Heise's 'Two Clicks For More Privacy' vs. Facebook

← Back to Stories (view on slashdot.org)

Heise's 'Two Clicks For More Privacy' vs. Facebook

Posted by timothy on Friday September 2, 2011 @03:55PM from the like-grit-in-the-eye-of-sauron dept.

First time accepted submitter FlameWise writes "Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)." As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."

206 comments

Min score:

Reason:

Sort:

+1 by Anonymous Coward · 2011-09-02 15:59 · Score: 0

Can I [Like] this?
don't people already do this? by Anonymous Coward · 2011-09-02 16:04 · Score: 2, Insightful

"disable unintentional automatic tracking of all page visits by third-party social sites like Facebook"
I think anyone who cares the slightest bit about privacy already blocks facebook's address blocks, googles trackers, and so on.
Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control. I figure that my computer exists to make MY life easier, not to make money for facebook or google.
"Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.
1. Re:don't people already do this? by Samantha+Wright · 2011-09-02 16:13 · Score: 3, Informative
  
  This is a mindblowingly old and tired debate, but I think the typical reply to you goes something like "most people are mostly stupid and as a result we need to take care of them. Further," goes the repartee, "all of this this should be opt-in to begin with."
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
2. Re:don't people already do this? by Anthony+Mouse · 2011-09-02 16:19 · Score: 5, Insightful
  
  "Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.
  If I'm just reading the news, I use whatever computer is in front of me. Sometimes that's my PC, or my laptop, or my PC at work, or a school computer, etc. Having to change a setting on every different computer I use is a huge annoyance, to say nothing of the times when I don't have administrative access to make certain changes.
  Anything that makes protecting my privacy the default is a win.
3. Re:don't people already do this? by Ethanol-fueled · 2011-09-02 17:01 · Score: 0
  
  Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control.
  Bullshit, son. A computer is a lot like a woman - they'll both do whatever the hell they want until you train 'em and tell 'em what to do and how to behave. For example, when you first ask it to make you a sandwich, it'll hand you a pink-frosted pop-tart instead. That's when you have to hit the case a couple times to loosen the stuck fans and knock the dust loose. It will then make those sandwiches for you, but you have to train it to avoid breads with weird grains and cut your sandwich in triangles, not rectangles, using horseradish mustard instead of that cheap French's shit.
4. Re:don't people already do this? by smellotron · 2011-09-02 17:28 · Score: 1
  
  A computer is a lot like a woman - they'll both do whatever the hell they want until you train 'em and tell 'em what to do and how to behave.
  
  You may have better luck using root privileges.
5. Re:don't people already do this? by Anonymous Coward · 2011-09-02 18:19 · Score: 0
  
  Do you use a proxy every time you search? Google tracks searches by IP address too so they can make your searches 'better'.
6. Re:don't people already do this? by Anonymous Coward · 2011-09-02 20:27 · Score: 0
  
  No, its that those settings interfere with other peoples settings and is not realistic.
7. Re:don't people already do this? by KiloByte · 2011-09-02 20:36 · Score: 2
  
  You mean, it should be legal to rob you or murder you unless you register for a legal protection program?
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
8. Re:don't people already do this? by Tomato42 · 2011-09-02 20:40 · Score: 2
  
  Because installing AdBlockPlus on library computers is so realistic...
9. Re:don't people already do this? by martin-boundary · 2011-09-02 20:54 · Score: 1
  
  That's exactly right. The ONUS should be on the sites to get individual permission for their tracking, not on you to withold permission each time.
  The point being that tracking is already superfluous work that the companies go out of their way to do, so it's ok if the law says they aren't allowed to do it without even more work to get permission from every surfer.
10. Re:don't people already do this? by Sique · 2011-09-02 20:58 · Score: 1
  
  It's not called "legal protection program", it's called "applying for citizenship/residental status and paying taxes", but you get the general idea.
  
  --
  .sig: Sique *sigh*
11. Re:don't people already do this? by Anonymous Coward · 2011-09-02 21:08 · Score: 1
  
  In most civilized countries it already is legal to be murdered
12. Re:don't people already do this? by Samantha+Wright · 2011-09-02 21:15 · Score: 1
  
  By "all of this" I meant "all of this privacy-invading tracking stuff." Didn't you even read the headline?
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
13. Re:don't people already do this? by Teun · 2011-09-02 22:30 · Score: 0
  
  Your computer obeys you.
  I see you don't own a recent Apple iSomething...
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
14. Re:don't people already do this? by Caesar+Tjalbo · 2011-09-03 00:12 · Score: 2
  
  I can be bothered but I can use every help I can get. Installing NoScript is easy, determining which sources are legitimate for functionality and content and which I'd like to block isn't. Too many sites require third party resources or writable (flash) cookies to function and still I've no idea how to block browser fingerprinting through the installed fonts.
  I've recently gone through the list provided by Ghostery again, blocking all by default and then allowing what seemed to make sense to me, including Disqus. Somehow that didn't work, can't comment on sites with Disqus enabled and I don't know why. I think it's a shame that it's necessary that I have to worry about this, imho it should be enough that I'm simply careful with what I enter online.
  
  --
  "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
15. Re:don't people already do this? by John+Hasler · 2011-09-03 00:50 · Score: 1
  
  The ONUS should be on the sites to get individual permission for their tracking...
  They do get permission. Every cookie, bit of JS, etc was sent to your computer as a result of a GET request from your browser. Every bit of information they receive is sent to them by your browser. Your browser is silently volunteering to let you be tracked. Why don't you fix it or replace it?
  
  ...it's ok if the law says they aren't allowed to do it without even more work to get permission from every surfer.to get permission from every surfer.
  Most "surfers" don't want the hassle and are happy to be tracked. That's why the browsers default to silently cooperating with tracking. Why do you want to use the law to force your choice on them?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
16. Re:don't people already do this? by Ihmhi · 2011-09-03 01:23 · Score: 1
  
  They have those, they're called Concealed Carry Licenses.
  Well, not everywhere sadly. New Jersey sucks.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
17. Re:don't people already do this? by KGIII · 2011-09-03 01:24 · Score: 2
  
  Most "surfers" don't want the hassle and are happy to be tracked.
  [citation needed]
  
  --
  "So long and thanks for all the fish."
18. Re:don't people already do this? by Anonymous Coward · 2011-09-03 01:54 · Score: 0
  
  Not everyone posts to disagree, some may want to extend what you said.
19. Re:don't people already do this? by Anonymous Coward · 2011-09-03 02:04 · Score: 0
  
  But the library computer doesn't know who you are, so YOU aren't tracked by using it. There is no tie-in to your identity.
20. Re:don't people already do this? by Zorpheus · 2011-09-03 02:06 · Score: 1
  
  Either I accept a site as it is, or I will not visit it regularly. If a site tries to do things that I do not accept, I will not trust it, and I would not visit it regularly. Who knows what they will next come up with?
21. Re:don't people already do this? by Anonymous Coward · 2011-09-03 02:08 · Score: 0
  
  I just don't use google. I use a search engine that doesn't track.
  Anyone who doesn't do this is in effect saying they do not mind being tracked.
22. Re:don't people already do this? by Opportunist · 2011-09-03 02:10 · Score: 1
  
  Yes. Why not? We do it all the time. I can't be bothered to fix my own car, I hire a mechanic for it. I can't be bothered to clean up my mess, I hire a cleaning lady to do that for me. I can't be bothered to pick up my new TV and haul it home, I get a delivery service to do that.
  Why shouldn't it be possible to hire a privacy protection service? Considering that it's mostly a "one size fits all" problem and delivery is cheap, with the volume it should be possible to offer that service at a nominal fee and still make quite a bit of money.
  I know the reply already: But you put your privacy in the hands of someone else. Yes. I also put my safety while driving in the hands of someone else. Or the integrity of my household. Also, it's far more likely that someone who spends his entire day finding and fixing privacy holes to be more efficient and through with it than me who can only spend a fraction of his spare time to play whack-a-mole with the various ways some shady business wants to sniff around my online habits.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
23. Re:don't people already do this? by Opportunist · 2011-09-03 02:12 · Score: 1
  
  No, because "my computer obeys me" is not a statement, it's a core feature requirement.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
24. Re:don't people already do this? by asdf7890 · 2011-09-03 02:50 · Score: 1
  
  "Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.
  Not that easily, at least not for basic users. I can control everything on my main PC and netbook and know what needs to be controlled to sort out privacy issues I care about, but most people don't have that level of knowledge and there are many circumstances where the level of control is not present. You can't install privacy protecting add-ins or alter relevant settings on public access computers for instance, and it would be rude to play with the settings on other people's computers for your own benefit (unless you ask them, fully explain, get permission, and accept responsibility for providing tech support if something breaks because of the add-in like a site somehow detecting adblock and refusing to work while it is operating).
  
  If someone like facebook is determined to track you then the common tips (install addins X and Y, tweak setting Z, don't have flash installed, use safe browsing mode...) won't stop them as there are some quite clever ways to maintain state even if the user has followed all the usual tips. The only sure fire way to stop facebook tracking what you do outside of facebook (running it in a separate browser running as a different user or in a VM, or if you don't have flash installed so its cookies can be shared between sessions in different browsers just a separate browser) is too much faf for most people who just want to log on and browse.
25. Re:don't people already do this? by Anonymous Coward · 2011-09-03 04:32 · Score: 0
  
  Yeah, just turn on 'block third party cookies' in your browser... Oh wait, chrome still loads third party facebook, twitter, google, etc cookies with that option enabled!? You mean a browser made by doubleclick.com's parent company is tracking me even though I told it not to? WTF?
26. Re:don't people already do this? by redcaboodle · 2011-09-03 04:46 · Score: 1
  
  So - where you live tourists are fair game ofr killing and robbing?
  Safety of life, limb and property is a human right in civilized countries, not a citizen's right.
  
  --
  -- Put crudely, the world is an extremely large problem instance. (Russel/Norvig Artificial Intelligence)
27. Re:don't people already do this? by The+Archon+V2.0 · 2011-09-03 05:19 · Score: 1
  
  So - where you live tourists are fair game ofr killing and robbing?
  Yeah.... Duck season, rabbit season, tourist season....
28. Re:don't people already do this? by HiThere · 2011-09-03 05:48 · Score: 1
  
  I can think of decent arguments in favor of that, as long as you weren't bound to any of their rules unless you interacted with those who were signatory. Could end up with governments based around the idea of insurance companies, with some people opting for a more tightly controlled one and others opting for a looser one. And a few just not signing up.
  Implementation, of course, would probably be a nightmare. But in theory it sounds nice.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
29. Re:don't people already do this? by Isaac+Remuant · 2011-09-03 06:33 · Score: 1
  
  Yes, tourists are just anarchists who can whatever they want and have anything done to them. That's how it works. /sigh
  
  --
  "Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
30. Re:don't people already do this? by Anonymous Coward · 2011-09-03 06:39 · Score: 0
  
  did you even read the post above before you replied with a completely wrong interpretation of what he said?
31. Re:don't people already do this? by Anonymous Coward · 2011-09-03 07:25 · Score: 0
  
  Oh, I see. So you think it should be legal to murder and eat the dead flesh of illegal immigrants?
32. Re:don't people already do this? by Anonymous Coward · 2011-09-03 07:40 · Score: 0
  
  Please tell me how to do it. I avoid facebook as much as possible. But most websites these days require me to login through one of the tracking sites like facebook/twitter/google. Please tell me how I can vote without logging in.
33. Re:don't people already do this? by martin-boundary · 2011-09-03 11:52 · Score: 1
  
  They do get permission. Every cookie, bit of JS, etc was sent to your computer as a result of a GET request from your browser.
  
  GET is not asking for permission. A GET is an action performed by the browser software, not by the person doing the browsing. What the person is doing is clicking on an unrelated link, so implicit permission applies to the expected content of the click. In particular, hidden content (like web bugs) that merely hitches a ride on the content is not covered by the permission.
  
  Most "surfers" don't want the hassle and are happy to be tracked. That's why the browsers default to silently cooperating with tracking. Why do you want to use the law to force your choice on them?
  
  Of course, that's my point. "Surfers" don't want the hassle, so why should the browser silently cooperate? It's simpler and more transparent if 1) surfers are not being asked, 2) the browser does not cooperate, and 3) companies who insist on tracking have to jump through lots of extra hoops.
  Result: Less tracking and spying as the burden of doing so without legal complications becomes too heavy for what it's worth.
34. Re:don't people already do this? by Anonymous Coward · 2011-09-03 12:24 · Score: 0
  
  Yeah, but if you're using whatever computer is in front of you, presumably other people use those computers as well, and therefore the tracking is mostly useless in the sense of "stealing privacy".
35. Re:don't people already do this? by Anonymous Coward · 2011-09-03 13:36 · Score: 0
  
  To be fair, most people do not have to apply for citizenship. It just happens.. because they are born there.
36. Re:don't people already do this? by Anonymous Coward · 2011-09-03 20:45 · Score: 0
  
  Of course, that's my point. "Surfers" don't want the hassle, so why should the browser silently cooperate? It's simpler and more transparent if 1) surfers are not being asked, 2) the browser does not cooperate, and 3) companies who insist on tracking have to jump through lots of extra hoops.
  The browser should display content AS IT CAME FROM THE WEBSERVER. Modifying any bits before processing it and rendering it without users explicit instruction is a malicious act. You're fucking retarded.
37. Re:don't people already do this? by nosferatu1001 · 2011-09-03 22:14 · Score: 1
  
  That is implicit consent, and is insufficient in the EU
38. Re:don't people already do this? by allo · 2011-09-04 01:08 · Score: 1
  
  okay, you did it for facebook.
  did you do it for all the other trackers too? This is much time consuming ...
  or you go the other approach, block everything not on a whitelist like RequestPolicy does. Now you destroyed your user experience, you need to allow 1-6 data sources per modern page before you get to the full content including images and the javascript menu.
  both are no good approaches. Maybe adblock with a anti-tracking list is good, but you depend on the person updating the list (not to block something you want AND to block everything you do not want)
39. Re:don't people already do this? by Anonymous Coward · 2011-09-04 10:34 · Score: 0
  
  Privacy is dead, get over it?
40. Re:don't people already do this? by Chatterton · 2011-09-05 01:06 · Score: 1
  
  Until you log into your Google, Facebook, or any other website. Then your whole session is linked against your profile.
41. Re:don't people already do this? by Beacon11 · 2011-09-06 04:28 · Score: 1
  
  They have those, they're called Concealed Carry Licenses.
  Well, not everywhere sadly. New Jersey sucks.
  I believe Illinois is the only state with no concealed weapon permits. I'm not disagreeing that New Jersey sucks, but for different reasons. Is it just difficult to obtain?
42. Re:don't people already do this? by Anonymous Coward · 2011-09-06 04:33 · Score: 0
  
  It being an opinion is just your opinion. I think KGIII disagrees.
43. Re:don't people already do this? by Beacon11 · 2011-09-06 04:37 · Score: 1
  
  Yeah that's what popped into my head when I read it, too.
44. Re:don't people already do this? by Beacon11 · 2011-09-06 04:39 · Score: 1
  
  Care to elaborate on said search engine? Let me guess... it starts with a B...
45. Re:don't people already do this? by Beacon11 · 2011-09-06 04:43 · Score: 1
  
  And if anything can be learned from Spamhaus, whoever updates the list will likely be sued. Even though they only ended up paying three dollars ( http://yro.slashdot.org/story/11/09/03/1413213/Court-Renders-3-Judgment-Against-Spamhaus ), that must have cost a fortune. Feel like volunteering?
46. Re:don't people already do this? by Anonymous Coward · 2011-09-06 07:58 · Score: 0
  
  It is my understanding that the only concealed weapon permits ever issued in NJ were to ex-law enforcement officers.
47. Re:don't people already do this? by Ihmhi · 2011-09-08 14:08 · Score: 1
  
  That, or, as I recall, you have to be transporting goods in excess of $200,000 - i.e., a bank van driver or a courier dealing in something such as uncut diamonds.
  Yes, it's that hard in New Jersey.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
I don't get it... by FormOfActionBanana · 2011-09-02 16:04 · Score: 2

They embed a Facebook "like" button on their website... And then they decide it's creepy so they grey it out???
When I think something is creepy I just remove it....

--
Take off every 'sig' !!
1. Re:I don't get it... by YodasEvilTwin · 2011-09-02 16:10 · Score: 5, Informative
  
  No, dude. They have a little grey icon hosted locally, and when it's clicked they do an AJAX call and insert the Facebook "Like" button dynamically. That prevents Facebook from using the page that gets loaded in the iframe with the Like button from tracking the user until they've clicked the button. Otherwise everyone who visited the site would automatically be tracked when the Like button was automatically loaded.
2. Re:I don't get it... by ge7 · 2011-09-02 16:17 · Score: 1
  
  Why would they need to do AJAX call? Normal Javascript works just fine and saves requests and server resources.
3. Re:I don't get it... by linuxgeek64 · 2011-09-02 16:21 · Score: 1
  
  There's no Ajax involved in Heise's thing.
  The Facebook like button is not directly put into the webpage, because that could cause issues with the cross-origin policy in browsers (a browser lets only pages on facebook.com to make Ajax requests to facebook.com).
  
  Instead, the like button is in an iframe, which is a different webpage stored in a frame in another webpage. Those don't require any sort of Ajax at all. Instead, clicking the gray icon uses JavaScript (which is definitely NOT Ajax) to replace their grayed-out like button with an iframe containing the actual one.
  
  FTR, in case you didn't guess already, the iframe points to a webpage on facebook.com that contains the webpage for the like button.
4. Re:I don't get it... by Anonymous Coward · 2011-09-02 16:42 · Score: 2, Informative
  
  The act of loading the like button is what allows Facebook to track users. This site defeats this by deferring the loading of the button until after a user asks for it. The AJAX call is to Facebook to load the button (and track the user).
5. Re:I don't get it... by Anonymous Coward · 2011-09-02 16:46 · Score: 0
  
  Meh, I think it's actually loading an iframe as opposed to an XHR style request, but perhaps that's just a nit-pick.
6. Re:I don't get it... by ge7 · 2011-09-02 16:46 · Score: 1
  
  There's no AJAX involved. It's pure JavaScript.
7. Re:I don't get it... by _merlin · 2011-09-02 16:54 · Score: 0
  
  Instead, the like button is in an iframe, which is a different webpage stored in a frame in another webpage. Those don't require any sort of Ajax at all. Instead, clicking the gray icon uses JavaScript (which is definitely NOT Ajax) to replace their grayed-out like button with an iframe containing the actual one.
  Yo, sup dawg. I herd you like web pages, so I put a web page in your web page, so you can click while you click.
8. Re:I don't get it... by Fjandr · 2011-09-02 17:27 · Score: 1
  
  JavaScript (which is definitely NOT Ajax)
  Nope, you have to add HTML and CSS to arrive at AJAX. ;)
9. Re:I don't get it... by is+as+us+Infinite · 2011-09-02 17:43 · Score: 1
  
  You are wrong:
  AJAX: Asynchronous JavaScript And XML
  Asynchronous because the js call happens after the page has already beeen loaded and XML (ie XHTML) is what is returned from the call. Or rather, returned and inserted, if you want to be pedantic (which you obviously do.)
  
  --
  Quidquid latine dictum sit, altum sonatur. . . . . . . .
10. Re:I don't get it... by Arancaytar · 2011-09-02 18:05 · Score: 3, Informative
  
  The greyed-out dummy button (that's what the markup calls it in the HTML class description) has the function of showing users that the option still exists, but requires them to enable it. It also is loaded from the Heise site itself, thereby requiring users to explicitly opt in before their browser sends any request to Facebook.
  Consequently, instead of automatically sending data about all visitors (including those who don't even have Facebook accounts and have no use for the Like button) to Facebook, only those visitors who want to give information to Facebook anyway (by clicking the Like button) will be tracked.
11. Re:I don't get it... by Serious+Callers+Only · 2011-09-02 21:11 · Score: 1
  
  Nope, you have to add HTML and CSS to arrive at AJAX. ;)
  I wonder why so many people who have no idea what they are talking about seem to think AJAX is required for this?
  AJAX has nothing to do with CSS. AJAX is the use of javascript to make remote calls to a server and use the data returned (usually json, xml or html fragments) to populate the parts of the page without reloading the entire page. It does not require HTML and CSS, though it usually goes with an HTML page.
  Hiding a facebook like button until clicked does not require AJAX.
12. Re:I don't get it... by Fjandr · 2011-09-02 21:34 · Score: 1
  
  It was a joke.
13. Re:I don't get it... by Sique · 2011-09-02 22:17 · Score: 1
  
  JavaScript (which is definitely NOT Ajax)
  
  I wonder why AJAX is an abbreviation for Asynchronous JavaScript and XML then.
  
  --
  .sig: Sique *sigh*
14. Re:I don't get it... by zach_the_lizard · 2011-09-02 23:43 · Score: 1
  
  You are wrong:
  AJAX: Asynchronous JavaScript And XML
  Asynchronous because the js call happens after the page has already beeen loaded and XML (ie XHTML) is what is returned from the call. Or rather, returned and inserted, if you want to be pedantic (which you obviously do.)
  Loading it after the page does does not make it asynchronous. Clicking on their brand new like button could trigger a fully synchronous web request, blocking the UI until it returns. That's likely not what they did (no one wants a blocked UI), but there's no law of nature saying that loading something later has to be asynchronous.
  
  --
  SSC
15. Re:I don't get it... by zach_the_lizard · 2011-09-02 23:48 · Score: 1
  
  JavaScript is a part of the AJAX pattern. It isn't AJAX. In either case, the JavaScript here doesn't have to make any web request; it just switches out an iframe, and can be fully synchronous.
  
  --
  SSC
16. Re:I don't get it... by gl4ss · 2011-09-03 02:43 · Score: 1
  
  if you could do it as a browser extension and it doesn't need the server side for anything after the initial page load, it's not AJAX.
  
  --
  world was created 5 seconds before this post as it is.
17. Re:I don't get it... by Anonymous Coward · 2011-09-03 18:00 · Score: 0
  
  Do you even speak English?
  By your logic, apache = perl because thy both appear in LAMP.
18. Re:I don't get it... by Anonymous Coward · 2011-09-04 19:40 · Score: 0
  
  but it does need the server side. The whole point of the exercise is not to load anything from facebook's servers until the user explicitly requests it.
  No amount of iframing (soon to be TM by apple) is going to change this fact: Heise is using Javascript DOM manipulation to replace their static, harmless Like-button with a dynamically-loaded button from Facebook's servers.
19. Re:I don't get it... by Anonymous Coward · 2011-09-06 05:47 · Score: 0
  
  It's brilliant. Not only does this prevent facebook and the likes from collecting information when they shouldn't, it also make web pages load faster because we no longer have to do 50 different DNS lookup just for a news page.
  Sites using this technique will load faster and be less dependant on external servers.
20. Re:I don't get it... by Anonymous Coward · 2011-09-06 06:30 · Score: 0
  
  By your logic, apache = PHP because they both appear in LAMP.
  FTFY.
Would this not make social targeting work better? by Anonymous Coward · 2011-09-02 16:07 · Score: 0

Instead of all of the false positives and stray clicks, social media sites should get better data, no?. Smaller data set? sure. Better targeting definitely. They will lose out on impressions but id rather have better quality than throwing things at a wall and seing what sticks.
Shouldn't Facebook be worrying more about... by gtch · 2011-09-02 16:07 · Score: 1

"Blacklist" — if that's how Facebook reacts when a website declines to hand over unnecessary data to them, how does Facebook react to the sites which deliberately manipulate the data sent back to Facebook? Or maybe Facebook doesn't realise the extent to which that is happening already?
1. Re:Shouldn't Facebook be worrying more about... by Johann+Lau · 2011-09-02 16:52 · Score: 1
  
  and for what purpose? what would I gain by reporting inflated numbers to webite? not that I would ever even come close to a like button, much less employing it, but still, I wonder? I don't doubt the data can be manipulated, but for what ends?
2. Re:Shouldn't Facebook be worrying more about... by Anonymous Coward · 2011-09-02 18:34 · Score: 0
  
  You could probably mess up all sorts of demographic and marketing data if you start seriously futzing around. Stuff like "X percent of the people who like A also like B" could become useless in terms of what the value of X and even A and B are. That would reduce the value of that information as it became more and more useless for targeting advertisements and making product/service recommendations.
3. Re:Shouldn't Facebook be worrying more about... by Opportunist · 2011-09-03 02:25 · Score: 1
  
  Free ad time by proxy, perhaps?
  Don't tell me your country doesn't have one of those "best 10 YouTube Videos" shows on TV yet. If so, please tell me where I have to move to regain some of my sanity. How long do you think 'til we get the same with the "hottest 10 Web Trends according to Facebook-Likes"?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:Shouldn't Facebook be worrying more about... by Anonymous Coward · 2011-09-04 20:29 · Score: 0
  
  Why should facebook worry about the validity of the data it's been given? According to marketing theory, the value of the data is in the number of statisticians you can employ and the number of reports (facets) you can produce. Facebook will be more than happy to take your inflated, made-up numbers because its resale value is higher than the uninflated truth.
Nice to see this. by ArchKaine · 2011-09-02 16:08 · Score: 2, Insightful

I have to say that I'm impressed with Heise doing this. This puts the choice of being tracked into the user's hands.

--
Ignorance is blissful, to the ignorant.
1. Re:Nice to see this. by Anthony+Mouse · 2011-09-02 16:23 · Score: 4, Insightful
  
  I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.
2. Re:Nice to see this. by ArchKaine · 2011-09-02 16:29 · Score: 1
  
  I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.
  
  So, it goes from 'install software to force an opt-out' to opt-in. Fine with me. More sites should do this in order to allow their users a choice.
  
  --
  Ignorance is blissful, to the ignorant.
3. Re:Nice to see this. by Commontwist · 2011-09-02 16:34 · Score: 2
  
  Yea. I didn't know that and I am most certainly displeased by that little trick. It's like 'put this like button on your webpage so Facebook can track everyone who looks at your webpage for free even if they don't use the button'.
  That kind of accurate info like how many people are visiting certain websites and which pages could be sold to competing websites by Facebook. I'm not surprised the site did that if they realized the implications of the buttton.
4. Re:Nice to see this. by vlueboy · 2011-09-02 17:39 · Score: 1
  
  The name sounded familiar and some digging shows that these are the same guys that did an IPv6 trial in the past year. So they've already one-upped slashdot with something.
  Maybe I'll start learning German to be packed up for the not-so-far day when slashdot implements their Like button: thousands of us per day already acquiesced with Geeknet adding 3 different links to "follow us on $SOCIAL_NETWORK" on the front page. The next logical step to ???? PROFIT! is just to wait for a juicy FB/FBI deal to track non-conformists and further de-anonymize geeks and their slashdot effect when linking to Wikileaks stories, for instance.
5. Re:Nice to see this. by vlueboy · 2011-09-02 17:49 · Score: 2
  
  It's only because Germany very recently started pushing an anti-facebook stance. I doubt they would have implemented this so easily without a government breathing down their necks --they're the largest German web news provider IIRC.
  Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments a-la CNN, New York Times or Yahoo (too lazy to translate and confirm whether they have a official off-site forum that is obligatory of sites looking for discussion clicks.) So they didn't REALLY need the revenue or hits calculated by keeping the button active. This also shows their users are MORE tech savvy while at once being LESS prone to panic/complain on ideological changes.
6. Re:Nice to see this. by Anonymous Coward · 2011-09-02 18:05 · Score: 0
  
  It certainly works the other way round. Our government doesn't do anything without a hard push at the moment. Heise is a tech site and were already privacy advocates so it just had to happen when enough people nagged about it.
  You can comment on their stories and there is a(n) (in)famous friday flaming:
  http://www.heise.de/ct/foren/
  I guess the still get most of their revenue by selling the print editions, but the site is also ad-driven unless you got adblock installed.
7. Re:Nice to see this. by Arancaytar · 2011-09-02 18:11 · Score: 1
  
  they're the largest German web news provider IIRC.
  Note that they're also the foremost German tech news publisher. Their articles are aimed at precisely the section of readers that are more likely to care about their online privacy and to recognize when something violates it.
8. Re:Nice to see this. by Anonymous Coward · 2011-09-02 18:39 · Score: 0
  
  and if it becomes common knowledge that that is how the like button works, more people will ADBLOCK it.
  FTFY. You're already tracked, whether you use it or not, and -- worse -- whether you're even have a Facebook account or not.
9. Re:Nice to see this. by silanea · 2011-09-02 20:30 · Score: 1
  Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments [...]
  It would have been sufficient to RTFA to see that you are wrong. Underneath the text even the Google translation shows quite prominently "Read comments (162 posts)". Let us visit the largest German news websites that I can name off the top of my head and click on an exemplary story to see who has per-story comments:
  
  Süddeutsche Zeitung: check
  Frankfurter Allgemeine Zeitung: check
  Die Welt: check
  Der Spiegel: check
  Focus: check
  Stern: no
  TAZ: check
  Tagesschau online: check
  7 out of 8 have per-story comments. This business model has very much arrived here.
  --
  Rudolf Hess edited Mein Kampf. He was the very first grammar nazi.
10. Re:Nice to see this. by V+for+Vendetta · 2011-09-02 20:52 · Score: 2
  
  Heise is famous (or "infamous" to certain parties) for "Doing the right thing(tm)!". They've done so in the past and I truely hope they continue to do so in the future.
11. Re:Nice to see this. by Anonymous Coward · 2011-09-02 22:11 · Score: 0
  
  They're not without fault though. Heise Publishing is a signatory of the "Hamburger Erklärung" and in favor of the copyright extension called "Leistungsschutzrecht", which is squarely aimed at Google but would also lay waste to blogs.
12. Re:Nice to see this. by geekmux · 2011-09-02 22:31 · Score: 1
  
  I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.
  Facebook should be irritated, but certainly not shocked about peoples (or content providers) reactions to discovering what they've been doing with tracking.
  Of course, we should also not be shocked when a month from now, not a damn thing has changed with regards to people being concerned about their privacy and tracking online.
13. Re:Nice to see this. by xaxa · 2011-09-02 22:56 · Score: 2
  
  It's only because Germany very recently started pushing an anti-facebook stance.
  No, the whole EU has, pretty much since the start, had a pro-privacy stance. More recently, attention has turned to website privacy matters -- e.g. cookies.
  I work for the British government, and a few months ago had to confirm exactly what cookies were used on our websites. In my case, only session cookies to track "shopping basket" type things, which are fine, but the main website uses Google Analytics. It's likely that at some point in the next 12 months we'll have to remove Google Analytics. (Or, perhaps more likely, Google will change GA in the UK(/EU) to conform to the new regulations and keep their 'customers'). That seems reasonable to me -- someone looking at our website shouldn't have to have their details shared with Google.
  Our website has "share" buttons, but they don't track the user. They just send them to Facebook with the URL of our page in the query string: http://www.facebook.com/sharer.php?u=http://www.example.org/
  Germany is just slightly ahead of the UK here.
14. Re:Nice to see this. by yacc143 · 2011-09-03 00:38 · Score: 1
  
  Well, technically what many US companies have been doing has been strictly illegal in the EU. Germany traditionally has a tendency to be strict on privacy protection, but technically the law is just a local reenactment of the EU data protection directive. Worse, for US lobbies and politicians, the "Datenschutzbeauftragte" is position that is hard to pressure. Basically if you do a business with person X, you are by law required to do it with the minimal data collection possible. Or you let the user opt-in in more complicated Furthermore users have right to retrieve data associated with them, demand deletion (withdraw the permission to collect/use data on them == deletion), and correct obviously wrong facts.
  Now the EU does not arrest visiting company officials (at least not as often as the US do), and the fines are pocket change for Google, Facebook, and company. OTOH, the German authorities have taken the stance that sites that include code from Facebook are sending data to Facebook without consent from the user. And for many small/midsize companies or private persons in Germany a 5-6 figures fine is enough to think twice about Facebook. So while the German authorities cannot fine the EU subsidiaries of Google/Facebook directly, and the Irish authorities are way less strict on this (before anyone complains about this, the same thing happens in the US, where different states kind of can take a different stance on things). But they can issue almost automatically fines to Facebook partners. (Technically it's simple, run Firefox with Firebug, and check what your browser talks with Facebook.com, guess this could be even easily automated. Ghostery e.g. does this for a couple of 100 information collecting sites.)
  Btw, the no comments comment above is bullshit, all local sites I frequent for news do have such. Although, some news site prefer to turn it off for specific articles where "Click here only wearing Asbestos, Flame War is assured" seems to be a given.
  Operating a comment section/forum is not a problem from the point of view of privacy laws: your registered users had to acknoweledge your ToS that probably should contain an explanation of your data storage policies. And unregistered users usually get a paragraph of legalese before pressing the post button. (Technically the question is an IPv4 address a person identifying piece of data. German authorities tend to think so, but it's not completely yet clear. Anyway as a system designer you better assume it is so, because IPv6 addresses are person identifying [actually device identifying, but that's often enough person identifying for legal purposes].)
  What is illegal is collecting data about users without informing them and letting them opt-in.
  Again, this is not about power users, because they don't need necessarily the protection of the law. (Slashdot btw forwards data to AddThis, DoubleClick and Google Analytics. Well not in my case, these get suppressed by my browser addons). It's about what the average dork can expect. And sadly for most of these people Adblock+ looks like magic. Yeah, there are still many many persons out there that say Internet and mean the IE icon, not even understanding the concept "browser". And the law, and German courts especially usually say that expectation of privacy is the default. Actually the constitutional court of Germany has ruled that the expectation of privacy is a basic human right, protected by the constitution. They have also a tendency to shred police laws that would allow an indiscriminate data collection to sift through for interesting tidbits.
  heise.de btw is probably the biggest web news provider in the fields of IT/tech stuff, but they are not a general news provider. Might not look like so in the first moment, but they report of general news usually only the IT/technology related parts.
15. Re:Nice to see this. by Opportunist · 2011-09-03 02:31 · Score: 1
  
  Germany, and large parts of the EU. If you read the "Datenschutzgesetz" (data protection law) of Germany, and if you consider just what lengths you have to go to to protect the privacy of your users, you wonder whether you should store ANY kind of information AT ALL.
  I.e. how it should be.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
16. Re:Nice to see this. by Anonymous Coward · 2011-09-03 03:59 · Score: 0
  
  EFF did something like this for YouTube a while back. https://www.eff.org/code/mytube
17. Re:Nice to see this. by nosferatu1001 · 2011-09-04 03:48 · Score: 1
  
  It is also a requirement of new directives that force EXPLICIT consent from users.
Re:Would this not make social targeting work bette by YodasEvilTwin · 2011-09-02 16:13 · Score: 1

Um, what? They're purely losing data. Instead of having both (1) the list of users / IPs / whatever who view a page and (2) the list of users who "Like" that page, they now only get (2) and their IP info, rather than everyone's. There is no advantage.
Something else /. won't bother with by Burz · 2011-09-02 16:14 · Score: 1

Privacy is just something to gossip about.
1. Re:Something else /. won't bother with by Anonymous Coward · 2011-09-02 16:30 · Score: 0
  
  No. YOU have given up. YOU failed at life.
  Stop the crab mentality. Don't act like the whole world followed you into your cattle existence.
  If you like to be dominated, well, that's your problem.
  But don't be surprised if it turns out my dick breaks your hip when I happen to be the one who's dominating you. ^^
  And certainly don't come crying to me.
2. Re:Something else /. won't bother with by Johann+Lau · 2011-09-02 16:31 · Score: 1
  
  good point... is there something like a "fuck facebook" plugin? you know, block all resources hosted on facebook domains, unless you're actually browsing facebook... if something like that doesn't exist, it kinda should, and surely google and others could use being included in that, too....
3. Re:Something else /. won't bother with by creigs · 2011-09-02 19:34 · Score: 1
  
  There is also the RequestPolicy plug-in for FF. It can block all requests from web domain A to domain B, whether Iframe, image, or redirection. You get to choose which web site can link to which, or allow/disallow a web site to be linked from anywhere, or to anywhere. However, it is constantly blocking new web sites until you give permission, which is somewhat a nuisance, because many websites load their content from multiple domains. But the alternative is to allow yourself to be tracked all the time, so I think it's worth it, at least for me.
4. Re:Something else /. won't bother with by wgoodman · 2011-09-02 20:48 · Score: 2
  
  Actually, the disconnect plugin is there to specifically remove tracking from FB and other sites by default. you can enable it on specific sites if desired, but the default is block all their bs tracking. This blocks things that adblock does not (though adblock is a must either way)
5. Re:Something else /. won't bother with by Johann+Lau · 2011-09-02 21:16 · Score: 1
  
  oh, I don't mind having to whitelist personally, I do that with cookies too and wouldn't want it any other way. thanks for the suggestion!
6. Re:Something else /. won't bother with by Johann+Lau · 2011-09-02 21:21 · Score: 1
  
  thanks!
Facebook can suck on... by gstrickler · 2011-09-02 16:20 · Score: 0

My big ten inch
Record of a band that plays the blues.
I think it's a great idea, keep up the good work heise.de

--
make imaginary.friends COUNT=100 VISIBLE=false
So when will Slashdot follow heise's example? by Anonymous Coward · 2011-09-02 16:44 · Score: 0

Or is it already? It doesn't look like it
1. Re:So when will Slashdot follow heise's example? by FormOfActionBanana · 2011-09-02 18:53 · Score: 1
  
  Does Slashdot have a "like" button?? I thought that came with the ponies...
  
  --
  Take off every 'sig' !!
2. Re:So when will Slashdot follow heise's example? by cvtan · 2011-09-03 01:30 · Score: 1
  
  Ponies? Who has a pony? In fact, I hate anyone that ever had a pony when they were growing up.
  
  --
  Sorry, but gray text on gray background is making my eyes bleed.
3. Re:So when will Slashdot follow heise's example? by FormOfActionBanana · 2011-09-03 01:46 · Score: 1
  
  Where you in April? We all got ponies here on Slashdot.
  
  --
  Take off every 'sig' !!
Social media AdBlock list by xororand · 2011-09-02 16:50 · Score: 1

This filter list for the Firefox addon "AdBlock Plus" is exactly what you're asking for. It blocks social networking elements everywhere except on the sites themselves.
http://www.camp-firefox.de/forum/viewtopic.php?f=4&t=82797
1. Re:Social media AdBlock list by Johann+Lau · 2011-09-02 16:56 · Score: 1
  
  thanks! :)
  that still leaves chrome, opera and safari :D (yeah I know I'm greedy, but it's for a good cause ^^)
2. Re:Social media AdBlock list by brim4brim · 2011-09-02 17:13 · Score: 4, Informative
  
  Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome): http://www.ghostery.com/download
3. Re:Social media AdBlock list by Anonymous Coward · 2011-09-02 17:15 · Score: 0
  
  ghostery does it as well, available for both FF and chrome to my knowledge
4. Re:Social media AdBlock list by Johann+Lau · 2011-09-02 17:23 · Score: 1
  
  wow, that's perfect :D
5. Re:Social media AdBlock list by Jah-Wren+Ryel · 2011-09-02 18:39 · Score: 1
  
  Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome)
  Not really for Chrome. It works sporadically. As in you can load a page and a random subset of trackers will be blocked, hit reload on the same page and a different random subset of trackers gets blocked.
  The Ghostery developers blame Google for having a crappy API. They may be right, I don't know. Whatever the reason though it means I only use Chrome for exactly one website, "they" can track me all they want on that one website.
  
  --
  When information is power, privacy is freedom.
6. Re:Social media AdBlock list by KiloByte · 2011-09-02 19:35 · Score: 1
  
  Since you can't exactly accuse Google of being technically inept, it's obvious the inability to block tracking, lack of sane cookie handling, etc, in Chrome is done on purpose. It's not a hard thing to implement, too -- heck, even Netscape (2.0?) did cookies better, by giving you choice to allow/allow for session/reject them, and to save your choice per-domain. As far as I know, in Chrome there's currently no way to have cookies limited to a session by default but allow permanent ones on a whitelist basis.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
7. Re:Social media AdBlock list by Arancaytar · 2011-09-02 20:42 · Score: 1
  
  AdBlock Plus exists for Chrome.
8. Re:Social media AdBlock list by Jah-Wren+Ryel · 2011-09-02 21:40 · Score: 1
  
  Check again.
  "Allow local data to be set for the current session only"
  and then hit the "Manage Exceptions" button to enable whitelisting domains for permanent cookie storage.
  
  --
  When information is power, privacy is freedom.
9. Re:Social media AdBlock list by Anonymous Coward · 2011-09-02 21:42 · Score: 0
  
  As far as I know, in Chrome there's currently no way to have cookies limited to a session by default but allow permanent ones on a whitelist basis.
  That's exactly how my Chrome is set up...
10. Re:Social media AdBlock list by Anonymous Coward · 2011-09-02 23:31 · Score: 0
  
  Current stable version has it, at least.
11. Re:Social media AdBlock list by Anonymous Coward · 2011-09-02 23:53 · Score: 0
  
  AdBlock Plus exists for Chrome.
  That's about all you can say for it.
12. Re:Social media AdBlock list by cvtan · 2011-09-03 01:26 · Score: 1
  
  I suspect Ghostery will have the same problem as RequestPolicy. That is, some sites have 50 or so suspicious trackers etc. There is no way to navigate the web if you have to fret over 50 3rd party redirects and tracking widgets on a page. The concept is welcome, but I don't see how anyone can use it efficiently.
  
  --
  Sorry, but gray text on gray background is making my eyes bleed.
13. Re:Social media AdBlock list by Anonymous Coward · 2011-09-03 04:45 · Score: 0
  
  This makes me nervous:
  http://forums.informaction.com/viewtopic.php?f=8&t=3869#p16295
  It indicates that ghostery is owned by an ad company, and it itself may collect some info?
14. Re:Social media AdBlock list by FlameWise · 2011-09-03 04:59 · Score: 1
  
  Thanks for linking this. In fact some of the comments in the original Heise articles call Heise hypocrites, since their new feature will gladly lock social sites out of the information loop without blocking their own Ad partners.
  Ghostery will fix that. However, I noted that it doesn't seem to block social sites, so it's a great addition.
  Now if Ghostery would block social sites, we wouldn't need web masters to help out with the blocking.
15. Re:Social media AdBlock list by Anonymus · 2011-09-03 06:08 · Score: 1
  
  You can use it efficiently by just installing it with the 500+ scripts it knows about blocked, and allowing auto-updates to block the rest as they're discovered.
16. Re:Social media AdBlock list by Call+Me+Black+Cloud · 2011-09-03 06:55 · Score: 1
  
  Thanks for that...that's exactly what I was looking for too.
17. Re:Social media AdBlock list by coolmadsi · 2011-09-04 23:13 · Score: 1
  
  Check again. "Allow local data to be set for the current session only" and then hit the "Manage Exceptions" button to enable whitelisting domains for permanent cookie storage.
  I will have to check my settings, I have all cookies turned off, apart from a Whitelist, but this seems like an improvement (and will mean I don't have to add things to the whitelist when I want to use them once). Thanks!
Simple do-it-yourself (partial) solution by 93+Escort+Wagon · 2011-09-02 16:52 · Score: 3, Informative

When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

--
#DeleteChrome
1. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-02 17:49 · Score: 2, Informative
  
  When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.
  How naive of you. Your IP is still the same, and so is your user-agent/fonts/etc. They don't need you to be logged in order to track you.
2. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-02 18:26 · Score: 1
  
  Not only that, logging out is just a flag on Facebook's side. They still send all the cookies with session information.
3. Re:Simple do-it-yourself (partial) solution by Baloroth · 2011-09-02 18:29 · Score: 1
  
  Yeah, I remember getting a nasty shock a few days ago when I didn't do that (I normally am very obsessive about it), and I noticed my name appearing in other pages. Seriously, Facebook, stop stalking me. Well, that is why browser extensions were made (Ghostery, I hope you work as advertised.)
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
4. Re:Simple do-it-yourself (partial) solution by jo_ham · 2011-09-02 20:25 · Score: 1
  
  Why do you think I have Facebook sandboxed in its own browser, separate from all of my other browsing?
  I do not trust them as far as I can throw them.
5. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-02 23:09 · Score: 0
  
  There's also disconnect.me which blocks the button, amongst others
6. Re:Simple do-it-yourself (partial) solution by theCoder · 2011-09-03 01:01 · Score: 2
  
  Logging out is not necessarily good enough. Facebook also tracks IP addresses that aren't currently logged in. Better to add adblock rules like:
  
  ||facebook.net^$domain=~facebook.com ||fbcdn.net^$domain=~facebook.com ||facebook.com^$domain=~facebook.com ||fbcdn.com^$domain=~facebook.com
  
  I don't think the last one is necessary -- it has zero hits in my Adblock right now. The others have quite a few hits.
  This does mean you won't see any "like" buttons, but if you don't use them, you won't miss anything.
  Does anyone have any similar rules for blocking Google +1 tracking? I suppose a similar "block google.com except when on google.com" might work, but I don't know if that blocks everything, or breaks anything.
  
  --
  "Save the whales, feed the hungry, free the mallocs" -- author unknown
7. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-03 01:26 · Score: 0
  
  If you don't trust them, why still use them?
  To keep in contact with those people you don't really care about much anyway?
8. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-03 03:49 · Score: 1
  
  I think it's unlikely just "logging out" of Facebook will increase privacy. Facebook still leaves identifiable cookies on your computer even after you log out.
  Sure, you can clear cookies, but even that's of limited use. The first thing that happens when you visit a page with a "Like" button, is that you get a new identity cookie from Facebook which will track you from that point forward. The next time you log into Facebook, they can connect the two identities. It's as if you never logged out.
9. Re:Simple do-it-yourself (partial) solution by 93+Escort+Wagon · 2011-09-03 07:56 · Score: 1
  
  Hence the word "partial" in the subject. They can still track that an individual goes to those particular Facebook-affiliated sites. But, if you're logged in, you're handing them your name on a silver platter.
  
  --
  #DeleteChrome
10. Re:Simple do-it-yourself (partial) solution by jo_ham · 2011-09-03 08:12 · Score: 1
  
  Yeah, people like... my immediate family, and coworkers...
  Not everyone just plays farmville on it all day.
11. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · 2011-09-03 10:47 · Score: 0
  
  And you think that facebook.com will delete the cookie in your browser, or will they still track you even if you are logged off because they know who was last logged with the cookie from that browser ?
  I am not logged in facebook right now, but I there is a facebook cookie on my browser. Named 'datr'. I guess they use that to track people, even when not logged in.
  One google later, bingo (search for 'datr' in that page):
  here
  Log out from you facebook account, and check that the 'datr' cookie is stil there.
  (people are so dumb on /. those days. How can the parent be modded up ???)
12. Re:Simple do-it-yourself (partial) solution by antdude · 2011-09-03 15:37 · Score: 1
  
  Also, clear cookies or use another computer/web browser that don't use Facebook.
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
13. Re:Simple do-it-yourself (partial) solution by coolmadsi · 2011-09-04 23:16 · Score: 1
  
  Logging out is not necessarily good enough. Facebook also tracks IP addresses that aren't currently logged in. Better to add adblock rules like:
  
  ||facebook.net^$domain=~facebook.com ||fbcdn.net^$domain=~facebook.com ||facebook.com^$domain=~facebook.com ||fbcdn.com^$domain=~facebook.com
  I don't think the last one is necessary -- it has zero hits in my Adblock right now. The others have quite a few hits.
  This does mean you won't see any "like" buttons, but if you don't use them, you won't miss anything.
  Does anyone have any similar rules for blocking Google +1 tracking? I suppose a similar "block google.com except when on google.com" might work, but I don't know if that blocks everything, or breaks anything.
  There is an additional AdBlock list called "Anti Social" that blocks all al these, including Google +1 ones. It does mean that you won't see the +1 buttons on Google+, but I have added Google to the "Allow adds on this domain" option, so they are there (and I've not seen any ads on Google+ now I think about it)
GameBoyRMH's sig by Onymous+Coward · 2011-09-02 17:01 · Score: 2, Interesting

I had just learned about what Facebook had been doing by reading GameBoyRMH's sig:

Facebook's pure HTML tracking system - How long has this been going on?
1. Re:GameBoyRMH's sig by poena.dare · 2011-09-02 17:16 · Score: 1
  
  Can someone explain to me some GOOD things you can do with iframes?
  I guess it is a silly question... ?
  They just seem like a bad idea to me.
2. Re:GameBoyRMH's sig by Anonymous Coward · 2011-09-02 17:27 · Score: 0
  
  Great virus's come from iframe, xframe or frame. Unless your after a virut.ce infection or something I would block all three in squid
  You can get more privacy though if you use the
  Facebook Blacklist
  66.249.64.0/19
  67.192.35.191
  69.63.176.10
  69.63.176.11
  69.63.176.0/20
  69.63.181.12
  69.63.181.0/20
  69.63.184.11
  69.63.189.11
  69.63.189.0/20
  204.15.20.80
  204.15.20.0/20
3. Re:GameBoyRMH's sig by Johann+Lau · 2011-09-02 17:42 · Score: 1
  
  Can someone explain to me some GOOD things you can do with iframes?
  Well, I'm very much a total javascript newbie still, and recently I decided to implement popup windows for my custom CMS thingy. Using iframes for that, I could simply re-use everything as is, and the submit button of pages "embedded" in a popup still works. For example the comment form pops up, you enter your comment and hit submit, the popup says thank you for your comment, you close the popup. Or you go to the "comment on X" page directly -- same code internally, you see? which of course also means everything works with javascript disabled which is super leet.
  If I wanted to make that without iframes, I would have to make a second submission/feedback route via AJAX... for stuff I already have! Essentially doubling that stuff for everything that can be handled in popups. Nah...
  And then there's dashboards, little scripts on various webservers displaying various stats, all put into one dashboard via iframes. Sure, that's again not exactly useful for the end user, but I do appreciate such a thing exists. I'm sure there are a lot of real uses for iframes... un the absence of abuse, they can allow for wonderful stuff that would be needlessly complicated without them.
4. Re:GameBoyRMH's sig by Anonymous Coward · 2011-09-02 18:09 · Score: 0
  
  Can someone explain to me some GOOD things you can do with iframes?
  Use your own judgement on whether this is good or not, but iframes can be used to embed payment processing pages to reduce your server's pci compliance needs. This can save a lot of money.
5. Re:GameBoyRMH's sig by poena.dare · 2011-09-03 00:41 · Score: 1
  
  Thanks.
  So what if iframes were limited to loading content only from the same domain as the parent page?
  Would that be a burdensome limitation?
6. Re:GameBoyRMH's sig by Anonymous Coward · 2011-09-03 11:56 · Score: 0
  
  Try out RequestPolicy for a few days. Judge how burdensome the whitelist method is youurself; I know everyone has a different threshold for that.
Adblock connect.facebook.com, plus.google.com, etc by devbrent · 2011-09-02 17:15 · Score: 1

I adblocked facebook connect a long time ago due to privacy concerns. Facebook already knows enough about me - my friends, my family members, my interests, the places I've been tagged. They don't need my personal browsing history.
Can facebook see any website I go to... by DSS11Q13 · 2011-09-02 17:19 · Score: 1

that has a "like" button regardless of if I click it or not?
1. Re:Can facebook see any website I go to... by Anonymous Coward · 2011-09-02 17:35 · Score: 0
  
  Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button. This works because the 'Like' button loads a script when the website page loads. That script runs, tracks you, and reports the data back to facebook. (Similarly, other scripts also run in the background to track your usage of a website you visit, like Google Analytics)This kind of data is extremely valuable and it surprises me that website owners are happy to give that data to facebook for free.
2. Re:Can facebook see any website I go to... by Anonymous Coward · 2011-09-02 17:53 · Score: 0
  
  Yes they can. Cross site script inclusions means you can never be sure what those scripts do.
3. Re:Can facebook see any website I go to... by Arancaytar · 2011-09-02 18:19 · Score: 3, Informative
  
  Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button.
  Regardless of whether you are logged in or not. Even if you don't have a Facebook account. The difference being logged in makes is just that they can associate the visit with an identity you built, instead of building one from all the visits to various websites you make with the same IP address.
4. Re:Can facebook see any website I go to... by Anonymous Coward · 2011-09-02 18:22 · Score: 0
  
  Yes, thats what this whole story is about.
5. Re:Can facebook see any website I go to... by DSS11Q13 · 2011-09-02 18:32 · Score: 1
  
  hmm, in that case. i don't suppose there's a firefox extension that does the same thing?
6. Re:Can facebook see any website I go to... by Anonymous Coward · 2011-09-02 19:03 · Score: 0
  
  Yep.
7. Re:Can facebook see any website I go to... by coolmadsi · 2011-09-04 23:22 · Score: 1
  
  hmm, in that case. i don't suppose there's a firefox extension that does the same thing?
  If you have AdBlock, there is an "Anti Social" list you can use that blocks all of these (Facebook, twitter, Google +1 etc.). It will mean you won't seem them at all, however, including the +1 button on Google+ (I have whitelisted Google to allow ads so I do see the +1 button, but have not seem other ads on Google+ so far).
  
  I believe Ghostery will do something similar.
What about Google Analytics? by Anonymous Coward · 2011-09-02 17:30 · Score: 0

It seems like every web site out there is using it, and in this case it's the web site owners who (primarily) are interested in the data. So I guess we cannot count on them to do the job.
I guess only firefox / chrome plugins will save us here.
1. Re:What about Google Analytics? by 0123456 · 2011-09-02 17:49 · Score: 1
  
  I guess only firefox / chrome plugins will save us here.
  Google Analytics seems to be trivial to block in /etc/hosts. Facebook tracking isn't so easy.
2. Re:What about Google Analytics? by Riceballsan · 2011-09-02 17:51 · Score: 2
  
  For google I believe they have a cookie specifically for opt out http://www.google.com/privacy/ads/ , I agree it would be nice for an opt in but for the real world, at least an opt out option is nice.
3. Re:What about Google Analytics? by Anonymous Coward · 2011-09-04 20:00 · Score: 0
  
  ... which only works if you enable cookies, right?
Re:Would this not make social targeting work bette by Riceballsan · 2011-09-02 17:46 · Score: 4, Informative

Not really, with the like button the way it is, lets say 2 people went to the page, a skate boarder and a teacher, skateboarder likes the page, teacher glances over it. With that information facebook knows that the teacher looked at the page, but wasn't inclined enough to like it, but if they noticed 75 teachers looking at it without liking it, they'd know something interests teachers in that page enough to look at it, The skate boarder likes it. For the skate boarder side the information is the same, but the information of who is looking at it, but not liking it, is still valuble data.
This is apparently required by law in Germany by slart42 · 2011-09-02 17:59 · Score: 5, Informative

Some missing context: http://www.kreativ-ackern.de/2011/08/20/gefaellt-mir-facebook-dienste-illegal/ (In German).
Basically, a German authority for privacy rights has recently claimed that embedding a Facebook "Like" button on your web site is a violation of german privacy rights, because it allows tracking of all users of the web site by a third party. According to the article, having a "Like" button on your site can yield in fines up to EUR 50k. This is probably technically and legally correct, I doubt that anyone would actually be sued any time soon, though. But the headline has made a big splash on the german internet in the last weeks, and I'd assume that heise's move is a direct reaction to this (which is mentioned in the document as a possibly legal way to have a Like button on your web site).
1. Re:This is apparently required by law in Germany by Anonymous Coward · 2011-09-02 21:24 · Score: 0
  
  [quote]This is probably technically ... correct[/quote]
  That's the best kind of correct!
Heise did not "change" their 'like' buttons by Anonymous Coward · 2011-09-02 18:11 · Score: 1

They implemented this before adding like buttons to their page. heise did not have the tracking buttons on their page, like /. has. So the post is somewhat misleading.
1. Re:Heise did not "change" their 'like' buttons by Johann+Lau · 2011-09-02 18:57 · Score: 1
  
  heise rules! but that isn't news ^^
Small correction by Affenkopf · 2011-09-02 18:27 · Score: 3, Informative

Heise didn't change their social 'like' buttons. They introduced them. Heise never had these buttons before because of the privacy issues.
1. Re:Small correction by Anonymous Coward · 2011-09-02 19:09 · Score: 0
  
  That's right - you just need to read carefully:
  "From now you can also suggest articles on heise online on Facebook, Twitter and Google + comfort his friends. We have ensured that while the data of the Heisenberg-reader will not be sent without the consent of the operator of the network platforms."
weird I did this but didn't think the same way by terrox · 2011-09-02 18:28 · Score: 0

I did the same thing on some of my sites but I didn't think about facebook tracking, I just loaded my "like" stuff into a div using jQuery so it didn't bog the users down with all the facebook bloat stuff and I didn't need to show their ugly icons until the user wanted to see them - same mechanics, different goal.
/etc/hosts? by Pelekophori · 2011-09-02 18:49 · Score: 2

127.0.1.1 www.facebook.com

/ just saying

--
The best ideas are common property
1. Re:/etc/hosts? by Anonymous Coward · 2011-09-02 19:45 · Score: 1
  
  The iframes don't come from www.facebook.com, I use adblock plus:
  
  |http://static.ak.fbcdn.net/* http://www.facebook.com/plugins/like.php* |http://platform.twitter.com/* |http://twitter-badges.*
  
  Etc...
2. Re:/etc/hosts? by GeekDork · 2011-09-02 21:37 · Score: 1
  
  127.0.1.1 www.facebook.com
  I'm blacklisting *.facebook.com, their CDN (fbcdn.net), and connect.facebook.net in ABP (the connect rule is older since it used to break a bunch of sites when the service started and was even more unreliable than it is today). The other solution would be to just make my home DNS auth for those zones, which I've done for a bunch of other crap like doubleclick, making that stuff NXDOMAIN.
  
  --
  Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
3. Re:/etc/hosts? by Anonymous Coward · 2011-09-03 00:17 · Score: 0
  
  So you're going to track down each and every subdomain Facebook uses, and block them all in /etc/hosts? Good luck with that.
  Setting up a caching DNS, and configuring it to return 127.0.0.1 for anything in the .facebook.com. domain is more likely to have good results.
4. Re:/etc/hosts? by Anonymous Coward · 2011-09-03 03:47 · Score: 0
  
  Most cool. But how about a list of ALL facebook servers and not just www?
So? by Anonymous Coward · 2011-09-02 18:57 · Score: 0

Where's the like button for this page?
Re:Adblock connect.facebook.com, plus.google.com, by Anonymous Coward · 2011-09-02 18:59 · Score: 0

quite right.
On my home network, I've redirected sites like FB Gmail, G+ etc to a dummy web page that just displays a picture of a Cow's backside doing what comes naturally.
Visitors do get quite a surprise...
Why not from the beginning by Anonymous Coward · 2011-09-02 20:12 · Score: 0

This magazine writes alot about privacy and they put this button there without protection like now. Why not?
1. Re:Why not from the beginning by maxwell+demon · 2011-09-02 20:52 · Score: 1
  
  This magazine writes alot about privacy and they put this button there without protection like now. Why not?
  No, they didn't add those buttons until now. The first sentence in the German text (I didn't bother to check out the Google translation) reads (emphasis by me):
  "Ab sofort kann man auch auf heise online Artikel bei Facebook, Twitter oder Google+ komfortabel seinen Freunden empfehlen."
  Which means (emphasis by me):
  "Starting now, it is possible also on heise online to comfortable recommend articles on Facebook, Twitter or Google+ to your friends."
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
Why does it require two clicks? by kasperd · 2011-09-02 20:52 · Score: 1

It is quite obvious how getting this icon from facebook every time a page is loaded will allow facebook to track it. But why does that mean you have to click twice after this change? Couldn't they just host the icon locally and still let the link do what it used to do on the first click?

--

Do you care about the security of your wireless mouse?
1. Re:Why does it require two clicks? by ais523 · 2011-09-02 21:13 · Score: 1
  
  That'd be a CSRF attack against Facebook if it worked. Imagine if sites could simulate a "Like" on themselves from users who had no intention of clicking the button, but had actually clicked something entirely different. It's a good thing that it's impossible.
  
  --
  (1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
2. Re:Why does it require two clicks? by Anonymous Coward · 2011-09-02 21:50 · Score: 0
  
  why is that a good thing?
3. Re:Why does it require two clicks? by Anonymous Coward · 2011-09-03 00:20 · Score: 0
  
  Imagine if sites could simulate a "Like" on themselves from users who had no intention of clicking the button, but had actually clicked something entirely different. It's a good thing that it's impossible.
  That will be coming soon... Then there will be malware that will simulate likes for Facebook things as well.
4. Re:Why does it require two clicks? by Bing+Tsher+E · 2011-09-03 07:48 · Score: 1
  
  Well, it's a good thing from Facebook's point of view. It would render their whole 'like' scheme meaningless.
  Me, I think it would be excellent. Anything that pumps more worthless shit into Facebook's database lowers the quality of their mined 'ore.' If it became valueless, they would fucking go out of business.
5. Re:Why does it require two clicks? by Anonymous Coward · 2011-09-03 11:24 · Score: 0
  
  Imagine if sites could simulate a "Like" on themselves from users who had no intention of clicking the button
  That's already happening all the time.
Sounds reasonable by DrXym · 2011-09-02 22:14 · Score: 1

I wonder if someone shouldn't produce a script which does this so lots of sites can implement similar behaviour. Not just Facebook but also Google+, Digg etc.
Re:Would this not make social targeting work bette by geekmux · 2011-09-02 22:24 · Score: 1

Um, what? They're purely losing data. Instead of having both (1) the list of users / IPs / whatever who view a page and (2) the list of users who "Like" that page, they now only get (2) and their IP info, rather than everyone's. There is no advantage.
So, a page hit by (1) that merely contains Facebook content (the "like" button) automatically means Facebook needs that (1) tracking information and NOT the site hosting the other 99.999% of the site content? If the original site isn't interested in their own page hit statistics, surely they must recognize the value of that data. Why the hell don't they sell it themselves? Or perhaps they should sell (1) to Facebook instead of giving it to them for free. (sorry, Facebook, but you don't own the patent on who can fabricate a revenue stream from utter bullshit)
fantastic solution by Tom · 2011-09-02 22:24 · Score: 1

This is actually a fantastic solution to a good part of the social-network-tracking-you problem - namely that Facebook et. al. are not only tracking what you do on their site, but also a lot of your other activities.
The best part is that Heise has promised to release the source code next week, so other sites can use the same approach. I definitely want to see this everywhere.

--
Assorted stuff I do sometimes: Lemuria.org
So, here's one interpretation of "Why" by geekmux · 2011-09-02 22:39 · Score: 2

If I'm understanding this correctly, Facebook, using their "Like" button, has basically been allowed to receive two distinct types of tracking information. One is the information they should be allowed to see (who actually clicks on the "Like" button), and the other is information on whomever loaded the page that contained a "Like" button.
And now, someone has come up with a rather ingenious way to separate those two data streams, and if they're smart about it, sell the latter data back to Facebook rather than allowing them to get it for free.
And Facebook is trying to strongarm them by blacklisting. Now, the question is when another 1000 sites do this same thing, in an attempt to generate an additional revenue stream(selling hit data to FB), will Facebook continue to try and strongarm them by blacklisting?
Why am I having flashbacks and cold sweats over who will win that strongarm war? The words "too big to fail" flashed in my mind for some reason...
1. Re:So, here's one interpretation of "Why" by Josef+Meixner · 2011-09-03 00:11 · Score: 1
  
  Sorry, but I very much doubt that Heise would sell that information. First they would probably get into trouble with German privacy laws and their users would be furious if that would become known, I certainly would be. Isn't it possible, that someone just does the right thing once and doesn't see any reason, why some other party (it isn't only facebook, also google+ and twitter are handled the same way) should receive nearly complete information what its users are doing on site?
2. Re:So, here's one interpretation of "Why" by hey · 2011-09-03 01:59 · Score: 2
  
  I hope somebody packages this code as a simple to download and install widget.
3. Re:So, here's one interpretation of "Why" by w4rl5ck · 2011-09-03 22:59 · Score: 1
  
  First thing, Heise will not sell this information, they are basically the good guys, protected by several laws and priviledges they would loose by such action, plus widely financed - they dont need to do so.
  Their main interest is to expose something bad going on, which is just living up to their journalist role. Good stuff.
  Facebook is already retreating, they know they can only loose, and Heise is - in Germany - very, very big (I think every techy guy/girl in Germany at least pays minimum attention to their news feed, plus one of the multiple print magazines they publish). They also have a history of going to court, and going there sucessfuly, fighting for publicists rights regarding modern technology issues (patent/copyright gags and stuff) and net freedom.
  People have been asking for how they do the Facebook "masking" (reportedly, already over 500 official requests), and Heise said they are already working on creating a documentation on how to do it.
  Facebook should not even try to stop this, war is already lost, at least throughout Europe. The whole "like" system outweighs "hidden tracking" by far in value, and with criticism rising constantly in public media (!) plus privacy jurisdiction evolving badly for them in Europe, they will have to be very careful to not loose everything.
  As you said: to big to fail. Not.
which is very unfriendly by Anonymous Coward · 2011-09-03 00:18 · Score: 0

to facebook :-))
cb
1. Re:which is very unfriendly by netsharc · 2011-09-03 02:40 · Score: 1
  
  Indeed it is! And it's a clever solution to prevent data-leakage which German websites (and hopefully others) will probably now copy, which is why Facebook is panicking about it. "Oh shit, they figured out a solution to prevent us from monitoring users* on the web! We're fucked!".
  * Seriously, even a non-FB-account-owning user probably has a tracking cookie from facebook.com to uniquely identify him/her across all sites that have the Like button, and that information is still very useful for marketers, which Facebook (presumably) sells that data to ("just sign this contract to sell your ads using Facebook, and we'll give you the info you want!").
  
  --
  What time is it/will be over there? Check with my iPhone app!
Re:Would this not make social targeting work bette by netsharc · 2011-09-03 02:42 · Score: 1

Actually (1) is interesting to Facebook because that data of a single user (unique cookie) from a lot of sites means a marketing profile of a unique person ("this person reads foxnews.com, likes to visit gaming websites, shops at target.com", etc, etc) that Facebook can sell to ad-sellers.

--
What time is it/will be over there? Check with my iPhone app!
the like button is a webbug by way2trivial · 2011-09-03 04:16 · Score: 1

and this fact? this surprises you? really?

--
every day http://en.wikipedia.org/wiki/Special:Random
1. Re:the like button is a webbug by Commontwist · 2011-09-03 05:38 · Score: 1
  
  It's Facebook so, no, not really. Just never used Like buttons.
Better yet... by Anonymous Coward · 2011-09-03 07:35 · Score: 0

If I'm only using one browser, I just use Chromium's "Incognito Mode" for any site that requires me to log in (Gmail, etc). Normally I would do that, and also use Firefox alongside with noscript to do my regular browsing, and clear all data on exit. I'm currently looking for an extension that sends random/bogus useragent, screen res/color depth/etc data every time to make every impression unique.
Chrome by Joe+Jay+Bee · 2011-09-03 21:02 · Score: 1

Those who don't want this bullshit can install the lovely Facebook Disconnect extension for Chrome, which removes any and all Facebook tracking from any non-Facebook pages.
Pain in the arse to have to install an extension because of one company's idiocy, but there we go.

--
I write bullshit
No solution by Anonymous Coward · 2011-09-03 21:42 · Score: 0

AFAIK that doen't help. Since the button is loaded from the facebook site, they have access to facebooks ID cookie locally stored in your browsers profile and can track you _regardless_ of being logged in or not. In fact it seems, they even create an ID cookie the first time you encounter the like button, even when you are _not_ a facebook member and convert it to a track record once you became one, so facebook nows where you've been in the past in the second you decide to join...
Really Have to Hand it to Orwell by Anonymous Coward · 2011-09-04 00:28 · Score: 0

George Orwell may have missed slightly on the dates, but you really have to hand it to him that his vision of "TV's" that watch the watcher would be a widespread part of maintaining an authoritarian society that feeds a tiny few at the expense of the many.
Source code available under MIT license by Anonymous Coward · 2011-09-07 05:46 · Score: 0

Heise have recently published the source code under the MIT license:
http://www.heise.de/extras/socialshareprivacy/
Unfortunately, documentation and strings seem to be German only, but it's probably not excessively complex to set up. Maybe someone can start an English language fork?
Btw, users have already created plugins for Wordpress and Joomla:
http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/
http://wordpress.org/extend/plugins/wp-socialshareprivacy/
http://joomla-extensions.kubik-rubik.de/2csb-2-click-social-buttons