Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heise's 'Two Clicks For More Privacy' vs. Facebook

Posted by timothy on from the like-grit-in-the-eye-of-sauron dept.

First time accepted submitter FlameWise writes "Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)." As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."

31 of 206 comments (clear)

  1. don't people already do this? by Anonymous Coward · · Score: 2, Insightful

    "disable unintentional automatic tracking of all page visits by third-party social sites like Facebook"

    I think anyone who cares the slightest bit about privacy already blocks facebook's address blocks, googles trackers, and so on.

    Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control. I figure that my computer exists to make MY life easier, not to make money for facebook or google.

    "Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

    1. Re:don't people already do this? by Samantha+Wright · · Score: 3, Informative

      This is a mindblowingly old and tired debate, but I think the typical reply to you goes something like "most people are mostly stupid and as a result we need to take care of them. Further," goes the repartee, "all of this this should be opt-in to begin with."

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    2. Re:don't people already do this? by Anthony+Mouse · · Score: 5, Insightful

      "Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

      If I'm just reading the news, I use whatever computer is in front of me. Sometimes that's my PC, or my laptop, or my PC at work, or a school computer, etc. Having to change a setting on every different computer I use is a huge annoyance, to say nothing of the times when I don't have administrative access to make certain changes.

      Anything that makes protecting my privacy the default is a win.

    3. Re:don't people already do this? by KiloByte · · Score: 2

      You mean, it should be legal to rob you or murder you unless you register for a legal protection program?

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    4. Re:don't people already do this? by Tomato42 · · Score: 2

      Because installing AdBlockPlus on library computers is so realistic...

    5. Re:don't people already do this? by Caesar+Tjalbo · · Score: 2

      I can be bothered but I can use every help I can get. Installing NoScript is easy, determining which sources are legitimate for functionality and content and which I'd like to block isn't. Too many sites require third party resources or writable (flash) cookies to function and still I've no idea how to block browser fingerprinting through the installed fonts.

      I've recently gone through the list provided by Ghostery again, blocking all by default and then allowing what seemed to make sense to me, including Disqus. Somehow that didn't work, can't comment on sites with Disqus enabled and I don't know why. I think it's a shame that it's necessary that I have to worry about this, imho it should be enough that I'm simply careful with what I enter online.

      --
      "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
    6. Re:don't people already do this? by KGIII · · Score: 2

      Most "surfers" don't want the hassle and are happy to be tracked.

      [citation needed]

      --
      "So long and thanks for all the fish."
  2. I don't get it... by FormOfActionBanana · · Score: 2

    They embed a Facebook "like" button on their website... And then they decide it's creepy so they grey it out???

    When I think something is creepy I just remove it....

    --
    Take off every 'sig' !!
    1. Re:I don't get it... by YodasEvilTwin · · Score: 5, Informative

      No, dude. They have a little grey icon hosted locally, and when it's clicked they do an AJAX call and insert the Facebook "Like" button dynamically. That prevents Facebook from using the page that gets loaded in the iframe with the Like button from tracking the user until they've clicked the button. Otherwise everyone who visited the site would automatically be tracked when the Like button was automatically loaded.

    2. Re:I don't get it... by Anonymous Coward · · Score: 2, Informative

      The act of loading the like button is what allows Facebook to track users. This site defeats this by deferring the loading of the button until after a user asks for it. The AJAX call is to Facebook to load the button (and track the user).

    3. Re:I don't get it... by Arancaytar · · Score: 3, Informative

      The greyed-out dummy button (that's what the markup calls it in the HTML class description) has the function of showing users that the option still exists, but requires them to enable it. It also is loaded from the Heise site itself, thereby requiring users to explicitly opt in before their browser sends any request to Facebook.

      Consequently, instead of automatically sending data about all visitors (including those who don't even have Facebook accounts and have no use for the Like button) to Facebook, only those visitors who want to give information to Facebook anyway (by clicking the Like button) will be tracked.

  3. Nice to see this. by ArchKaine · · Score: 2, Insightful

    I have to say that I'm impressed with Heise doing this. This puts the choice of being tracked into the user's hands.

    --
    Ignorance is blissful, to the ignorant.
    1. Re:Nice to see this. by Anthony+Mouse · · Score: 4, Insightful

      I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.

    2. Re:Nice to see this. by Commontwist · · Score: 2

      Yea. I didn't know that and I am most certainly displeased by that little trick. It's like 'put this like button on your webpage so Facebook can track everyone who looks at your webpage for free even if they don't use the button'.

      That kind of accurate info like how many people are visiting certain websites and which pages could be sold to competing websites by Facebook. I'm not surprised the site did that if they realized the implications of the buttton.

    3. Re:Nice to see this. by vlueboy · · Score: 2

      It's only because Germany very recently started pushing an anti-facebook stance. I doubt they would have implemented this so easily without a government breathing down their necks --they're the largest German web news provider IIRC.

      Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments a-la CNN, New York Times or Yahoo (too lazy to translate and confirm whether they have a official off-site forum that is obligatory of sites looking for discussion clicks.) So they didn't REALLY need the revenue or hits calculated by keeping the button active. This also shows their users are MORE tech savvy while at once being LESS prone to panic/complain on ideological changes.

    4. Re:Nice to see this. by V+for+Vendetta · · Score: 2

      Heise is famous (or "infamous" to certain parties) for "Doing the right thing(tm)!". They've done so in the past and I truely hope they continue to do so in the future.

    5. Re:Nice to see this. by xaxa · · Score: 2

      It's only because Germany very recently started pushing an anti-facebook stance.

      No, the whole EU has, pretty much since the start, had a pro-privacy stance. More recently, attention has turned to website privacy matters -- e.g. cookies.

      I work for the British government, and a few months ago had to confirm exactly what cookies were used on our websites. In my case, only session cookies to track "shopping basket" type things, which are fine, but the main website uses Google Analytics. It's likely that at some point in the next 12 months we'll have to remove Google Analytics. (Or, perhaps more likely, Google will change GA in the UK(/EU) to conform to the new regulations and keep their 'customers'). That seems reasonable to me -- someone looking at our website shouldn't have to have their details shared with Google.

      Our website has "share" buttons, but they don't track the user. They just send them to Facebook with the URL of our page in the query string: http://www.facebook.com/sharer.php?u=http://www.example.org/

      Germany is just slightly ahead of the UK here.

  4. Simple do-it-yourself (partial) solution by 93+Escort+Wagon · · Score: 3, Informative

    When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

    --
    #DeleteChrome
    1. Re:Simple do-it-yourself (partial) solution by Anonymous Coward · · Score: 2, Informative

      When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

      How naive of you. Your IP is still the same, and so is your user-agent/fonts/etc. They don't need you to be logged in order to track you.

    2. Re:Simple do-it-yourself (partial) solution by theCoder · · Score: 2

      Logging out is not necessarily good enough. Facebook also tracks IP addresses that aren't currently logged in. Better to add adblock rules like:

      ||facebook.net^$domain=~facebook.com
      ||fbcdn.net^$domain=~facebook.com
      ||facebook.com^$domain=~facebook.com
      ||fbcdn.com^$domain=~facebook.com

      I don't think the last one is necessary -- it has zero hits in my Adblock right now. The others have quite a few hits.

      This does mean you won't see any "like" buttons, but if you don't use them, you won't miss anything.

      Does anyone have any similar rules for blocking Google +1 tracking? I suppose a similar "block google.com except when on google.com" might work, but I don't know if that blocks everything, or breaks anything.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  5. GameBoyRMH's sig by Onymous+Coward · · Score: 2, Interesting

    I had just learned about what Facebook had been doing by reading GameBoyRMH's sig:

    Facebook's pure HTML tracking system - How long has this been going on?

  6. Re:Social media AdBlock list by brim4brim · · Score: 4, Informative

    Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome): http://www.ghostery.com/download

  7. Re:Would this not make social targeting work bette by Riceballsan · · Score: 4, Informative

    Not really, with the like button the way it is, lets say 2 people went to the page, a skate boarder and a teacher, skateboarder likes the page, teacher glances over it. With that information facebook knows that the teacher looked at the page, but wasn't inclined enough to like it, but if they noticed 75 teachers looking at it without liking it, they'd know something interests teachers in that page enough to look at it, The skate boarder likes it. For the skate boarder side the information is the same, but the information of who is looking at it, but not liking it, is still valuble data.

  8. Re:What about Google Analytics? by Riceballsan · · Score: 2

    For google I believe they have a cookie specifically for opt out http://www.google.com/privacy/ads/ , I agree it would be nice for an opt in but for the real world, at least an opt out option is nice.

  9. This is apparently required by law in Germany by slart42 · · Score: 5, Informative

    Some missing context: http://www.kreativ-ackern.de/2011/08/20/gefaellt-mir-facebook-dienste-illegal/ (In German).

    Basically, a German authority for privacy rights has recently claimed that embedding a Facebook "Like" button on your web site is a violation of german privacy rights, because it allows tracking of all users of the web site by a third party. According to the article, having a "Like" button on your site can yield in fines up to EUR 50k. This is probably technically and legally correct, I doubt that anyone would actually be sued any time soon, though. But the headline has made a big splash on the german internet in the last weeks, and I'd assume that heise's move is a direct reaction to this (which is mentioned in the document as a possibly legal way to have a Like button on your web site).

  10. Re:Can facebook see any website I go to... by Arancaytar · · Score: 3, Informative

    Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button.

    Regardless of whether you are logged in or not. Even if you don't have a Facebook account. The difference being logged in makes is just that they can associate the visit with an identity you built, instead of building one from all the visits to various websites you make with the same IP address.

  11. Small correction by Affenkopf · · Score: 3, Informative

    Heise didn't change their social 'like' buttons. They introduced them. Heise never had these buttons before because of the privacy issues.

  12. /etc/hosts? by Pelekophori · · Score: 2

    127.0.1.1 www.facebook.com

    / just saying

    --
    The best ideas are common property
  13. Re:Something else /. won't bother with by wgoodman · · Score: 2

    Actually, the disconnect plugin is there to specifically remove tracking from FB and other sites by default. you can enable it on specific sites if desired, but the default is block all their bs tracking. This blocks things that adblock does not (though adblock is a must either way)

  14. So, here's one interpretation of "Why" by geekmux · · Score: 2

    If I'm understanding this correctly, Facebook, using their "Like" button, has basically been allowed to receive two distinct types of tracking information. One is the information they should be allowed to see (who actually clicks on the "Like" button), and the other is information on whomever loaded the page that contained a "Like" button.

    And now, someone has come up with a rather ingenious way to separate those two data streams, and if they're smart about it, sell the latter data back to Facebook rather than allowing them to get it for free.

    And Facebook is trying to strongarm them by blacklisting. Now, the question is when another 1000 sites do this same thing, in an attempt to generate an additional revenue stream(selling hit data to FB), will Facebook continue to try and strongarm them by blacklisting?

    Why am I having flashbacks and cold sweats over who will win that strongarm war? The words "too big to fail" flashed in my mind for some reason...

    1. Re:So, here's one interpretation of "Why" by hey · · Score: 2

      I hope somebody packages this code as a simple to download and install widget.