Slashdot Mirror
Facebook Cookies Track Users Even After Logging Out
First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"
dont use facebook
I run Adblock Plus/Adblock with the EasyList and EasyPrivacy list subscriptions on all of my browsers (Firefox and Webkit based browsers). Does anyone know if this will effectively thwart these tracking cookies?
a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
As if anyone could have been surprised by this, didn't Slashdot already cover this story?
Palm trees and 8
Just find out their cookie, set your cookie to match, browse (and maybe like, I don't use facebook so I don't know if you have to be logged in to like something) some marginal stuff or competitors pages etc.
As an aside, I swear this was already common knowledge, at least at /.
I just did a search in Firefox to delete all Facebook cookies. Yum!
If you have the personalization feature enabled this will happen, what the hell did you think would happen? And yea if you dont want to be tracked clear your damn cookies
This is the same company who's official android application seems to touch my gps info at least once when I open the application.
You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
http://www.ghostery.com/
For everyones reference, it's currently blocking facebook connect here on slashdot.
Gone!
I want Facebook to track my every move!
And like the previous time Ghostery is the preferred plug in to suppress it.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
So if you use Facebook on a public computer (not all of which allow you to delete cookies), everyone using it after you will be greeted with your name etc and browse in your stead until someone else is stupid enough to use it to log in to Facebook. That's just wonderful.
Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.
This should surprise no one. I block their cookies in my browser and never intentionally go there.
I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".
Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...
Corporatism != Free Market
So... facebook.com sets a cookie...
Site B has Facebook Like button - which presumably is sourced from facebook.com
And you're surprised that they don't check your cookies when sending the icon???
Where's the story?
Websites have been doing this for well over a decade. Stats companies like WebSideStory pioneered the technique, and you can simply assume that any cross-site widgets on the Web in 2011 are doing exactly the same thing. Every single one of them. If you care, turn off third-party cookies and have your browser delete all cookies whenever it closes. You can whitelist sites as necessary from there.
I use browser profiles for a number of things. I have a browser profile for Hotmail, I *will* have a browser profile for Facebook when I get an account, and I have a profile for normal browsing. That way Facebook can't use their Like buttons to track half of the websites I visit.
Seems good enough to me... now, if only I could get people to do the same.
don't forget fbcdn.net and fb.com, maybe others
In Opera, you can right click with Facebook loaded, select site preferences, cookies, and check "delete new cookies every time I exit Opera". Only deletes cookies from Facebook, so other sites won't break. Also, erase existing cookies. Won't stop the cookies during the same session, but it'll help. Also, Ghostery prevents this (as others have mentioned.) I use Facebook to stay in touch with friends, but that doesn't mean I want them to know anything about any other sites I visit, TYVM.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
I don't want anyone to know I read slashdot
I was wondering exactly about this today given what I'd been observing these last few days. Facebook seems to have no limits to their outrageous behavior, opt-in only changes, and arrogant privacy busting tactics. It's like it's being run by some over-privileged college kid who moved out of home and now thinks that he can do anything he wants...Oh wait...
Of course, because Zuckerberg is a huge liberal and Democratic party supporter this administration isn't going to do a d@mn thing about it.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
From TFA:
I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?
Attention zealots and haters: 00100 00100
What about NoScript? I frequently see the option to allow facebook.net et al when browsing sites (it's even on the list right now on /.). Doesn't this prevent my info from being sent to FB provided the scripts are not allowed to run?
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
I don't see why anyone is suprised about this behaviour when it's actually how the damn doubleclick and such manage to track people across the web. All of those damn Facebook Like/Add This button are simply doing what they're supposed to do. Call the Mothership so why are you suprised?
The only way to prevent this is to block the damn button scripts along with their fbcdn connections.
Mod me up/Mod me down: I wont frown as I've no crown
...I realized that I had just tipped my hand, accidentally informing Facebook that I like big juggs.
I stared at that "Share this on Facebook!" button, with my face next to it, like I just realized I wasn't the only person in the room. /That's Willie's Time
Seriously, is this a news at all ? Third party cookies and gif bugs are nothing new. Disable third party cookies helps you a little.
I have done this ever since I joined FB due to friends and family over-bugging me to join: I installed the Opera browser, I got a new email that I use for FB; I've used Opera only to log into FB and into the email I use for FB. I use Chrome or Firefox for everything else. I just checked my Firefox, no FB cookies!
~~~Please pass the salt, I hate unsalted MD5s
I've looked at my web traffic lately and see an awful lot of traffic to Facebook when I go to other sites. And it is not that I'm just "logged out" of Facebook, I don't have a Facebook account and never have (and never will). There is no valid reason for this traffic between me and Faceook. The next step may be to put a bad link for Facebook in my Hosts file.
I'm an American. I love this country and the freedoms that we used to have.
Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....
C|N>K
I am sure I read about this (exactly as described in the summary) two years ago. The infamous Facebook cookies that track you even after you log out - yes, people have been taking this crap all this time. Maybe now it'll get a bit more air due to the existence of a legitimate contender (G+)?
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
This has been known since the Like button first appeared. Quit FB, or learn to use NoScript.
Is it ironic that there is a Facebook widget right on the /. page with this story?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Newegg does this too. I used to get emails for recommendations based on browsing their site and I was not even logged in for that session.
Don't use Facebook with prejudice.
Avoid it like you would the black plague.
Purge it from your mind... face-wut?
It can only make you stupid.
You could use a different browser for Facebook than for everything else you do. Say you normally use Firefox, you could use IE/Opera/Chrome/Safari/something else for Facebook only. Or set up a dedicated browser instance that runs in a VM, using that only for Facebook. My personal choice is even easier though - I don't use Facebook.
This is a hacked account, for which the owner can not be held responsible.
From the article: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.' I think that if you set the cookie permissions correctly, you should be able to use fb, and not have the cookies track you after you log out (In Firefox) From the facebook home page, right-click on an empty part of the page, and select 'View Page info. The select the Permissions tab. there is an option for 'Set Cookies' Set it to 'Allow for session', and the cookies should be deleted when you logout. Cheers, Andrew.
echo 127.0.0.1 facebook.com www.facebook.com api.facebook.com static.ak.fbcdn.net >> /etc/hosts
Pages everywhere load faster now. :)
Thanks for the lecture, but I know how HTML works. Obviously I'm not surprised by all of those fetches from Google as sites get ads from them or links to a video source when I load a page with embedded video. But I'm seeing this over and over again when I load pages that don't even have a visible reference to Facebook on them. Clearly they are getting sites to embed something that references Facebook, but the extra traffic it costs me seems to be for Facebook's benefit, not mine. Time to block it.
I'm an American. I love this country and the freedoms that we used to have.
Facebook disconnect:
https://chrome.google.com/webstore/detail/ejpepffjfmamnambagiibghpglaidiec
Well. i disabled facebook in noscript, just in case they miss it somehow that i have no account there.
There are specific cases where retaining your account id in a persistent cookie after logout is certainly useful. One of these is the "remember this device" option that helps to make the SMS login approvals feature workable, which help to protect accounts from unauthorised access.
Yeah, blocking third-party cookies is a good thing to do. The third-party can still see your IP address every time you visit a page that embeds their content, but it at least provides a thin layer of anonymity on the web. Furthermore, it is far less painful than using no-script. The only think that I have noticed break is that embedded Vimeo videos won't play with third-party cookies disabled and you have to right-click and view them on Vimeo instead (or white-list them).
Remember kids, scrub the browser's cache (temporary internet files, cookies, everything) at the end of every session, and after logging out of facebook.
To offset political mods, replace Flamebait with Insightful.
Don't recall where I found this, but add this to user.action:
# Facebook
# This is used for blocking Facebook Open Graph stuff, where third party
# sites include resources from Facebook.
#See if the referrer is even set. .facebook.com
{+client-header-tagger{referrer-set-facebook}}
#If a referrer was set, block cookies.
{+block{Facebook Open Graph blocked.} +crunch-outgoing-cookies}
TAG:^referrer-set-facebook:
#Except if it was referred by facebook, make sure we allow the cookies.
{-block allow-all-cookies}
TAG:^referrer-set-facebook:(?:https?://)?.*\.?(facebook.com)(?:/.*)?$
{+block{Facebook} +crunch-all-cookies } .facebook.com/plugins .*connect.facebook.com .facebook.com/extern /(.*/)fb.connect.* .connect.facebook.* /.*/FB\.Share
api.ak.facebook.com/*
*.facebook.com/(.*/)connect/*
Note that Slashdot is probably messing up some of the linebreaks.
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
Been using this for awhile now: No script Options, Advanced,ABE. ># Block facebook on third party sites >Site .facebook.com .facebook.net .fbcdn.com .fbcdn.net
>Accept from .facebook.com .facebook.net .fbcdn.com .fbcdn.net
>Deny ALL
Works like a charm, might need to make one for google+ soon. Of course slashdot is going to mash it into one big line > denotes a new line.
Surprised I'm the first to suggest this on here, but if you add the following line to your /etc/hosts or C:/Windows/system32/drivers/etc/hosts file, Facebook will never bother you again on that machine.
127.0.0.1 facebook.com
I nowadays only use the FB app on my Galaxy Tab.
Why use any social networking site if your gonna isolate yourself? Don't get me wrong I do use facebook and am fully aware how the tracking system works (I personally enabled it on 20 sites I use this morning). It just seems like a lot of "the sky is falling" mentality. Not trying to troll or flame here, but it seems like if you don't want others to know what your doing, then you should unplug the computer and just use it as a standalone system. Could be just my old man point of view though. lol
Regards,
MBC1977,
This is common knowledge for damn near everybody on Slashdot, but for those who don't know:
It's not the browser cookie that is tracking the browser activities, it is the Facebook included javascript that recognizes the fb cookie and reports that this particular browser has visited this website/page. The cookie is only data on the user's machine and that is used to log where that browser has gone to. That's why these social sites (and porn sites, etc.) are so insidious. You may think that no longer visiting them is enough but it isn't. A good practice is to clean out your cookies once a month, and anything you don't immediately recognize, delete. Most users won't take the time to do that, There was an extension that changed the cookie lifespan to 1 month but I can't seem to find that now. Another good thing to do is run the addon NoScript. Again, for most users they will quickly tire of approving scripts repeatedly. The last thing that is good to do is to add an entry into your hosts file that points facebook.com to 127.0.0.1. There, never having to worry about facebook insecurities again, without being too paranoid.
Yeah, I saw this coming a mile away. You could also just disable cookies altogether, but for those that use them and don't want Facebook to track this, there's easy ways in pretty much every browser to *.* disable all Facebook cookies from ever installing/saving. That's what I'm going to do.
"Instant gratification takes too long." - Carrie Fisher
The end. No tracking, "evercookies" etc. Even blocks google tracking via google-analytics.
Facebook knows that it's users spend too much time sitting at their computer, and then it knows that they want to buy useless schlock like nice clothes, nice shoes, nice cars, and go to nice restaurants and then it knows they want to get laid!!!
It knows they have a cell phone, and that they use it to make phones calls! From places within 1/2 an hour of their home or work! Oh no! Sometimes Facebook users get drunk and show their tits in public! Sometimes Facebook users take pictures of their cocks and send them out to the wrong people! Facebook users obsess over their break ups! Facebook knows that underage girls are jail bait, but that they were asking for it, especially by posting pics of themselves posing naked in front of the bathroom mirror! Face book knows who we're fucking, thinking about fucking and what we want to buy!
Facebook!
Facebook, Facebook, Facebook!
FAAAAACCCCCEEEEBOOOOOOOOOOOK!!!!!!!!!!11one
Doesn't unchecking "accept third party cookies" in Firefox fix this? (under preferences/privacy)
And you should also have it set to "Keep cookies until I log out", which also limits how much tracking can be done (at least, if you close your browser).
It's not too hard to defeat Facebook cookies and cookies from other Web sites, at least if your browser is Firefox or SeaMonkey (the latter being the browser I use). After editing my set of cookies to the minimum that I feel to be appropriate, I copied my cookies.txt file to create the file cookies.txt.backup. Then, I created a script that I used to launch SeaMonkey. However, the script first deleted my cookies.txt file and then copied the cookies.txt.backup file to create a new cookies.txt file.
When Mozilla changed from using ASCII file cookies.txt for cookies to an SQLite database in file cookies.sqlite (implemented in both Firefox and SeaMonkey), I merely changed my script. Again, after I used SeaMonkey to edit my cookies to a minimum, I then copied cookies.sqlite to create cookies.sqlite-backup. Now my script deletes cookies.sqlite and then copies cookies.sqlite-backup to make a new cookies.sqlite, all before launching SeaMonkey.
All this allows me to accept persistent cookies and treat them as session-only cookies. Yes, I could merely set the preference for treating all cookies as session-only. However, sometimes I want to add a new persistent cookie to cookies.sqlite-backup or I need to allow a persistent cookie to be updated (especially when it is about to expire).
Just block:
http://connect.facebook.net/en_US/all.js#xfbml=1
and be done with it all.
Tracking cookies track. This is not news, this is anticipated and expected behavior. This has been the status quo for over a decade.
Cookies have a security feature in that they are accessible only to the websites that placed them, but advertising sites have been using tracking cookies for as long as cookies have existed, and getting around that security by placing a "bug" on third-party sites. They used to (and probably still do) implement this as a 1x1 "spacer" image the same color as the background, or simply by having an ad on the page you are viewing. When your browser requests the image/flash/javascript/whatever, the site it comes from is suddenly allowed to access their cookie.
The solution has also not changed; either don't allow cookies, or delete them constantly. Anti-scripting addons are also helpful, as are black (or whitelists) of websites to disallow (or allow) access to your system. Modifying hosts files has been a semi-successful method, as well, in that requests sent to specific named addresses can be redirected to localhost (and therefore "blocked").
I personally use NoScript and AdBlockPlus for precisely this reason (and to speed up my page loads), and I can't fathom why this information could be conceived to be news to any user with any amount of technical knowledge and a modicum of interest in their own privacy.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Facebook is like STDs - there is really only one way to not get burned...
I use the Rockmelt browser to look at facebook. Shouldn't this be sufficient to prevent facebook cookies on my other browsers?
On the contrary, I view FB as a venue to advertise myself, my thoughts, and my interests to the world around me. I want to create influence, and if I don't want something to be known to FB I (wait for you mind to be blown...) simply don't post it. Amazing!
Oh, and that myth about lemmings committing mass suicide by jumping off of cliffs? That's complete nonsense fabricated for a nature film created by (wait for you mind to be blown a second time...) DISNEY! That's right, you've been successfully misled by MouseCorp/ABC.
You just got chumped, chump.
This is exactly what the Sharemenot plugin for Firefox is for. To protect against this type of thing.
As soon as I log out of Facebook I deny access to their servers, and I'm good. I suggest other Facebook users do the same
The way this works is the site includes an image from Facebook (for example). When you load the image, Facebook gets the referrer data from the image, plus any Facebook cookies you have (after all, they served you the image file). This lets them see anywhere that you visit that has one of those 'like' buttons.
The Firefox 'requestpolicy' add-on stops this technique dead in its tracks. For each site, you have to explicitly whitelist offsite images or scripts, otherwise they don't load. As an example, for Slashdot I allow fsdn.com, but deny facebook.net, twitter.com, google.com, scorecardresearch.com, and google-analytics.com. None of these sites gets to know that I loaded a page from Slashdot.
Requestpolicy also fixed an annoyance where I work. Facebook is in a middle class of websites (not open, not blocked, but you need the blessing of the Internet Czar to access it, which means that you have to give your login credentials to the Internet gateway). Visiting any site with a Facebook 'like' button would trigger a popup to log in to the Internet gateway to allow access to Facebook, it was annoying to constantly hit 'cancel'. Once I installed requestpolicy, the annoying popups went away completely.
I have always assumed that both, Facebook and Google have always done everything they can to track and identify me even if I am not logged in to any of their services.
If there is a "Like" button, I assume its too late, Facebook tracked my visit. And if the site uses Google Analytics (and it seems everyone in the world does) I also assume Google tracked me and as soon as I log in they will tie up all collected data to my Google account, if they have not already tied the data to the last used account in in the computer or IP address.
Until it becomes an enforceable crime to track users over the Internet without their explicit consent, total web privacy will be a lost battle. I try to use NoScript and other solutions that attempt to help, but expect both services to constantly work ways to get around any client side barricade I may place.
This and many other privacy issues can and should be fixed by use of proper Firefox add-ons. Sure we can decry the practice and wish that in an ideal world corporations would not do such things, but that's a waste of time. Use things like Adblock Plus, Ghostery, Beef Taco, NoScript, and Better Privacy.
I don't even see those Facebook buttons. Since in practice nobody will manually mess with their cookies each time they log out of a site, and may even want to visit other sites while still logged in, this is the only realistic solution.
Alphanos
My sure fire plan is not to fucking worry about it. FB only posts what I tell it to post. So they know I went to a certain website? Honestly, it doesn't matter. I've never noticed it make a single change in my life other than giving me ads about stuff I'm interested in as opposed to ads I couldn't give a damn less about. Oooo, big bad facebook.
Plugin for most browsers. Blocks tracking cookies, including the multiple ones that facebook uses. An added benefit is that (for me anyway) it speeds up rendering of a lot of slow gawker and gawker-like websites. Probably because they have so many trackers (record is 25). http://www.ghostery.com/
I would prefer if more websites would use the heise-2-clicks solution:
http://yro.slashdot.org/story/11/09/03/0115241/heises-two-clicks-for-more-privacy-vs-facebook
This is one reason why I have my browser clear all cookies upon exiting.
What part of "Don't use facebook" is so confusing to you? Requesting an image from Facebook and using Like Buttons ARE using Facebook.
If I visit "WampaWorld.com", and it has a like button, and I never press that button - the browser loading the web page is issuing a request for that like button image from Facebook, without my doing anything other than simply visiting a web site that is not facebook.
That is what the OP was saying.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
||facebook.net/*$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net ||facebook.com/*$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net|~youropenbook.org ||fbcdn.net/*$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
Of course, this probably also blocks any usage of facebook tools on these sites, but you gotta do what you gotta do :)
I would think that it does, but I'm just a hardware guy.
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
That's nothing. Somehow linkedin tracks gmail. I know this because linkedin suggests I may know people who I have only contacted via gmail. I have no relationship with that person, and they are not in any extended network.
...Facebook.
There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?
To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.
Who is John Cabal?
They were saddened and embarrassed by your 100% factual post and modded you down.
I always use facebook in Chrome's incognito mode. Works well for me. This is also available in firefox but don't remember the name of the feature.
Any comments about this Facebook Blocker plugin? http://webgraph.com/resource/facebookblocker/
Hey you! We're supposed to be wagging our dicks around about how we don't use Facebook! Cmon get with the program we can't shit up this superintelligent thread about typical web based network traffic patterns and why websites that have reached a certain threshold of popularity are stupid and the users, cattle.
Tracking non fb sites is easily accomplished via xss where a partner site adds a script reference to javascript in facebooks domain. This means the the site you visit must allow fb to track you.
If I run Adblock Plus 24/7, do I really have a reason to care what sort of ads they're serving me?
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
but unlike those who parrot "DUPLICATE!", I think its a good idea to remind folk that the problem exists and is ongoing. Not everyone is an expert on privacy and security and newbies need a gentle reminder that this sort of thing goes on, not just for FB but for other privacy invaders and that easy solutions exist.
REMEMBER! There is a continuum of Slashdot readers, from the neophyte to the l33t. Sir John Reith summarized the BBC's purpose in three words: educate, inform, entertain; Slashdot performs the same function.
Wiping your cookies, adblock, flashblock, etc - it's all worthless.
Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:
1) Log out of Facebook
2) Remove all Facebook cookies
3) Browse around to other sites
4) Clear all Facebook cookies AGAIN
5) Log in to Facebook
Without step #4 the rest of it is not doing you any good.
The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.
Because I'm a chronic narcissist desperate for attention.
Nobody read my blog so now I'm going to use FaceBook to become the center of everybody's world.
If I were Facebook, I would keep a table of IP -> recent logins. So that if I log out and clear cookies, but don't change IP they still know who I am/where I go.
http://sharemenot.cs.washington.edu/
"ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience."
All of my friends have my phone number and e-mail. They've got data plans and smartphones. It's just that simple.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
A german magazine has developed an answer to that about a month ago:
http://www.heise.de/extras/socialshareprivacy/
Absolutely worth a read, and if you use a "like" button on your page and you're a geek, you should definitely use this.
Assorted stuff I do sometimes: Lemuria.org
That Nik Cubrilovic must be a wizard.
Religion is what happens when nature strikes and groupthink goes wrong.
whats the general thought on extensions to block these things?
http://disconnect.me/
as an example...
Cookies are not the only way to track people. Please check out http://panopticlick.eff.org/
So forget about cookies. And like others mentioned elsewhere, even if you do not have a fb account, you can still be tracked.
The only way to do it properly, so to block facebook.com at the DNS level (and even then, facebook might be using different domain names, but this would be a good start).
If Pandora's box is destined to be opened, *I* want to be the one to open it.
I had checked this a few month ago (maybe 6). After logging out there was no facebook.com cookies. However as said here, "like" buttons on other sites add cookies by themselves.
Anyone tried denying cookies on Facebook ? Does it still allows login ?
Does Firefox In-Private Browsing have any effect on Facebook's (and others) ability to track you?
I suppose one could always spin a virtual machine for the express purpose of browsing Facebook (and only Facebook), and a VM that reverts to the image after every machine reset at that.
I remember at least 7 years ago when I went to the SETI website and Amazon.com greeted me by name in a little box on the site and asked if I wanted to donate to SETI.
Have you ever gone to a web site to look at some product like insurance then notice that everywhere you go on the web you see insurance ads for that company popping up? Until you figure out which cookie to delete or go to the advertising management's website and opt out you are going to keep seeing that ad!
If you use Firefox and have a different profile used only for Facebooking, the cookies that the Facebonkers set is invisible to the other profile. I found this out several months ago when I encountered this site: http://www.starmind.org/2011/05/31/firefox-and-facebook/
http://www.youtube.com/watch?v=Vz_4vaX9iDA :)
Ohh sorry, this was supposed to post to facebook. Damn cookies!
+4
Stalking.
Ok.... My feelings on this whole ordeal.... Facebook is wanting to incorporate this "seamless integration" model... Well, that is the worlds larges cyber-mistake... To date..... Just what the public internet needs... a SSO solution that can be easily hacked and infiltrated... By that, I do not mean the databases of FB, but the end users themselves. Why the hell does the world want a single account that can be hacked, and access all of your other accounts? Is it just me, or is this world becoming to damn lazy, thus opening doors for exploitation. I for one, support 11/5/11.... It would do the world some good.... Make us safer. Well, no... That isn't true.. Humans will still possess their lazy ways, thus opening themselves up for disaster. If it takes five or six steps to get an app to stop tracking me, something is w
Of course, they might break in the next release of Firefox (*sigh*) but I use:
AdBlock Plus (Stops ads!)
Beef Taco (Opt out of tracking)
BetterPrivacy (Deletes cookies)
FlashBlock (Stops Flash)
Ghostery (Stops most tracking)
NoScript (Stops Javascript)
RefControl (Stops telling the current page what last website was visited)
Of course, nothing stops your Internet Service Provider (like Time Warner Cable) from storing all the links you went to and selling them.
Any site that requires me to log in, I use incognito mode. Other than that my cookies are deleted on exit. Now I just need an extension that provides a random browser ident and resolution/os info, and anything else that helps anonymize.
Its apparently possible to block the Facebook "Like" button using rules in Adblock Plus --> http://www.plee.me.nyud.net/blog/2011/05/blocking-the-facebook-like-button-via-adblock-plu/
That forbids facebook from running scripts from anywhere but on Facebook. (If you happen to play any games, you'd need to add in their websites to the above to get them to work, or send gifts).
I'm not sure that not using Facebook will prevent tracking. You have to get rid of the Facebook cookies.
Before everyone (incl. me) starts to learn Adblock Plus syntax, just add the four required filters as explained here:
http://tygerbox.com/2010/05/20/adblock-plus-filter-rules-to-make-facebook-somewhat-less-nosy/
And even if you do delete cookies... If you come across one page with a facebook like button or anything linked from it, they can give you a cookie with a temporary ID and track where this cookie pops up. Then, when you log in again, they can attribute all the history attached to this cookie back to your account. Fun times.
Just use AdBlock to block every domain associated to Facebook and finally add an exception to allow these domains from facebook.com (i.e. while browsing the facebook itself).
It's not even just that Facebook tracks you, it's that whoever has a file presence on the sites you visit can track you. it used to be Double Click, but since Google AdWords and Analytics were released they've really been the best trackers. If the site uses Analytics or AdWords, it means you're loading a .js file from Google, and to get that .js file you have to send them your Google cookie, hence you're tracked.
CNN for example sends your requests to: scorecardresearch.com (comScore), imrworldwide.com (Neilsen), and Facebook.
cnet uses: scorecardresearch.com, imrworldwide.com, crowdscience.com, gigya.com, Facebook, and Twitter.
slashdot uses: scorecardresearch.com, and Google Analytics,
You can realistically not include comScore or Neilsen because they don't know who you are, just where you've been. So in the end the question comes down to, who do you trust, Sergey/Larry or Zuck?
Remember Phorm http://yro.slashdot.org/story/08/06/05/148234/Covert-BT-Phorm-Trial-Report-Leaked and all the ideas about screwing them by running a script to randomly load websites? Howsabout people *NOT* blocking the Facebook domains? Instead, everybody share their Facebook cookies, and let Facebook load them.
This would pollute Facebook's database, and reduce (hopefully destroy) its economic value. I hereby formally state the Slashdot-contrapositive meme...
3 No Profit from X
2 ...
1 Company won't waste money doing X
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Wouldn't this vulnerability also occur in HTML formattd emails.. Any image or other widget in the msg will give a shout out to the mothership when it's loaded.
I lol'ed at this :)
On the contrary, I view FB as a venue to advertise myself, my thoughts, and my interests to the world around me. I want to create influence, and if I don't want something to be known to FB I (wait for you mind to be blown...) simply don't post it. Amazing!
Oh, and that myth about lemmings committing mass suicide by jumping off of cliffs? That's complete nonsense fabricated for a nature film created by (wait for you mind to be blown a second time...) DISNEY! That's right, you've been successfully misled by MouseCorp/ABC.
You just got chumped, chump.
Implying other people around you know exactly which things you want to be known and which you dont want. Oh, and there is always that idiot, all whose facebook states are "in X place with Y people"
Also, the lemming suicidal behaviour is a hoax, but his argument stills valid. After all, a behaviour stills a behaviour no matter if its about humans or lemmings...
One more thing, you are wanting to create influence in a place where everyone tries to do exactly the same? That makes me think of a room full of people screaming to make themselves hear... But you know, people is fucking dumb...
I suddenly had this thought to make some kind of browser add-on that would delete the FB cookies automatically whenever you signed out of FB. Then the reality of what could happen set it. In a flash, I already saw a letter showing up in my email or mailbox out in front of my house with a cease and desist letter from FB signed by zuckerman's legal team. Then I pictured a lawsuit for interrupting FB's business; countless of hours and dollars I don't have lost to the void of fat rich snickerting lying lawyers.
Now a days it seems that doing anything that is right (ie: left) and that helps fight intrusion into our privacy does nothing but get you into trouble with a legal machine that is as much now practially worthless as it is corrupt and dangerous to our society. And now that I just said that, I'm sure an FBI probe will begin into everything I do to make sure I'm not some kind of domestic terroist. Yep, gotta love how things have turned out.