useless in this case. Call it a digital response in an analogue world, if you wish.

If you want an intelligent debate, stick to a more polite language and less demeaning metaphors. I'm perfectly open to it.

P.S. Just as a side note, analogue choices are possible, in my opinion at least. I call it agnosticism

Re:Hardly news

[geegel]

I don't want to sound condescending, but I believe that you are missing an important part of what defines the Internet today. I'm not saying that is good, nor that is bad, I'm only saying that you're missing an important fraction, one that will likely get even more important in the near future.

I actually see an utilitarian function to vizualize the web as a whole. As tech enthusiasts, we pride in "getting" the zeitgest. Deliberately ignoring this side can undermine this goal

Re:Hardly news

[gstoddart]

I don't want to sound condescending, but I believe that you are missing an important part of what defines the Internet today.

I'm not missing it at all, I'm just not seeing it. There is a difference.

As tech enthusiasts, we pride in "getting" the zeitgest. Deliberately ignoring this side can undermine this goal

*laugh* I am old enough, and curmudgeonly enough, that there are certain parts of the zeitgeist I just don't give a damn about.

Heck, I still don't get this whole showing your underpants thing that started about a decade ago, I sure as hell don't want to hear about Survivor or Justin Beaver any more than I need to. Facebook and almost anything to do with Fox? Completely out.

If I ignore them long enough, emo kids and the continuing popularity of the 80's will just simply go away. Baseball, however, won't go away no matter how much I try. ;-)

Re:Hardly news

[gambino21]

Disabling thirdparty cookies in Firefox seemed to fix the problem for me. Now non-facebook sites can't tell who I am on facebook. I'm not sure why this is not the default setting for Firefox and other browsers.

Re:Hardly news

[Ash-Fox]

That has nothing to do with facebook's tracking. Facebook's tracking works by reading the referer url off their own site (where the image is hosted), the cookies they read are not third party, but their own that were stored on their site.

Re:Hardly news

[gambino21]

I'm sure they have multiple methods of tracking going on, but the behaviour of the facebook button on rottentomatoes changes depending on whether you have thirdparty cookies enabled or not in Firefox. You can verify it by first logging in to facebook, then playing with the setting above and loading the rottentomatoes site.

Speak for yourself

[betterunixthanunix]

You have a website that has pictures of you, your current whereabouts, mood, who you like, where you live, work, sleep, and every interaction with anyone else has just as much information pulled out and sorted. And you're bothered by the Like this button?!

You seem to be a Facebook user; I am not. If Facebook is tracking me anyway, then yes, I am bothered.

Re:Speak for yourself

[John+Hasler]

If you are in the habit of accepting and keeping every cookie ever offered to you, you were being "tracked" before Facebook got involved.

Re:Speak for yourself

[MichaelKristopeit163]

you can still be tracked by IP address, browser version, OS version, available plugins, etc...

Re:Speak for yourself

[martas]

oh chrome: wrench->options->under the hood->privacy->content settings->cookies->exceptions->add([*.]facebook.com,block). thumb defeated

Re:Speak for yourself

[martas]

that should be "on chrome" (although "oh chrome!" isn't far off, either. not that you couldn't do this with other browsers...)

Re:Speak for yourself

[Colonel+Korn]

oh chrome: wrench->options->under the hood->privacy->content settings->cookies->exceptions->add([*.]facebook.com,block). thumb defeated

Alternatively, block all facebook domains in your hosts file.

Re:Speak for yourself

Current leader in the Slashdot smug contest: admitting (true or false) that one doesn't use Facebook.

Re:Speak for yourself

[0100010001010011]

There is also Facebook Disconnect plugin for chrome.

Re:Speak for yourself

[drinkypoo]

You seem to be a Facebook user; I am not. If Facebook is tracking me anyway, then yes, I am bothered.

Every advertisement you see is tracking you. Every HTTP request tells people things about you by default. Facebook "like" buttons are just more advertisements. If you don't want to be tracked by facebook, install some sort of ad blocker and block facebook and their CDN. It's unfortunate that we have to do this sort of thing, but it's the nature of the internet and always has been. At least it's not a secret tracking pixel, which is way more worth getting annoyed about than any like button.

Re:Speak for yourself

Of course, pointing that out doesn't make you (or me) smug at all...

Re:Speak for yourself

[RazorSharp]

Exactly -- I've never visited Facebook (on my computer -- I've seen it on others'), but this article made me curious so I checked out my cookies. Surprise surprise, I have cookies from Facebook, a website I've never directed my browser to.

I accept all cookies b/c browsing the internet without doing so is just a hassle. But it should be reasonable to expect a company to keep their data off my computer when I've never visited their site. Fuck Facebook. And Fuck CNN for putting a Facebook cookie on my computer.

Re:Speak for yourself

[vux984]

If you are in the habit of accepting and keeping every cookie ever offered to you, you were being "tracked" before Facebook got involved.

For my part I *really* don't care if the website I'm visiting is tracking my movements on its own site.

I -only- get irate when that tracking starts to follow me around after I leave.

I don't use facebook, and that near ubiquitous facbook icon on pages used to merely annoy me for being a waste of space and an eyesore. But I wasn't specifcially aware that it was actively tracking me if I ignored it. Perhaps if I had thought about it, I'd have realized that it was likely wired back to facebook and tracking me, but until now I hadn't.

So I do find this interesting. Not that I needed another reason to despise facebook.

And yes, other widespread tracking systems also do bother me; I've regularly criticized google's reach between its advertising and analytics numerous times here on slashdot.

Re:Speak for yourself

[vux984]

Correct. There is no good solution. Privacy regulation may help somewhat to curb abuse by large corporations, but that's about the best we can realistically hope for.

Re:Speak for yourself

Like

Re:Speak for yourself

[gambino21]

I only recently discovered facebook's instant personalization "feature". I went to rottentomatoes and it showed movies that my facebook friends liked. This seems very inappropriate to me because how did rottentomatoes know who I am in facebook, without logging in or doing any kind of verification. Apparently rottentomatoes uses thirdparty cookies to fetch your facebook info and display it. This seems to mean that potentially any website can check who you are in facebook (if you are currently logged in). I was able to turn off this feature by disabling thirdparty cookies in Firefox.

More than anything this seems like a big privacy leak and is the fault of the browsers. This should be off by default in firefox and other browsers. If I go to rottentomatoes.com, I would expect that by Firefox would only send cookies back to rottentomatoes and should not even allow read access to other cookies while I'm on that page. The same goes for flash plugins and other scripts, etc. that read cookies, they should only have read access to the cookies for the current page.

Re:Speak for yourself

Turn 3rd party cookies off. It barely makes a difference to the "browsing experience".

Re:Speak for yourself

[Simon+(S2)]

that only blocks cookies. the like button is on fackebooks server, which gets the hit and tracks you anyway.

Re:Speak for yourself

You seem to be a Facebook user; I am not. If Facebook is tracking me anyway, then yes, I am bothered.

Actually, Facebook even has a profile about you, with friends/connections and probable likes. All connected to your E-Mail address, harvested from your possible-facebook-friends personal adressbooks.

Re:Speak for yourself

[sootman]

AFAIK "Accept Cookies... Only from sites I visit" is the default setting in Safari.

Re:Speak for yourself

[martas]

without the cookie it's not personally identifiable. all they know is "i gotz request", they don't know "i gotz request from websites x,y,z,alpha,beta from same user at these times of the day this many timez". so it don't help them none other than counting webpage popularity, which don't bother me.

Re:Speak for yourself

[VisceralLogic]

Just visited using Chrome, and the FB spot on the page asked me to log in to see what my friends were up to.

Re:Speak for yourself

[gambino21]

You do need to be logged in to facebook, I just meant that I hadn't logged in to rottentomatoes or linked the accounts in any way. Chrome has a setting called "Block all third-party cookies without exception", I think this is turned off by default. To reproduce this, uncheck that setting in Chrome, or the equivalent setting in Firefox, then log into facebook. Then visit the rottentomatoes page, and it will show your facebook account and customize the page based on info from facebook.

Re:Speak for yourself

[gambino21]

I'm not sure what the behaviour would be based on that setting. Since in this case facebook isn't setting any new cookies when you visit rottentomatoes, it's just reading existing ones. Try logging in to facebook, then go to rottentomatoes.com and see if it knows who you are.

Re:Speak for yourself

[gambino21]

I take that back, after some more testing, it seems that rotten tomatoes knows when I am logged in to facebook whether or not I have thirdparty cookies enabled. So either Chrome is not really turning off thirdparty cookies, or facebook/rottentomatoes is using something different to track me.

Re:Speak for yourself

[edxwelch]

Christ, that setting was well hidden too.

Re:Speak for yourself

Take responsibility and turn off 3rd party cookies in Firefox.

Re:Speak for yourself

[Simon+(S2)]

so it don't help them none other than counting webpage popularity, which don't bother me.

you are wrong

RTFA

If you even have a facebook session going - and the controls for a "Like this" button are on the page, I wouldn't be surprised if that information gets stored.

"Hey you're logged in! Hey this control knows you're logged in, so it'll work instead of redirecting you to login. Hey, why don't we just send information back to facebook that you visitted this page, even if you didn't hit the like button!"

Would this shock anyone? I haven't proven it but its not far off nor technically impossible. In fact it's pretty easy to embed it in the control, which people just put on their pages, they hardly look at the code.

Yes, that's obvious. The point of the article is that Facebook sets tracking cookies even for people who don't, and never did, have Facebook accounts. This effectively lets Facebook track the surfing habits of non-users as well.

Take this moment to make sure you have your browser's cookie acceptance set to "Only from sites I visit."

Re:RTFA

[Monkeedude1212]

This effectively lets Facebook track the surfing habits of non-users as well.

Take this moment to make sure you have your browser's cookie acceptance set to "Only from sites I visit."

... Doesn't pretty much every site do that? Any of Google's Doubeclick ads are notorious for going through your cookies and finding the best product to put in front of your eyes. So wouldn't any site that serves up Doubleclick ads essentially have access to that information?

Who would have thought.

[andrea.sartori]

What an astonishing surprise.

Simple Solution

Create you own website and use email.

I was wondering when someone would..

[js3]

I put put 127.0.0.1 in my hosts file for facebook after my gf dumped me and I noticed almost every website calls the facebook like.ph url when you click on a link. Very annoying when trying to navigate with the back button

Not if you...

[Posting=!Working]

Add this to your Adblock Plus filter:

||facebook.*$domain=~facebook.com|~127.0.0.1

What like button?
You can still use facebook, but they're blocked from any page that isn't facebook.com.

Re:Not if you...

Don't forget facebook.net, fbcdn.com and fbcdn.net

I made a AdblockPlus subscription blocking those for my convenience:
http://dev.mathiasbaert.be/misc/facebook-connect-opt-out.html

Re:Not if you...

Thanks! (like!) ... replacing my old facebook rules...

I also have:
||static.ak.fbcdn.net/connect.php/js/FB.Share
Not sure why I added it, but seems relevant.
Maybe copy yours for fbcdn.net?

Re:Not if you...

[bassman998]

I use the following Adblock rules:

||fbcdn.com/*$domain=~facebook.com
||fbcdn.net/*$domain=~facebook.com
||facebook.com/*$domain=~facebook.com
||facebook.net/*$domain=~facebook.com

I never see Facebook content on any site other than Facebook, and their social plugin can't track me.

Re:Not if you...

[asvravi]

Cool! You should make this into a separate FF addon so that ordinary users can get it easier.

Re:Not if you...

Adding to hosts file in Linux or to your router block list works too.

That and a few others speeds up a lot of page loads too.

Re:Not if you...

[gobland]

Cool! You should make this into a separate FF addon so that ordinary users can get it easier.

I've been using Facebookblocker (https://addons.mozilla.org/en-US/firefox/addon/212323/) for Firefox, which I think might achieve this goal.

Re:Not if you...

(y) I Like it.

Re:Not if you...

[asvravi]

Thanks. I saw this after my reply. It says "not reviewed" on the mozilla addons page, so I went through the code and made sure it is fine, before using it.
 

Re:Not if you...

[houghi]

Look at the code from slashdot. Here they use a.fsdn.com and if you block that, the site looks like shit.

Nice going. :-(

Can we establish one thing

[Lucas123]

Facebook is going to track your activity. If you post your personal photos and information on a social networking site, it will more than likely be used for reasons other than you intended. There, now let's all move on.

Re:Can we establish one thing

[Rob+the+Bold]

Facebook is going to track your activity. If you post your personal photos and information on a social networking site, it will more than likely be used for reasons other than you intended. There, now let's all move on.

Even the summary of TFA states that you don't need to be a facebook user to be tracked by their system.

Free Facebook Layouts

[cbrlouce]

I really need to get these nice facebook layouts. I found this website and it seems that if I get a few people to the site I can get the layouts. Please click on the link: http://www.myfreefacebooklayouts.com?id=82qf9ri7gj2l6paeo9agtxaz1wnfi2

Thanks

[Haedrian]

Thanks, I've been looking for a way of blocking facebook (except on its own website) for ages.

Fight for yourself

Then take back your privacy:

https://addons.mozilla.org/en-US/firefox/addon/4703/
https://addons.mozilla.org/en-US/firefox/addon/722/
https://www.eff.org/https-everywhere

Slip

[shoehornjob]

Roosendaal says that Facebook's tentacles

Anyone else read that as Facebooks testicles.

Help for Those That Need It

[eldavojohn]

Thanks for the story. Now I won't be able to sleep tonight.

There, there, fellow victim, I have a method to help you with this problem. Lay on your bed, look at your hand, now back to me, now back at your hand, now back to me. Sadly, your hand cannot stop the 'Like This' button, but if you stopped using Facebook and switched to Diaspora, you could avoid the blue terror like me. Look down, back up, where are you? You’re on a cloud with only about five hundred other users. What’s in your hand, back at me. I have it, it’s your mouse connected to your computer where you just need to enter your password one final time to leave Facebook. Look again, the mouse is now diamonds. Anything is possible when you're not promoting Facebook. I’m on a butterfly.

Re:Help for Those That Need It

> Lay on your bed, look at your hand

LIE on your back. LIE. This is not difficult to grasp. LAY and LIE are difference words with different meanings.

Re:Help for Those That Need It

[drcheap]

Lies! It's all a bunch of lies!

Re:Help for Those That Need It

different

Re:Help for Those That Need It

[Internalist]

Funniest thing I've read on Slashdot in a while...thanks!

Re:they aren't tracking me.

slashdot = stagnated

Agreed. What Slashdot needs is a pattern-based auto-foe/auto-ignore system.

noscript FTW!

NoScript and do not allow facebook.net when you are not on facebook site. Not really that hard to avoid...

hmmm

[jarkus4]

First, we dont really know they make any use of this data. They have the possibility, but they dont have to use it (its quite likely they do, but thats a different matter) Second, to avoid sending this data they would have to either limit some functionality or go out of their way and create some special domains to avoid passing the cookies between the systems. And this would be for no gain for them whatsoever - "not stealing" personal information is never a news topic. Also the only people who actually can be "offended" by this are some geeks that, lets be honest, are not an important market part to them, IMO the most realistic scenario for this is accidental data collection. They started partnering with whomever they could and putting their logo button there just to bring more traffic to their site (and their ads). PERHAPS then someone noticed that they can make also use of this extra data they get.

I can 100% guarantee...

[RapmasterT]

I can guranantee with 100% certainty that the "like button" is NOT tracking me. As I have never clicked, nor SEEN the "like button".

Seriously, I couldn't be safer from Facebook's privacy issues...don't even have an account.

Definition of irony:

[magsol]

Why is there a "Share this on Facebook" button at the end of TFA?

Re:Definition of irony:

[Matt]

And a "follow us on Facebook" icon. As well as 6 other similar icons.

Re:Definition of irony:

[Pootie+Tang]

Someone mentioned http://babelstudios.se/defacer/ (safari plugin to block facebook) in http://yro.slashdot.org/comments.pl?sid=1889866&cid=34391506

It has a "test it out" Like button on the page. I'm surprised it only has 36 likes. Wonder if FB periodically unlikes links they find unlikeable.

I never browse without these extensions

[beeblebrox]

I call them my four horsemen of the adpocalypse:

Adblock Plus
NoScript
RequestPolicy
RefControl

Other than my Facebook-specific Firefox profile, it's as if Facebook doesn't exist.

Nothing new

[Lazy+Jones]

That has been the subject of many blog posts and news items and it is why sites which care about your privacy do not use this button (they use "find us on facebook" buttons with simple HTML links instead of iframes hosted by facebook).

Re:they aren't tracking me.

You're the pathetic sack of shit cowering behind multiple logins, not me. What are you afraid of?

Sig nitpick

This sentence no verb.

Your sig's grammar is wrong. This sentences no verb. I guess it goes free.

Ad Banners

[alphastrike]

I don't know a great deal about online marketing and privacy policies, if someone could please enlighten me. I assume Facebook's research eventually lead to Ad banners that cater to the type of things that I have "liked". However, I never click on Ad Banners. If they sell this information to some company, that company is losing out(because I don't click on Ad Banners). So what am I losing here?

Re:Ad Banners

[John+Hasler]

> So what am I losing here?

ur PRIVACYS!!1!!11!!!

Blocking third party cookies solves this, no?

[fotbr]

Since TFA was rather short on details, I get the impression that blocking/disabling third party cookies solves this, since the cookie is from facebook and I'm looking at $SITEXYZ.

Re:Blocking third party cookies solves this, no?

[VortexCortex]

I get the impression that blocking/disabling third party cookies solves this, since the cookie is from facebook and I'm looking at $SITEXYZ.

Somewhat, however, fetching the Facebook scripts and/or images sends Facebook your IP & the page you are currently on via HTTP REFERER [sic]. This is not blocked by "blocking/disabling 3rd party cookies", if you're logged in to Facebook and you see a "like" button on another website Facebook knows you were there. If you're not logged in your IP + referring page goes to Facebook and previous login info along with basic link trail tracking or other analytics can probably identify you.

Every time you see the Facebook "like" button Just imagine in its place a knot-hole with a creepy Zuckerberg eye peering out (imaginary muffled fapping noise optional).

Facebook knows me...

[Wiarumas]

Facebook knows a lot about me: that I have no friends, no interests, and log in between the hours of 1 and 5AM from my mother's basement. I keep getting advertisements from Slashdot and World of Warcraft.

NoScript

Yet another reason to use Firefox+NoScript.

I keep facebook.com and fbcdn.net off my whitelist, so they are blocked by default. I check my facebook once or twice a week, and unblock them for that, but any time I visit a site that uses the "like this" button, they are blocked and the button isn't allowed to load.

I highly recommend NoScript to anyone that has reservations about Facebook's like this button.

Re:NoScript

[retech]

Couldn't agree more. It's a bit shocking to see how many sites use that damn script now. Between FB and google analytics I'd venture a guess at over 90% of commercial sites are doing this sort of 2nd party tracking. I block both and find the inconvenience of NoScript to be well worth the piece of mind. Hell, even banks use them now.

Tor and/or JonDoNym

[killmenow]

The best way to maintain privacy is to use services like Tor and JonDoNym. Oh, wait. You said "good solution" didn't you? Nevermind.

If that's the case...

[Lilith's+Heart-shape]

If Facebook is tracking everybody, and that matters enough to Slashdot's editors that they're posting an article, then why does every article on Slashdot have a "Share on Facebook" link? Doesn't that help Facebook track people?

You and 123 other facebook users like this!

Ha Ha

The irony!

The irony of this is that the page that contains this warning has options to share the article on facebook :)

Fine

[NiceGeek]

They'll find I have a boring existence, just like most people.

No kidding ?

[herve_masson]

Jeez, what a scoop. Isn't this feature all about tracking ?

hmmm

[ProfessorKaos64]

Its the bloody internet, get over it you paranoid twats...What is it hurting that they show you ads tailored to something you like. I sure as hell don't want to see "enlargement" pills ads, I'd rather see an ad from something I like on facebook. It's not like my whole day is ruined because of ads. Don't click on them, get a grip sheeeeesh....

Easy breezy...

[Push+Latency]

NoScript and AdBlock Plus do the trick for me. I just block script and images from facebook.com so I don't ever have to see them or worry about tracking. And, obviously, don't use the service in the first place.

Don't want to be tracked...

... support and use TOR.

http://www.torproject.org/

Simple problem, simple solution:

[kheldan]

Don't click those buttons!

Re:Simple problem, simple solution:

[VortexCortex]

Don't click those buttons!

It's not so simple as that. Just the fact that you can see the button is enough to let Facebook track you.

Missing Like button

[kimvette]

This article needs a "Like" button so I can click it!

Perhaps, if Facebook just changed their buttons...

[VortexCortex]

...to look a bit more like this, Facebook users would have a better idea of what to expect?

Earlier I wrote:

Every time you see the Facebook button Just imagine in its place a knot-hole with a creepy Zuckerberg eye peering out (imaginary muffled fapping noise optional).

Feel free to add it to your sites!

Add?

[antdude]

Is that a calculator blocker or something? :P

Firefox + NoScript

[Hutchizon]

Here's what I do, I use Firefox with NoScript installed for all browsing & I block all Javascript from Facebook (and their cdn domain). I use Safari or the iPhone app when I (rarely) use Facebook. (and no cookies since I don't login using this browser -- plus I blow away all cookies regularly). Trends to paranoid side, sure, but the tracking thing creeps me out. I don't care if its just for aggregation -- that's the intent, but there is far more power there.

Am I the only one who does this kind of thing?

Re:Firefox + NoScript

[John+Hasler]

> ...there is far more power there.

What? I'm not being sarcastic: I'd like to know what power you believe to be there.

Also block facebooks fbcdn.net/.com/...

Also add a blocking rule: fbcdn.*$domain=~facebook.com|~127.0.0.1

Might slow down AdBlock a bit though... shows the "snake" symbol.

Mod parent UP please!

[Burz]

Why on EARTH do people run their scripts, anyway?

Because the out-of-the-box default behavior for every popular browser is to download everything referenced, pass whatever cookie it happens to have whenever it does that, execute every such downloaded script, and so on.

Facebook isn't really the problem here. Our browsers are.

I couldn't have said it any better!

Vegas card flippers

[Fnord666]

If every time you walked past a shop on your local High Street someone stuffed an advertising flyer into your pocket without asking your permission, there would soon be a trail of leaflet distributors clutching black eyes and broken noses.

Obviously the author has never tried to walk down the Vegas strip during the evening.

yeah... like..

Facebook... Is Tracking You

disable third-party cookies

Why does it need to be harder?

Soviet

In Soviet Russia... oh, wait a minute...

Yeah...

...somebody is bitter about not having enough "friends."

allfacebook.com?

[vrmlguy]

I only use Facebook from my iPhone and incognito windows in Chrome (I created an application desktop shortcut and added the '--incognito' option to its command line.) I'm trusting that Facebook isn't peeking at my iPhone browser sessions. Over in Chrome, however, I just looked at my cookies and saw both cookies and "super-cookies' (HTML5 local data) that were set from allfacebook.com. I've now blocked that URL (facebook.com was already blocked), but I wonder about other, less obvious, URLs.

I hit the Share This button

[CeruleanDragon]

Apparently everyone on my Facebook are all fake friends, sad teens, and lonely divorcees with nothing better to do than describe the minutae of their tedious lives to virtual strangers. And me too! Oh man, the realization of this makes me sad. If only I were a teen or divorcee, then I'd be extra sad.

The visual of bits of data about me flying around the Internet with nowhere to go is pretty funny. Now everyone out there knows what my favorite pr0n and news sites are! Oh nos!

NoScript and Adblock Plus

[CeruleanDragon]

I turn everyone I know onto these Firefox addon utilities. I know 99% of you use them, I'm sure, but if you are really worried about this sort of behavior, just get Firefox, install the NoScript add-on, and make sure you never Allow facebook.com (or fbcdn.com). I'm fairly certain that will prevent the evil bad FB man from scanning your thoughts. It's like tinfoil for your browser!

This might reach the less tech savvy

This is no news for anyone in the tech community, but this might carry enough weight for the general media to pick it up, so that my wife, parents, neighbor, etc might finally be aware of it too!
A university researcher is still more credible (and above all accessible) for a 9 o'clock news segment than any tech article..