Facebook Cookies Track Users Even After Logging Out

First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"

My sure fire plan

[Osgeld]

dont use facebook

Re:My sure fire plan

[betterunixthanunix]

But but but we need Facebook. How else are we supposed to communicate with our friends?

Re:My sure fire plan

[psiclops]

i'm not so sure even that is a sure fire plan anymore.

Re:My sure fire plan

[E.I.A]

If I could mod this comment to the moon, I'd do it. I think the Onion explained it better than anyone else: http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/

Re:My sure fire plan

[Truekaiser]

normal email, im(google, msn, aim.), irc, mobile texting, phones, and the ever useful face to face. :P

Re:My sure fire plan

[WalrusSlayer]

But but but we need Facebook. How else are we supposed to communicate with our friends?

Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround! Mind-boggling...

Re:My sure fire plan

[digitallife]

Are you sure that works?
What's stopping any Facebook widget site from placing a cookie on your machine and tracking you? Sure they may not know who you are, but they can still collect all the same data. I don't know if they do this, but the whole Facebook network scares me.

Re:My sure fire plan

[masternerdguy]

I agree, I refuse to participate in the social networking cesspool.

Re:My sure fire plan

[syousef]

But but but we need Facebook. How else are we supposed to communicate with our friends?

Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround!

Mind-boggling...

I'd respond to that but I can't find the "Like" button.

Re:My sure fire plan

[The+Good+Reverend]

There actually is no better way for me to communicate with some groups of friends than Facebook. In a group, some people rely on txts, some on email, some on FB itself. The group can collaborate, share links and between themselves easily, and easily communicate, even if they're not friends with each other.

Of course there are other ways to do this, and in a business environment most people will all have some software to do this (likely at a price). But if I'm throwing a birthday party or getting my family together, there is no better tool than Facebook.

Re:My sure fire plan

[Tsingi]

NoScript

Re:My sure fire plan

[GumphMaster]

There are some claiming the imminent demise of SMS, and that email is already dead. The argument is that sending SMS costs money and sends your message through a third party but somehow misses the point that Facebook/Google +/etc. cost money in data charges, send your message through several third parties, cost in loss of privacy, and ultimately line the pockets of the same telcos.

Hack : Wednesday 21 September
Could SMSing be dead within 5 years? The public launch of Google + draws the attention of some social media analysts who says texting and email are dead men walking. Also, we take a look at what the high profile Afghan assassination means for the war... and an Adelaide gaming bar runs into licensing dramas and not just because of its name: Pimp Pad.
download mp3: 12 MB

Re:My sure fire plan

[melted]

That doesn't really help. They will still track you, they just won't be able to link that data to your user profile. It is valuable even without a user profile. Say they notice that you visit a lot of "gadgets" sites. They can sell you to Microsoft (who buys FB data) and Microsoft will know you're interested in gadgets, so they'll show you more gadget ads.

The only solution is block them through your hosts file, like I did, or at least block their cookies. That way your browser won't load their cookies and you won't be tracked.

Re:My sure fire plan

[Pikoro]

It's like ten thousand spoons, when all you need is a knife....

Sorry, all of those "likes" in your post got that stupid song stuck in my head. Your post has more likes than facebook...

Re:My sure fire plan

[Mateorabi]

I've just trained my friends to email me if they want me to know about something they've posted on FB, since I don't have an account. Otherwise, it's their fault for not telling me. Only time this didn't work was when a freind's fiance decided that putting the wedding travel/hotel/directions details only on FB was the best way to let everyone know. But then I just found out from everyone else.

I get grumbles. Even the occasional threat to make a page for me without telling me. But they know better.

I've turned down Linkedin invites too.

Re:My sure fire plan

[stretch0611]

Don't use facebook

That is only half the battle...

Even deleting and/or blocking cookies does not work. A few months ago, it was reported that facebook tracks you based on ip address.

Anytime you request an image from facebook, you are being tracked, including "like" buttons.

I use DD-WRT and its access restrictions to block facebook.com at my router. Don't forget to block fcbkcdn.net as well.

If you can not block access from your router, you can add facebook.com to your hosts files to redirect facebook to ip 127.0.0.1.

Re:My sure fire plan

[Harry+in+the+Soup]

Use one browser exclusively for facebook and another one for everything else !!

Re:My sure fire plan

[PNutts]

the ever useful face to face

What app is that? Never heard of this protocol, F2F.

It's like P2P, but I'm better than my friends.

Re:My sure fire plan

[RobbieThe1st]

...Aside from the fact that as this story proves, they gather *other* information as well!
Personally, my plan is as follows:
1. No FB account. Period.
2. RefControl set to fake referrers for 3rd party sites, which means that any FB image buttons that load won't send back the URL of the page I'm visiting(Instead it'll send back the root of the site, xyz.facebook.com).
3. NoScript set to block 3rd party scripts by default, which blocks FB *scripts* from running.

And I *should* be deleting any FB cookies as well... but even if not, *all* they have is a list of the times a FB image has been loaded and my IP.

Re:My sure fire plan

[PNutts]

Honestly, why not have an account? FB doesn't know anything about you that you don't tell it. As a social protest, all it seems to accomplish is annoying your friends and family.

You don't have to "submit to the beast" - just use it for what's convenient.

That's what I thought when I bought an Apple Mini-DVI to DVI conector as a gift.
------------
Sent from my iPhone

Re:My sure fire plan

[cloricus]

I signed up for the express purpose of untagging myself from all photos that include me. I've found, not even using the most strict privacy options, I've been able to limit the exposure of my privacy fine. Marketing companies can still deduce my friendship groups, where I work, my rough age, and where I went to school but all of that was public knowledge once FB became popular regardless of my participation.

In exchange for this it's facilitated my ability to keep up with friends across two continents.

Regarding the 'Like' button tracking me I'd thought everyone would have assumed that something like this was going on. It doesn't surprise me at all.

Re:My sure fire plan

[The+Good+Reverend]

Indeed, that's the other big issue here - if you totally remove yourself the internet (from Facebook and similar places), then someone else is in charge of what shows up online about you (unless you've got a great blog presence somewhere).

It's fine to pretend no one knows your name online, but it takes just one person somewhere to say you're a child molester or shitty employee for that to be the top result for a google search of your name.

Re:My sure fire plan

[catmistake]

You're just what they want, Coppertop. Facebook is a tool, alright, but its not what you say it is. You are the product that the tool creates. The monster says "jump into my mouth, you delicious mortal!" and you respond "gladly!" Facebook is a marketing pimp, and you, sir... well, guess what you are? Ho ho ho.

Re:My sure fire plan

[betterunixthanunix]

As a social protest, all it seems to accomplish is annoying your friends and family

Which, as antisocial as it sounds, I would say is a good thing. The last thing we need is for people to simply assume that everyone has a Facebook account, and since that is what a lot of people assume now, they need to be annoyed and reminded that not everyone is on Facebook. Why should someone like Mark Zuckerberg be able to exert so much control over how people communicate?

You don't have to "submit to the beast" - just use it for what's convenient.

Any communication on Facebook is submitting to the beast.

Re:My sure fire plan

[frozentier]

...Aside from the fact that as this story proves, they gather *other* information as well!

Inferring other sites DON'T do this. OMG, facebook knows that I visited CNN.com and slashdot. There goes my private life.

Re:My sure fire plan

[E.I.A]

Wabi Sabi. Appreciate beauty in simplicity. What else is there to say, after giving the best possible advice? don't use facebook

Re:My sure fire plan

[517714]

What part of "Don't use facebook" is so confusing to you? Requesting an image from Facebook and using Like Buttons ARE using Facebook.

Re:My sure fire plan

[Nalez]

I have a surefire way that lets me continue to use facebook. I tell firefox not to keep facebook cookies. Everytime I close my web browser, cya facebook cookies

Re:My sure fire plan

[RobbieThe1st]

Some do, but aside from Google(which I block as well, on 3rd party sites), I don't know /any/ other site that has anywhere near the reach of FB.
It's interesting watching the list of sites shown with NoScript when they are automatically blocked in the way I described - you can tell which sites have a lot of trackers, and which don't.

Re:My sure fire plan

[sexconker]

dont use facebook

Don't use Facebook, AND disable third-party cookies.

Re:My sure fire plan

dont use facebook

Or don't use cookies. Or delete them. Or don't use sites which use the FB button.

Here's the deal- cookies don't track you. Sites which read the cookies track you. If a site is a FB member with a "Like" button, then they can read the cookies FB leaves on your computer, and they report activity back to FB. That's assuming the cookies are still there, of course.

Any other site can do this as well. For example you go to foo.com and they drop a tracking cookie, then you go to bar.com and they read that cookie and report back to foo.com. This happens all the damn time you just usually don't know it's happening without "lifting the hood". At least with FB you know which sites are going to report usage back to FB.

And as I already mentioned, you can just nuke their cookies. Get a plugin to do it for you if you don't feel like doing it by hand.

Re:My sure fire plan

[Nursie]

Not much more complex - use adblock to block the loading of all facebook related assets except when you're actually visiting the site.

Then your browser doesn't talk to them when you don't want it to. Easy.

Re:My sure fire plan

[dougisfunny]

Santa?

Re:My sure fire plan

[Crudely_Indecent]

face to face, but that's only available on apple products

Re:My sure fire plan

[StripedCow]

You're talking like a teenager who refrains from downloading illegal mp3s. It is just not feasible anymore, modern society has its expectations, you know.

Re:My sure fire plan

[geirlk]

F2F? I thought that was Floppy To Floppy sharing..?

Re:My sure fire plan

[geirlk]

That's facepalm to facepalm, another protocol entirely

Re:My sure fire plan

[dna_(c)(tm)(r)]

normal email, im(google, msn, aim.), irc, mobile texting, phones, and the ever useful face to face. :P

I like that! Now where is that f$£19 button???

Re:My sure fire plan

[TheRaven64]

Facebook's entire value comes from allowing people to communicate. If you disapprove of Facebook, but create an account anyway, then you are increasing the value of Facebook to other people and are part of the problem. Unless you are a troll or complete social retard who has no friends and makes people actively want to leave a social network when you join...

Re:My sure fire plan

[Runaway1956]

Ghostery also informs me about who is tracking me. Also, installing a cross site scripting blocker is good. Sometimes, I actually want to allow scripts to run, or the page won't work. But, just because I want/need scripting to work on that site, doesn't mean that I want scripts from another site to run alongside them!

Re:My sure fire plan

[thegarbz]

While the parent should have been modded Funny rather than insightful, your post actually completely misses how the various technologies work in social interaction.

Facebook does not replace Mobile Texting, Phones, or Face to Face.
Most people despite what the Slashdot crowd may thing do not use IRC.
Usage of Google MSN AIM ICQ etc has seen a steady downward trend across age groups typically replaced by chat functions in Facebook and the proliferation of free txt messaging and smartphones which treat a txt message as a conversation on display like these chat programs do.
Email these days is slowly but surely starting to get reserved for formal records only replacing fax and snailmail.

So for one-to-many communication that is currently in use that really only leaves ... Facebook.

What use is sending an email when no one reads it? What use is sending a mass txt message to 15 of my friends if my carrier blocks the messages for spamming? If no one is ever on an instant chat program what other way can I arrange for a large group of people to meet face to face? I'll give you a clue, most people under 21 don't know how to use the Outlook Calendar to send meeting requests.

Facebook.

It has become the single most convenient way for informal communication, event organisation, and sharing of basic stupidities that we are all thankful don't get passed around as email chain letters. This does not make it optional as the parent's tongue in cheek comment implies. You either use the means off communication that your target audience uses or you risk alienating yourself.

Re:My sure fire plan

[thegarbz]

There are some claiming the imminent demise of SMS, and that email is already dead. The argument is that sending SMS costs money and sends your message through a third party but somehow misses the point that Facebook/Google +/etc. cost money in data charges, send your message through several third parties, cost in loss of privacy, and ultimately line the pockets of the same telcos.

I listened to hack that day and I don't remember anyone making that argument. It's absurd to think about it that way in any case. SMS is a voluntary once off cost. Facebook, Google+ etc is a cost absorbed in a data-plan which you would otherwise have if the service didn't exist. The third party issue also seems absurd given the sheer number of communication methods which are all transferred through third party. The demise of SMS and email is lead by a generation which does not understand what the word privacy means.

Re:My sure fire plan

[nospam007]

You give them all that private information for free to sell to anybody and here you're afraid to use your login?

Re:My sure fire plan

[nospam007]

"I tell firefox not to keep facebook cookies."

I tell firefox not to keep _any_ cookies. That allows me to read the New York Times for free on top.

Re:My sure fire plan

[moozey]

Who says he has an account...?

Re:My sure fire plan

[zippthorne]

Run for office a couple years from now...

Re:My sure fire plan

[WillDraven]

I just wish we could access and manually edit their database on us. Some of the info they have on us is bound to be wrong, due to things like your roommate using your computer. I was so happy to discover the other day that YouTube finally allows you to edit your viewing history. I was getting really terrible recommendations because, as I found out when I was able to view my history, my roommate had used my computer and didn't log out of my YouTube account before looking up foot fetish and crappy anime videos.

Re:My sure fire plan

[wcrowe]

The problem I have with FB, and the reason I am going to leave it, is the new ticker "feature" and how it is going to be used in the future.

FB has announced plans to partner up with companies like Netflix. So, in the near future, when I rent or watch a movie on Netflix, the ticker will report "Will is watching on Netflix". The problem, of course, is that I might have chosen to watch some sort of "Girls Gone Wild" movie, and might not want all the world to know that. Zuckerberg has announced that he wants to make all the internet a social experience. That means in the future FB will be partnering up with more online retailers and even brick and mortar stores. The ticker will be reporting things like "Kris just bought a bra from JC Penny", "Keith just purchased Preparation H at Walgreens".

I don't mind other anonymous people knowing my buying habits, but sometimes I don't want my closest friends and family knowing these things. I don't want to know these things about my friends and family either. It's not a matter of social protest, it's a matter of being able to keep things to yourself.

Re:My sure fire plan

[GrumpySteen]

http://www.facebook.com/apps/application.php?id=131827713544941

I don't understand how a Facebook app is supposed to help us communicate to our friends without Facebook.

Re:My sure fire plan

[serialband]

You can use separate browsers for different sites. There's firefox, srware iron, safari and others. You can start a browser just for facebook.

You can also run the browsers as other users. In Linux, you can su to another user account just for facebook. In Windows you can use runas. Those can run currently on your current desktop. On Macs, you'd have to switch users, which is more tedious, unless you can compile from source to run an x11 version of firefox.

Re:My sure fire plan

[RenderSeven]

Ghostery sounded interesting so I checked their web site. First thing I saw was a "Friend Us On Facebook" button. Perhaps just irony or maybe trusting a fox to guard chickens, but it sure curbed my enthusiasm.

Re:My sure fire plan

[nullchar]

Add to that Cookie Monster to operate in whitelist only mode. (Also supports temporary allows like NoScript which then purges those cookies on restart.)

Also add Better Privacy which I use to simply wipe all non-whitelisted LSOs (flash cookies) on browser stop/start.

Only PITA is forcing myself to restart my browser on a regular basis. With session saving and Tab Kit, it's really not too painful, but still annoying.

Re:My sure fire plan

[pixelpusher220]

if you totally remove yourself the internet (from Facebook and similar places), then someone else is in charge of what shows up online about you

Well I'm not on any public sites via name except LinkedIn, which is mostly just a test page that has nothing at all on it. I don't post there or go there or anything, hell I don't even remember the password I used at the time...lol

And when I google myself, it's 4 pages of results before I find anything that's actually 'me'. And that is a single solitary notice of my college wrestling record.

So yes you can keep yourself nicely anonymous without too much effort.

Re:My sure fire plan

[monzie]

I travel a lot and so do my friends. We use What'sApp and/or BBM to keep SMS-like communication channels open. It's like SMS+MMS ( picture / video sharing ) - works well over wifi ( so you do not pay data roaming ) and helps me keep in touch with my near and dear ones. Also you can create chat rooms using these - a real benefit in a world where you can get rarely talk to a bunch of people at the same time physically.

It's a world where people are moving farther and farther away from each other physically. With some tools and effort, one can have the second best option.

Re:My sure fire plan

[BJ_Covert_Action]

I'm pretty sure that anyone who is planning to run for office has already shot themselves in the foot by having a /. ID.

We're don't normally post the most socially acceptable chatter on here. >:)

Re:My sure fire plan

[The+Good+Reverend]

That depends on your name. Mine's easy. Yours seems easy too. But if it's at all unique, you're boned.

Re:My sure fire plan

[moozey]

Maybe read my post again. I never said anyone was socially retarded for wanting to protect their privacy. Everyone should have that right. I was merely stating that passing judgement on someone simply for using a piece of technology you don't happen to agree with is hardly fair and yes, socially retarded. It's basically on par with predetermining someones personality through astrology and deciding you won't get a long with them because your star signs aren't compatible.

Does EasyPrivacy Thwart this?

[stickyboot]

I run Adblock Plus/Adblock with the EasyList and EasyPrivacy list subscriptions on all of my browsers (Firefox and Webkit based browsers). Does anyone know if this will effectively thwart these tracking cookies?

Re:Does EasyPrivacy Thwart this?

No, but you can also run Ghostery on top of that all. I haven't bothered to check if it actually works, but it seems to correctly list all facebook shenanigans on third-party pages. It also claims to block them cookies.

Re:Does EasyPrivacy Thwart this?

[Larryish]

Got tired of slow loading Facebook apps on unrelated web pages, so I added a rule to Adblock for Facebook:

*facebook*

Since then, no problems.

Re:Does EasyPrivacy Thwart this?

[mercnet]

I been using Facebook Blocker add-on for Chrome (works with Firefox, etc) and I assume it is working behind the scenes: http://webgraph.com/resources/facebookblocker/

Re:Does EasyPrivacy Thwart this?

[That+Guy+From+Mrktng]

How is this news anyway? FB have been doing it since the facebook social plugins took over, more than a year.

How hard is to set up a Firefox session exclusive for the use of this social media stuff? really? its faster and convenient that stacking layers and layers of blockers in the way of your everyday browsing. Or use different browsers for each task. Suckerberg sure it's amused by the time and effort some people put into staying away from facebook tracking WHILE having a facebook account.

Protip: The more you try to hide what you do, the more someone would try to see what you're hiding. You think trackers don't have a special table in the database for "tin_foil_subset"? right.

Re:Does EasyPrivacy Thwart this?

[fferreres]

>How hard is to set up a Firefox session exclusive for the use of this social media stuff?

I don't know, but that is a great idea: to have a list of sites that you always want to be used in private mode. This calls for not completely separating private mode from normal mode (w/Firefox, it closes all other normal Windows until you stop private mode).

I imagine this functionality like how IE works. A small icon will tell you if the tab is in "private mode" (or sandboxed), and you can create rules to match the sites you want in this mode.

I'd really use something like that. I've read about many that trying to avoid being tracked calls for more attention, so better not do it. That point of view is totally flawed. Privacy has nothing to do with hiding, but with others not allowed to spy on you unwarranted. Just like a robot.txt doesn't want indexing. Just like how you use clothes everywhere but your house (or the bath). Just like you don't always use the speakerphone while traveling. If you want privacy, and they find ways around, the analogy is to someone that is using IR cameras to "see behind clothes". It should be punished severely to spy on people.

Re:Does EasyPrivacy Thwart this?

[fferreres]

> I imagine this functionality like how IE works.

Sorry, I meant "IE Tab" of course.

Re:Does EasyPrivacy Thwart this?

[digitig]

Of course, Facebook Blocker can access your activity on all websites, not just the ones with a Facebook button...

Re:Does EasyPrivacy Thwart this?

[izomiac]

Adblock has a filter subscription called Antisocial that should work. ABE Filters with NoScript work nicely, even if you don't block scripts with it otherwise. NoScript can also do it through ABE:

Site facebook.com *.facebook.com facebook.net *.facebook.net fbcdn.com *.fbcdn.net fbcdn.net *.fbcdn.net
Accept from *.facebook.com
Accept from *.facebook.net
Accept from *.fbcdn.com
Accept from *.fbcdn.net
Deny

I also use ABE to restrict Google scripts in a futile attempt to keep them from knowing everything about me, but that's a more complex filter since there are legitimate non-tracking scripts they provide. Or at least I assumed those are non-tracking... Crap, now I'm going to have to figure out some redirection work around...

Re:Does EasyPrivacy Thwart this?

[Pikoro]

Chrome. CTRL+SHIFT+N:

You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.

Because Chromium does not control how extensions handle your personal data, all extensions have been disabled for incognito windows. You can reenable them individually in the extensions manager.

Re:Does EasyPrivacy Thwart this?

[X0563511]

You'd be better blocking: ^facebook.com$

Faster, and does the job just as well.

Re:Does EasyPrivacy Thwart this?

[PNutts]

Chrome. CTRL+SHIFT+N:

You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window.

I'm not a Chromer user so this may be hooey: Issue 94206: Incognito "remembers" Flash Cookies when Flash is open in default profile http://code.google.com/p/chromium/issues/detail?id=94206

Re:Does EasyPrivacy Thwart this?

[Lifyre]

It's just flash cookies and iirc that is a flaw in flash not the browser.

Re:Does EasyPrivacy Thwart this?

[fferreres]

Exactly. Like Firefox Private Browsing. What I mean is having the ability to tell Crome to always enter Incognito mode for any Facebook domain one enters. The problem with Firefox is that it closes all tabs (and saves all sessions) and enters Private Browsing mode, only to return to normal when the session ends.

What I suggest is making this more fncitonal....having a list of sites, and when there's a match, to use Incognito/Private Browsing by default in that Tab and all Tabs spawned from that one, until you delete the domain from the list. Much like IE Tab works (I tell it to use IE whenever I access sites like my webmail).

Re:Does EasyPrivacy Thwart this?

[BlueScreenO'Life]

I don't think so.

Facebook's method of tracking uses IFRAMES, that's why when you visit a page with a Facebook button your browser is actually hitting the facebook servers again.

Run NoScript and disable IFRAMES. The Iframes within the same domain as the parent site, which are typically the only useful ones, will still load. And you can temporarily unblock any blocked item, in case you want to make an exception.

Re:Does EasyPrivacy Thwart this?

[WorBlux]

Disable flash by default. First because it's a horrible program and the most annoying and bandwidth consuming ads always use flash. Second there are other privacy and security issues with it besides just the local user data.

Re:Does EasyPrivacy Thwart this?

[Emetophobe]

If you use Adblock Plus there's a really nice filter to remove all social media crap, not just facebook. It's called Antisocial and you can find it here: http://adblockplus.org/en/subscriptions (it's at the very bottom in the Miscellaneous section).

Re:Does EasyPrivacy Thwart this?

[Pikoro]

If I want to browse something without leaving a trace, i just use the incognito window. All new tabs are incognito, and it's easier to keep track of which window is "safe" and which isn't. All banking, etc.. goes in the safe browser.

Re:Does EasyPrivacy Thwart this?

[That+Guy+From+Mrktng]

I do it mostly because sometimes I would like Google to track what I'm doing in certain websites, mostly related to my work, that way I get relevant Ads when visiting some blogs or open source developers, If i get to use some open source I usually click on an ad of the website as a way of supporting them. I have actually found nice services or people clicking random Ads.

My private FF sessions reside in bitlockered thumb drives shielded by every script blocker available, I do it from some laptop trough TOR, on some proxies I have installed in lousy maintained cybercafes. I don't do anything illegal but I'm sometimes commissioned to look after sensible information related to political issues or infosec. I don't have to do all this shit when browsing Know your meme, it's a waste of time.

Re:Does EasyPrivacy Thwart this?

[fferreres]

Ok, I don't use Chrome, but Firefox, which just closes all windows before going into Private Browsing....so it's all or nothing. I still occasionally use private Browsing, for example to login to a site from someone else's computer where you don't know if they remember passwords, etc (these are trusted computers).

I like that Chrome just has an incognito Window but keeps the normal ones in another window.

I though so...

[gemtech]

a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.

Re:I though so...

[jhoegl]

It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

WOOOWOOO!

Re:I though so...

[mfnickster]

That's because FB social plugins are Facebook. They are run from FB servers and are like mini-sites built into Yathoo! etc. It shouldn't be surprising that if you stay logged in to FB, their proxies on other sites will know who you are.

Re:I though so...

[PopeRatzo]

It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

You better adjust your attitude, Mr Man. Those are the Job Creators you're talking about and you better start showing a little gratitude by letting them track your movements and have sex with your wife whenever they want.

Letting corporations fuck your privacy is the 2011 version of droit du seigneur.

Re:I though so...

[Kenja]

They can only keep track of the information you willingly give them. If you really thought Facebook was a charity, thats your own fault. If you realized they are a for profit organization, how did you think they made your money if not with the information you provide them?

Re:I though so...

[psiclops]

I was not logged into Facebook at the time.

Re:I though so...

[mariasama16]

However, if you're NOT logged into Facebook.... (as GP said they were not logged in).

Re:I though so...

[jhoegl]

You think just Facebook is doing this?

Perhaps you should see what your ISP is doing.

Re:I though so...

[mfnickster]

Yeah, that came out wrong.

What I *meant* to write is that if you stay logged in, you should expect the plugin to recognize you, but don't be surprised if it does anyway based on your cookie.

Re:I though so...

[dadorg]

I have No Script running in Firefox. I have always wondered why it asks me if I want to enable facebook on websites that have no obvious connection. Now I know that I was protecting my honor by saying no.

Re:I though so...

[slater86]

When it comes to "for profit" companies: If you're not paying for anything then chances are, you're whats for sale.

Re:I though so...

[karnal]

Have sex with my wife whenever they want? Wow, I'll have to see how they do that. Even I can't pull that off.

Re:I though so...

[PopeRatzo]

Have sex with my wife whenever they want? Wow, I'll have to see how they do that. Even I can't pull that off.

I don't see why. Nobody else seems to have a problem.

!news

[betterunixthanunix]

As if anyone could have been surprised by this, didn't Slashdot already cover this story?

Thanks for this Slashdot!

[arcite]

I just did a search in Firefox to delete all Facebook cookies. Yum!

Just Drop Them On Logout

[Greyfox]

You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.

Re:Just Drop Them On Logout

[rsborg]

You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.

Your solution fails when dealing with Flash cookies, as those can't be removed via the browser, only through the Adobe Flash interface. This also explains why Facebook is so interested in Disqus and IntenseDebate market... they want to profiile everyone all the time.

Re:Just Drop Them On Logout

[bipbop]

Your knowledge is out-of-date. In fact, the Flash shared objects are annoyingly deleteable these days--since they now disappear when people clear browser history or cookies, or in any other number of circumstances, people have been deleting their saves for Flash games and getting irritated at authors of said games for not being able to work around it. Damned if you do, damned if you don't.

Re:Just Drop Them On Logout

[tepples]

people have been deleting their saves for Flash games and getting irritated at authors of said games for not being able to work around it.

Once the player turns 13 (COPPA age), the player can create an account on the game's server to save the player's progress there.

Re:Just Drop Them On Logout

[Greyfox]

Those can be removed by the BetterPrivacy addon.

Ghostery

[schnikies79]

http://www.ghostery.com/

For everyones reference, it's currently blocking facebook connect here on slashdot.

Re:Ghostery

[Nethead]

Why does Ghostery's home page have a "Friend me on Facebook" link?

Re:Ghostery

[bishopBelloc]

I've been using incognito for Safari for a while now, but it looks like ghostery might be more comprehensive. I'll have to check it out. Thanks.

Re:Ghostery

[fferreres]

Because it's about privacy, not against social media? You decide what level of privacy you want, and the can use safely Facebook (or whatever)? Facebook privacy concerns are not connected with the usefulness of the site.

Re:Ghostery

[Trax3001BBS]

I can understand why you would post this anonymously.

Personally I feel those who use /. are ahead of the rest.
If someone post a link, I feel it's going to be useful as it's already passed their acid test.

You need to read Disconnect's privacy policy http://disconnect.me/privacy
Their privacy policy includes
mailchimp.coms' http://mailchimp.com/legal/privacy

There's enough programs available now that are anonymous
PeerBlock
HOSTS file and many many more.

Re:Ghostery

[somenickname]

I didn't see anything wrong in that privacy policy. They don't collect any information from the browser extension at all. All of their information collection is opt-in in the form of information you explicitly give them. Except the fact that your IP address might appear in their web server logs if you go to the website. Seems reasonable to me.

Re:Ghostery

[Trax3001BBS]

You agree to web beacons, email from www.mailchimp.com if you don't join any of their service.
Allow knowing which emails you've opened and which links from that email you clicked on, to be collected and stored.
That was just a fast grab there's much more they collect and store.

But your correct, you have to Opt-in and do so by registering and agreeing to their privacy terms.

We should know this

[Teun]

This is not the first message on Slashdot about this phenomena.

And like the previous time Ghostery is the preferred plug in to suppress it.

The only winning move is not to play

[WCMI92]

Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.

This should surprise no one. I block their cookies in my browser and never intentionally go there.

I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".

Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...

Re:The only winning move is not to play

[mr_lizard13]

I knew it - Tom from MySpace does have a Slashdot account!

Re:The only winning move is not to play

[WCMI92]

LOL. Moderated down by a Facebook lemming in denial no doubt. Go get your personal identity stolen. Go get your computer infected by a virus. The only thing Zuckerberg cares about is making as much money as he can off your information. Which is why he doesn't give a damn about security or keeping viruses off their web pages.

Re:The only winning move is not to play

[schnikies79]

Tom from MySpace has a Facebook account.

http://www.facebook.com/myspacetom

Re:The only winning move is not to play

[Truekaiser]

if i could mod you up i would. YOU are not the customer to Facebook. YOU are what Facebook sells to advertisers. From everything you put into your page to who you friend etc.

Re:The only winning move is not to play

[fartrader]

Not anti-customer at *all*. You are NOT their customer.

Re:The only winning move is not to play

[rainer_d]

The Lemmings you know have already uploaded most of the basic information about you to Facebook via the various syncing methods. Ever got a "connect" request from someone you don't even remotely know that bears a "you might know XXX" at the end, with XXX being someone you do know? Bingo. In theory, they only know your email - but if you honestly believe they threw away the rest, I have to ask: do you also believe in the tooth-fairy?

Re:The only winning move is not to play

[insertwackynamehere]

This. This is it. The ultimate Slashdot post. If Slashdot was a person, this would be the beating heart.

Re:The only winning move is not to play

[alien9]

Facebook's customers aren't its users. Actually the users are Facebook's asset.

Re:The only winning move is not to play

[BJ_Covert_Action]

You know, calling your friends "lemmings," is probably one of the major reasons they don't take much of what you say seriously....Just sayin'.

Re:Uh Duh! Why is this a surprise?

[hedwards]

I don't have much sympathy for FB users when it comes to privacy. However, I do have a great deal of sympathy for folks like myself that have to go out of our way not to be tracked by FB, even though we don't have an account. If we wanted to be tracked or consented, we'd probably create an account.

Confused...

[Goose+In+Orbit]

So... facebook.com sets a cookie...

Site B has Facebook Like button - which presumably is sourced from facebook.com

And you're surprised that they don't check your cookies when sending the icon???

Where's the story?

Re:Confused...

[betterunixthanunix]

The story is old, but it is this: Facebook can and does track your activity across the web, not just on facebook.com. People who would prefer to not be tracked in this manner have no way to opt-out and nobody is talking about making it opt-in. Since most people do not care about their privacy on the web, Facebook will continue to get away with this sort of behavior.

Re:Confused...

[LordLucless]

Actually, yes they do. It's called "not accepting the cookie". Just because they've got their browser set to automatically accept every cookie ever sent to them doesn't mean they have no possible way to opt-out.

Re:Confused...

[Goose+In+Orbit]

The likes of Doubleclick were doing this a decade ago - it's not new(s)

Browser Profiles

[andrew3]

I use browser profiles for a number of things. I have a browser profile for Hotmail, I *will* have a browser profile for Facebook when I get an account, and I have a profile for normal browsing. That way Facebook can't use their Like buttons to track half of the websites I visit.

Seems good enough to me... now, if only I could get people to do the same.

Re:Browser Profiles

[MadMaverick9]

http://kb.mozillazine.org/Command_line_arguments
this may help to spread the word.

Re:Uh Duh! Why is this a surprise?

[dingen]

You are being tracked by Facebook, whether you have an account or not. Every time you see a FB like button on a website (any website), Facebook learns something about you.

haha, you still have problem

[rubycodez]

don't forget fbcdn.net and fb.com, maybe others

Opera can stop this (sort of)

[Baloroth]

In Opera, you can right click with Facebook loaded, select site preferences, cookies, and check "delete new cookies every time I exit Opera". Only deletes cookies from Facebook, so other sites won't break. Also, erase existing cookies. Won't stop the cookies during the same session, but it'll help. Also, Ghostery prevents this (as others have mentioned.) I use Facebook to stay in touch with friends, but that doesn't mean I want them to know anything about any other sites I visit, TYVM.

Oh God

[DSS11Q13]

I don't want anyone to know I read slashdot

the crux, I think

[Bill+Dog]

From TFA:

This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?

Re:the crux, I think

It has nothing to do with technical reasoning. I think it has everything to do with the user's expectation. If I log out, then I expect nothing to be going to and from the service with my information associated to it until I log back in again.

As a user, I do not expect them to necessarily delete all cookies from my browser. After all, if Amazon did that then they may lose shopping cart details. I see less of an issue for Facebook, but on Amazon I expect them to be done with my user info, and that seems to be the case; the same should be the case for Facebook.

This is another good reason to only use Private Browsing when logging into services on other people's computers--even those you trust (because you should always do it, if you even want to risk it at all, on other's computers).

Re:the crux, I think

[cbhacking]

Once I've logged out, it shouldn't be possible to tie my computer to my Facebook account. Deleting the cookies is an optional (but very simple and reliable) way to achieve this. Otherwise, you need to make sure that all of Facebook's cookies completley "forget" your user account.

Alternatively, take the approach I do: block cross-site requests to Facebook.com. When I browse the web I can be signed into facebook one tab over, but all the rest of the Internet is unaware that I even have an account. There are various tools for doing this, but the one I prefer is actually the Tracking Protection (formerly known as InPrivate Filtering) feature built into IE9.

Re:the crux, I think

[thegarbz]

That's a wonderful idealised view of the world, but in this case Facebook simply has been caught tracking a cookie that persists after you logout. Your view of what happens when you physically log out is at odds with how most of the internet treats your cookies.

Log out of the American Express website and the next time you go to login it will show your login name pre-filled conveniently obfuscated by a few stars, mainly because the cookie never gets deleted. Google and Yahoo do the same thing. Try it. See how many websites will clear you cookies when you log out. Hell I'm about to try it with Slashdot.

The only solution?

[uofitorn]

What about NoScript? I frequently see the option to allow facebook.net et al when browsing sites (it's even on the list right now on /.). Doesn't this prevent my info from being sent to FB provided the scripts are not allowed to run?

Re:The only solution?

[icebraining]

I don't know if FB actually does this, but they could simply get the referrer and your user ID from an HTTP cookie using an image loaded from their websites. NoScript wouldn't stop that.

Re:The only solution?

[Calos]

Privoxy can. And it's browser agnostic.

Re:The only solution?

[icebraining]

Even /etc/hosts can. NoScript just wasn't designed for that.

Re:The only solution?

[Calos]

hosts wouldn't really work either, would it? If you add any facebook domains to it, you're going to break Facebook when you go to the actual site. Privoxy can detect any referrals to Facebook when you're on a non-Facebook domain, block it and block cookie info from being sent. If it detects you're actually visiting Facebook, it doesn't. That doesn't seem like something hosts can do.

Re:The only solution?

[icebraining]

Oh sure. I didn't consider waiting to go to the actual site ;)

Re:The only solution?

[bware]

It isn't OS agnostic though, it doesn't run on OS X, and hasn't for a couple of years.

Re:The only solution?

[Calos]

Didn't know that. But it's a proxy; it doesn't need to be on the local machine. Just need to have one machine on the network configured to receive requests from the rest of the machines. It's supported by OpenWRT routers, too.

Re:The only solution?

[Sporkinum]

My current list of scripts not allowed to run on slashdot includes google-analytics.com, twitter.com, facebook.net, and doubleclick.net.

And you're suprised?

[fast+turtle]

I don't see why anyone is suprised about this behaviour when it's actually how the damn doubleclick and such manage to track people across the web. All of those damn Facebook Like/Add This button are simply doing what they're supposed to do. Call the Mothership so why are you suprised?

The only way to prevent this is to block the damn button scripts along with their fbcdn connections.

Re:And you're suprised?

[Mashiki]

Because in a lot of places outside of the US doing this is illegal. As in a federal crime illegal, with jail time and very steep fines.

The first time I noticed this...

...I realized that I had just tipped my hand, accidentally informing Facebook that I like big juggs.

I stared at that "Share this on Facebook!" button, with my face next to it, like I just realized I wasn't the only person in the room. /That's Willie's Time

Re:The first time I noticed this...

[DynamoJoe]

Some day they'll even suggest friends for you based on your browsing history.

Ok, this is my fix, for what it's worth.

[Kwelstr]

I have done this ever since I joined FB due to friends and family over-bugging me to join: I installed the Opera browser, I got a new email that I use for FB; I've used Opera only to log into FB and into the email I use for FB. I use Chrome or Firefox for everything else. I just checked my Firefox, no FB cookies!

Re:Ok, this is my fix, for what it's worth.

[Relayman]

There's a lot of paranoia in these posts with little common sense. You, though, have come up with a simple solution that allows you to be sensible without having to be paranoid. I don't understand why the paranoids can't come up with simple solutions like yours.

For what it's worth, I don't care that Facebook sees what sites I go to. It's all part of being a member of the Facebook society. If people want to be hermits, they should skip Facebook and Linkedin (screw getting a new job!). But they should also skip posting on /. as well as their posts can be tracked back to (should I say it?) them. I stay signed on to /. and it could do the same thing Facebook does!

It is even worse than that

[frovingslosh]

I've looked at my web traffic lately and see an awful lot of traffic to Facebook when I go to other sites. And it is not that I'm just "logged out" of Facebook, I don't have a Facebook account and never have (and never will). There is no valid reason for this traffic between me and Faceook. The next step may be to put a bad link for Facebook in my Hosts file.

Re:It is even worse than that

[jbmartin6]

There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.

Re:It is even worse than that

[Trax3001BBS]

> The next step may be to put a bad link for Facebook in my Hosts file.

Listed in my HOSTS file so far, I add them as I find em.

ns2.facebook.com
ns3.facebook.com
ns5.facebook.com
ns4.facebook.com
ns1.facebook.com
ads.ak.facebook.com
creative.ak.facebook.com
facebook.com
facebookinc.122.2o7.net
facebook-repto1040s2.ahlamountada.com
faceboook-replyei0ki.montadalitihad.com
www-11-01-snc2.facebook.com
ads.ak.facebook.com

Facebook can't help but track you if every site you goto has a facebook button.

Re:It is even worse than that

[Malc]

So rather than restricting cookies to the domain of the HTTP request, we should limiting them only to the domain of the URL in the browser's address bar? That would be a good step in the direction of privacy, and presumably not break too many websites. I wonder if somebody has already implemented a FF extension to do this?

Re:It is even worse than that

[furbyhater]

I'm currently using ShareMeNot, it doesn't exactly follow the method you described but it should be effective in preventing the "usual suspects" from tracking your on-line behavior.

Re:It is even worse than that

[Tom]

There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc.

There are millions of honest, real sites out there that don't work like that. I still remember browsers with a configuration option to not load images or other content from sites other than the one you were currently witnessing. For a while, that was an excellent ad-blocking mechanism.

It's a shame such interesting technical possibilities as a "site" being constructed from all over the web are used mainly for advertisement (and let's face it, Facebook is in the advertisement business, just like Google.

Re:It is even worse than that

[marsu_k]

Facebook can't help but track you if every site you goto has a facebook button

But how about every site I comefrom?

Re:It is even worse than that

[drinkypoo]

Actually, it's when you load that little button from facebook.net, and if you block just facebook.net with adblock, then the problem goes away. Therefore it's actually easier to block than most of the other sites, which come from the same site (or CDN) as the rest of their content.

Re:It is even worse than that

[Hentes]

I don't know about FF but Opera has a similar option that does in fact block Facebook and other tracking cookies.

Re:It is even worse than that

[Trax3001BBS]

I don't know if that was humor or not, no.

As to the article http://www.theregister.co.uk/2011/09/26/facebook_sees_logged_out_users/
posted an article that Facebook has jumped all over this claim.

The claim does have some holes.

But on the whole I don't trust facebook, I had an account years ago that I never used. The only
thing I was getting were message on how well my friends were doing on their farms.

I asked for my account to be removed, but it's only suspended. You never leave facebook.

Notice

[inode_buddha]

Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....

Very old news

[blind+biker]

I am sure I read about this (exactly as described in the summary) two years ago. The infamous Facebook cookies that track you even after you log out - yes, people have been taking this crap all this time. Maybe now it'll get a bit more air due to the existence of a legitimate contender (G+)?

Re:Very old news

[93+Escort+Wagon]

I am sure I read about this (exactly as described in the summary) two years ago. The infamous Facebook cookies that track you even after you log out - yes, people have been taking this crap all this time. Maybe now it'll get a bit more air due to the existence of a legitimate contender (G+)?

I've got to ask - why on earth would you assume Google isn't doing exactly the same thing?

Nothing new....

[jimpop]

This has been known since the Like button first appeared. Quit FB, or learn to use NoScript.

Irony?

[jbmartin6]

Is it ironic that there is a Facebook widget right on the /. page with this story?

Ditto

[jhd]

Don't use Facebook with prejudice.
Avoid it like you would the black plague.
Purge it from your mind... face-wut?
It can only make you stupid.

Re:Ditto

[BJ_Covert_Action]

Funny enough I've heard people say the same thing about Slashdot. :D

To each, their own, I suppose.

One more solution

[uvajed_ekil]

You could use a different browser for Facebook than for everything else you do. Say you normally use Firefox, you could use IE/Opera/Chrome/Safari/something else for Facebook only. Or set up a dedicated browser instance that runs in a VM, using that only for Facebook. My personal choice is even easier though - I don't use Facebook.

Workaround for fb tracking

[ahbond]

From the article: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.' I think that if you set the cookie permissions correctly, you should be able to use fb, and not have the cookies track you after you log out (In Firefox) From the facebook home page, right-click on an empty part of the page, and select 'View Page info. The select the Permissions tab. there is an option for 'Set Cookies' Set it to 'Allow for session', and the cookies should be deleted when you logout. Cheers, Andrew.

yea I know how HTML works

[frovingslosh]

Thanks for the lecture, but I know how HTML works. Obviously I'm not surprised by all of those fetches from Google as sites get ads from them or links to a video source when I load a page with embedded video. But I'm seeing this over and over again when I load pages that don't even have a visible reference to Facebook on them. Clearly they are getting sites to embed something that references Facebook, but the extra traffic it costs me seems to be for Facebook's benefit, not mine. Time to block it.

Re:yea I know how HTML works

[JasterBobaMereel]

The site you visit has a link to a Facebook like button, it enquires if you have a facebook account, and when you don't it does not show the button, just like every other Like/share button ... now go and look how much traffic goes to Google, and block that ....

Ahem isnt that known for a long time?

[drolli]

Well. i disabled facebook in noscript, just in case they miss it somehow that i have no account there.

Third-Party cookies

[pavon]

Yeah, blocking third-party cookies is a good thing to do. The third-party can still see your IP address every time you visit a page that embeds their content, but it at least provides a thin layer of anonymity on the web. Furthermore, it is far less painful than using no-script. The only think that I have noticed break is that embedded Vimeo videos won't play with third-party cookies disabled and you have to right-click and view them on Vimeo instead (or white-list them).

Re:Third-Party cookies

[Beryllium+Sphere(tm)]

But test your browser to make sure the setting is actually honored. One closed-source browser, configured to reject third-party and advertising cookies, keeps downloading a cookie from doubleclick.net.

Re:Third-Party cookies

[bill_mcgonigle]

And (shockingly) Facebook Like and Recommend buttons required third-party cookies to be on. They used to work without them, until, oh, about 6 months ago. Can't imagine why...

I'd like to be able to be a bit more specific with my third-party cookies between 'on' and 'off'. Heck, just a toggle button in the status bar would be useful.

Browser Safety

[masternerdguy]

Remember kids, scrub the browser's cache (temporary internet files, cookies, everything) at the end of every session, and after logging out of facebook.

Privoxy can help this.

[Calos]

Don't recall where I found this, but add this to user.action:

# Facebook
# This is used for blocking Facebook Open Graph stuff, where third party
# sites include resources from Facebook.

#See if the referrer is even set.
{+client-header-tagger{referrer-set-facebook}} .facebook.com

#If a referrer was set, block cookies.
{+block{Facebook Open Graph blocked.} +crunch-outgoing-cookies}
TAG:^referrer-set-facebook:

#Except if it was referred by facebook, make sure we allow the cookies.
{-block allow-all-cookies}
TAG:^referrer-set-facebook:(?:https?://)?.*\.?(facebook.com)(?:/.*)?$

{+block{Facebook} +crunch-all-cookies } .facebook.com/plugins .*connect.facebook.com .facebook.com/extern /(.*/)fb.connect.*
api.ak.facebook.com/*
*.facebook.com/(.*/)connect/* .connect.facebook.* /.*/FB\.Share

Note that Slashdot is probably messing up some of the linebreaks.

Re:Privoxy can help this.

[Calos]

https://bmearns.net/wwk/view/Privoxy

No script to the rescue?

[toxickitty]

Been using this for awhile now: No script Options, Advanced,ABE. ># Block facebook on third party sites >Site .facebook.com .facebook.net .fbcdn.com .fbcdn.net >Accept from .facebook.com .facebook.net .fbcdn.com .fbcdn.net >Deny ALL Works like a charm, might need to make one for google+ soon. Of course slashdot is going to mash it into one big line > denotes a new line.

Why use a social networking site if...

[MBC1977]

Why use any social networking site if your gonna isolate yourself? Don't get me wrong I do use facebook and am fully aware how the tracking system works (I personally enabled it on 20 sites I use this morning). It just seems like a lot of "the sky is falling" mentality. Not trying to troll or flame here, but it seems like if you don't want others to know what your doing, then you should unplug the computer and just use it as a standalone system. Could be just my old man point of view though. lol

Re:Why use a social networking site if...

[coolsnowmen]

Because my world is not as black and white as yours. I don't mind sharing some things about me, what I'm doing, and what I'm browsing with the world and a little more with my friends. That doesn't mean I want to share everything.

You say you don't understand this 'sky is falling' mentality, but your only suggestion to the common annoyance, "I wish facebook didn't track so much" is "UNPLUG."?! Your suggestion goes against your own complaint.

Cookies tracking?

[FlynnMP3]

This is common knowledge for damn near everybody on Slashdot, but for those who don't know:

It's not the browser cookie that is tracking the browser activities, it is the Facebook included javascript that recognizes the fb cookie and reports that this particular browser has visited this website/page. The cookie is only data on the user's machine and that is used to log where that browser has gone to. That's why these social sites (and porn sites, etc.) are so insidious. You may think that no longer visiting them is enough but it isn't. A good practice is to clean out your cookies once a month, and anything you don't immediately recognize, delete. Most users won't take the time to do that, There was an extension that changed the cookie lifespan to 1 month but I can't seem to find that now. Another good thing to do is run the addon NoScript. Again, for most users they will quickly tire of approving scripts repeatedly. The last thing that is good to do is to add an entry into your hosts file that points facebook.com to 127.0.0.1. There, never having to worry about facebook insecurities again, without being too paranoid.

Block Facebook Cookies

[SphericalCrusher]

Yeah, I saw this coming a mile away. You could also just disable cookies altogether, but for those that use them and don't want Facebook to track this, there's easy ways in pretty much every browser to *.* disable all Facebook cookies from ever installing/saving. That's what I'm going to do.

FFS it's not that hard

[tick-tock-atona]

In Firefox:

• use the requestpolicy addon; whitelist fbcdn.net on facebook.com only. facebook.com is blacklisted for other domains automatically.
• don't accept third-party cookies
• set cookies and cache to clear when closing the browser (whitelist a couple of sites like slashdot)

The end. No tracking, "evercookies" etc. Even blocks google tracking via google-analytics.

Re:FFS it's not that hard

[Red_Chaos1]

I'd mod this up if I had mod points right now. I was going to post exactly the same thing.

Re:FFS it's not that hard

[cain]

If you use ad-block add the following rule to get rid of Facebook widgets on non-Facebook sites:

||*.facebook.*^$domain=~facebook.com|~0.0.0.0

This can be done for any annoying thrid-party site:

||*.twitter.*^$domain=~twitter.com|~0.0.0.0

&c.

Re:FFS it's not that hard

[cain]

Even better: update your adblock plus lists to include the URL

https://adversity.googlecode.com/hg/Antisocial.txt

This list will block (or attempt to block) all third-party "Social" sites' widgets on pages not owned by the parties themselves. To install, find the add new subscription field fo AdBlock plus and paste in the URL above. Details for Chrome (but work for AdBlock plus in any browser) here:

http://techpp.com/2011/06/16/how-to-disable-facebook-like-buttons-in-chrome/

Re:FFS it's not that hard

[cain]

If you block facebook.com and fbcdn.com, then you cannot use Facebook. Using these plugins or smart adblocking filters, you can still use Facebook, but stop Facebook from tracking you on non-Facebook pages.

Easily Defeated

[DERoss]

It's not too hard to defeat Facebook cookies and cookies from other Web sites, at least if your browser is Firefox or SeaMonkey (the latter being the browser I use). After editing my set of cookies to the minimum that I feel to be appropriate, I copied my cookies.txt file to create the file cookies.txt.backup. Then, I created a script that I used to launch SeaMonkey. However, the script first deleted my cookies.txt file and then copied the cookies.txt.backup file to create a new cookies.txt file.

When Mozilla changed from using ASCII file cookies.txt for cookies to an SQLite database in file cookies.sqlite (implemented in both Firefox and SeaMonkey), I merely changed my script. Again, after I used SeaMonkey to edit my cookies to a minimum, I then copied cookies.sqlite to create cookies.sqlite-backup. Now my script deletes cookies.sqlite and then copies cookies.sqlite-backup to make a new cookies.sqlite, all before launching SeaMonkey.

All this allows me to accept persistent cookies and treat them as session-only cookies. Yes, I could merely set the preference for treating all cookies as session-only. However, sometimes I want to add a new persistent cookie to cookies.sqlite-backup or I need to allow a persistent cookie to be updated (especially when it is about to expire).

Not news.

[znerk]

Tracking cookies track. This is not news, this is anticipated and expected behavior. This has been the status quo for over a decade.

Cookies have a security feature in that they are accessible only to the websites that placed them, but advertising sites have been using tracking cookies for as long as cookies have existed, and getting around that security by placing a "bug" on third-party sites. They used to (and probably still do) implement this as a 1x1 "spacer" image the same color as the background, or simply by having an ad on the page you are viewing. When your browser requests the image/flash/javascript/whatever, the site it comes from is suddenly allowed to access their cookie.

The solution has also not changed; either don't allow cookies, or delete them constantly. Anti-scripting addons are also helpful, as are black (or whitelists) of websites to disallow (or allow) access to your system. Modifying hosts files has been a semi-successful method, as well, in that requests sent to specific named addresses can be redirected to localhost (and therefore "blocked").

I personally use NoScript and AdBlockPlus for precisely this reason (and to speed up my page loads), and I can't fathom why this information could be conceived to be news to any user with any amount of technical knowledge and a modicum of interest in their own privacy.

Re:Not news.

[pz]

1x1 "spacer" image the same color as the background

GIF has a transparent color value, easing this issue for the nefariously inclined.

Re:Not news.

[Eightbitgnosis]

Amen to the use of Noscript and AdBlockPlus together

Re:Not news.

[znerk]

1x1 "spacer" image the same color as the background

GIF has a transparent color value, easing this issue for the nefariously inclined.

Yeah, blame my afternoon sleepies for missing that obvious trick.

Re:Not news.

[znerk]

Amen to the use of Noscript and AdBlockPlus together

amen/ämen/
Noun: An utterance of “amen.”.
Exclamation: Uttered at the end of a prayer or hymn, meaning ‘so be it.’

I think you may have meant something along the lines of

huzzah/hzä/
Verb: Cry “huzzah.”.
Exclamation: Used to express approval or delight; hurrah.

... sorry for being pedantic.

Re:Not news.

[devent]

While it's not news, it is not anticipated and expected behavior. Why should it be, only because the advertisers are using it for 10 years? It's the cooperate brainwash so far that if you bend over for 10 years and they breach your privacy it's suddenly become "anticipated and expected behavior"?

If I log-out from a page I expect it to be gone for good. What right is there to track me forever, only because I visit and log-in in a site once? To still be on every page and track me, even if I clearly stated that I do not want it (because I log-out) is clearly a violation of my privacy rights.

To expect from every user to delete their coockies and use AdBlock is not acceptable. It is the responsibility of the politics to ensure my privacy rights and make such coockies illegal.

Re:Not news.

[Eightbitgnosis]

Huzzah just doesn't capture it for me. Too cheery rather than a nod to an innate truth. It may be an unconventional usage, but I did mean it in the first way. Check out Jeremiah 28:6,

He said, "Amen! May the LORD do so! May the LORD fulfill the words you have prophesied by bringing the articles of the LORD's house and all the exiles back to this place from Babylon.

I figure if the bible can take the liberty of starting a sentence with the word amen then I'm safe to do the same. No offense taken to your pedantical nature.

Re:Not news.

[znerk]

Jeremiah 28:6, 'He said, "Amen! May the LORD do so! May the LORD fulfill the words you have prophesied by bringing the articles of the LORD's house and all the exiles back to this place from Babylon."'

I figure if the bible can take the liberty of starting a sentence with the word amen then I'm safe to do the same.

The bible didn't take any liberties, nor did it simply start the sentence with it. The bible passage you quoted used the word correctly, because "Amen!" was the sentence. Not to make you feel silly, but an exclamation point ends a sentence just as well as a period or question mark.
Translated from the Hebrew, "Amen" literally means "So be it," and is therefore a perfectly functional sentence all by itself.

To put it another way, you said "Amen (So be it) to the use of Noscript and AdBlockPlus together," which could indicate an acceptance of the idea, but I don't think that was your intent. My replacement makes much more sense: "Huzzah (I am delighted with and approve of) the use of NoScript and AdBlockPlus together."

Unless, of course, you were meaning to end a prayer as the start of a sentence?

No offense taken to your pedantical nature.

I hope you still feel that way, as I took your response to indicate you wished to open a dialogue on the subject.

Re:Not news.

[znerk]

While it's not news, it is not anticipated and expected behavior. Why should it be, only because the advertisers are using it for 10 years? It's the cooperate brainwash so far that if you bend over for 10 years and they breach your privacy it's suddenly become "anticipated and expected behavior"?

If I log-out from a page I expect it to be gone for good. What right is there to track me forever, only because I visit and log-in in a site once? To still be on every page and track me, even if I clearly stated that I do not want it (because I log-out) is clearly a violation of my privacy rights.

To expect from every user to delete their coockies and use AdBlock is not acceptable. It is the responsibility of the politics to ensure my privacy rights and make such coockies illegal.

Actually, you are confusing "anticipated and expected" with "welcomed". One can "anticipate and expect" a snake to bite you if you step close enough to it for it to do so. This does not imply that you are a willing participant, but the result is most certainly not unexpected, nor could it not be anticipated.

Advertisers have been invading our privacy for far longer than 10 years; most people expect and anticipate that any claims in an advertisement are to be taken with a grain of salt, at best; they are snakes in the grass, and should be treated with respect and a healthy dose of distance, like any other.

Re:Not news.

[Eightbitgnosis]

The bible didn't take any liberties, nor did it simply start the sentence with it. The bible passage you quoted used the word correctly, because "Amen!" was the sentence. "

I see what you mean with the sentence being a one word sentence that amen is actually in fact ending as well. It looks like I am the one taking liberties with the word by moving it to the beginning of the sentence. However, I did mean the word in the (so be it) sense. Looking at definitions of prayer this one best fits what I had meant: "a spiritual communion with God or an object of worship, as in supplication, thanksgiving, adoration, or confession".Huzzah just lacks the reverent stoicism I was reaching for. I believe what I had meant is to say Amen as a conclusion to the original thread. However, I wanted to be more descriptive and ended up forming the sentence in a non-standard way.

Not to make you feel silly, but an exclamation point ends a sentence just as well as a period or question mark.

In my quickness to find an exception to the usage of amen solely at the end of a conversation I've acted in error, but I am aware of the rules of grammar. I saw the sentence starting with amen, and did not process the important fact that it also ended the sentence. I suppose if I had looked deeper I would have found the Darby Bible Translation(And the prophet Jeremiah said, Amen, may Jehovah....) or the Douay-Rheims Bible Translation(And Jeremias the prophet said: Amen, the Lord do so:......). There they do use the word amen in the middle of sentences. Though I'm not sure how respected of a translation those two are.

I hope you still feel that way, as I took your response to indicate you wished to open a dialogue on the subject.

As long as things are civil I do enjoy an indulgently detailed conversation.

Re:Not news.

[znerk]

Amen.

:)

Re:Not news.

[devent]

Advertisers are just normal companies and have to confirm to the rule of law. A TV you can just turn off, mail ads are forbidden, telephone ads are forbidden, to track you with a camera is forbidden, to get your shopping list is forbidden, and a list where you shop is forbidden (all without your permission, of course).

Actually, I don't get any ads at all in real life if I don't want to. I don't use a credit card for every-day shopping and I don't get any catalogs or magazines. I really don't know where the advertisers have been invading my privacy for far longer than 10 years (or whatever).

Now we need the same privacy laws for the internet and for cookies in particular. How about "If the user is log-out you have to remove all your cookies on her computer". Now if you could have a willing politician to stand up for user privacy all would be well.

Re:Not news.

[znerk]

You being a special case does not change how the world works. I would like to express my condolences that you have removed yourself from society to the point that advertisers are somehow not legally allowed to access you in any way, shape, or form.

Let's clear the air a bit, and set down some basic ground rules that apply in most jurisdictions:

Any activity taking place in a space considered to be public (usually anywhere outside of your dwelling) is considered to be "public". This means that if I stand in front of your house on the sidewalk and take pictures of it, I am legally in the right. I may not be able to stand there for very long, as I may be considered to be loitering, but I am legally allowed to stand on public property. I am also legally allowed to record anything I can perceive with my unaided senses. Therefore, if you come screaming out your front door, naked and dripping from the shower, and punch me in the face for daring to videotape my walk around your block, not only will you be the one the authorities arrest (whereas I did nothing wrong (and have video evidence!)), but I can put the video I took on YouTube, and the world (or at least those over 18, once the video gets flagged for adult content) can see you naked, dripping, and committing assault on a public sidewalk.

As for the rest of your claims of immunity to advertising:

If your house does not have a phone, then you may not be in the phone book. If it does have a phone, and you don't pay extra to have an unlisted number, then you have essentially published your number in a public directory. If you have not added yourself to the Do-Not-Call registry, then anyone with access to a phone book (that would be anyone able to read) is able to call you at will, for any reason whatsoever. A single phone call is not considered harassment, if you have not placed yourself on the Do-Not-Call list.

Let's assume, for the sake of argument, that your home does not contain a telephone, and you instead have an unlisted cell phone. Do you have cable TV? If so, then you have a business relationship with your cable provider; this allows them to contact you for business purposes, regardless of your "Do-Not-Call" status. They can also mail business-related correspondence to your home. Surprise! Advertising is a business purpose.

Do you have a shopper's card for your local grocery store? The information they require you to fill out on that card is used for exactly the same reason, so the savings you are receiving is actually them paying you for allowing them to send you information about future sales, send you coupons, offer you other services, etc.

Do you have an internet access account? A cell phone? Electricity, Water, Gas, Sewage, Garbage? All of these things are services that give the service providers access to your "private" information. All of them require your name, phone number, address, and possibly your social security number to be in a database of customer information, which can (and is) used for the purposes of advertising. Utility companies love to sell their customers' information, because the customer usually can't change companies... there isn't a competitor to change to. It's a government-granted monopoly (or duopoly, in some areas, but the information still applies).

Are you employed? Your employer (and the IRS, if you're in America - I assume other nations have similar agencies) has all of your contact information. Any place you've applied to has your name, address, phone number, and possibly other contact information (as well as demographic information), all on that application or resume.

Ever had your taxes done? That company has your information, too.

Do you own, or rent? If you rent, then there's another potential information leak... and the address belongs to the owner, so they can sell the information about the address and current resident(s) to whoever wants it.

Ever signed up for a contest? That's a notorious method of collecting contact information.

Do you have

Re:Not news.

[devent]

That's all good, but I'm a regular person. I have a TV, a phone, cell phone, work, apartment. But besides that I get some menus from Asia restaurants in my mail box, I really do not get any ads.

Maybe I should have mentioned that I live in Germany, where we have privacy laws. Did you read anything about the trouble Google had in Germany with the Google Street View? It's true that even in Germany they trade private data, but consumer and civil rights in general are pretty big in Germany.

"Moving on to your ideas about making laws and regulations about the internet, I can only laugh. The internet was designed to be a communication system that cannot be stopped or shut down, and it is global. There are hundreds of nations that have internet access and presence, and getting more than a handful of them to agree to any particular policy is such a monumental undertaking that no one has succeeded in it yet. The problem is that the internet is available to almost anyone in the world, and some of those people do not know or do not care about laws anyway."

Yes, true. But most of the companies are located in Germany (for me) or in the USA (for you, assuming you are American). I don't think Google or Facebook will go to some random country if we pass some new privacy laws.

Use Rockmelt

[purplejacket]

I use the Rockmelt browser to look at facebook. Shouldn't this be sufficient to prevent facebook cookies on my other browsers?

You just lost the game

[SendBot]

On the contrary, I view FB as a venue to advertise myself, my thoughts, and my interests to the world around me. I want to create influence, and if I don't want something to be known to FB I (wait for you mind to be blown...) simply don't post it. Amazing!

Oh, and that myth about lemmings committing mass suicide by jumping off of cliffs? That's complete nonsense fabricated for a nature film created by (wait for you mind to be blown a second time...) DISNEY! That's right, you've been successfully misled by MouseCorp/ABC.

You just got chumped, chump.

Re:You just lost the game

[jazman_777]

On the contrary, I view FB as a venue to advertise myself

Facebook should be called "People Magazine for Nobodies."

Sharemenot

[Psx29]

This is exactly what the Sharemenot plugin for Firefox is for. To protect against this type of thing.

This is one of the many reasons to use Noscript

[Eightbitgnosis]

As soon as I log out of Facebook I deny access to their servers, and I'm good. I suggest other Facebook users do the same

Always thought this was a given.

[Tharsman]

I have always assumed that both, Facebook and Google have always done everything they can to track and identify me even if I am not logged in to any of their services.

If there is a "Like" button, I assume its too late, Facebook tracked my visit. And if the site uses Google Analytics (and it seems everyone in the world does) I also assume Google tracked me and as soon as I log in they will tie up all collected data to my Google account, if they have not already tied the data to the last used account in in the computer or IP address.

Until it becomes an enforceable crime to track users over the Internet without their explicit consent, total web privacy will be a lost battle. I try to use NoScript and other solutions that attempt to help, but expect both services to constantly work ways to get around any client side barricade I may place.

Fix This With Add-Ons

[Alphanos]

This and many other privacy issues can and should be fixed by use of proper Firefox add-ons. Sure we can decry the practice and wish that in an ideal world corporations would not do such things, but that's a waste of time. Use things like Adblock Plus, Ghostery, Beef Taco, NoScript, and Better Privacy.

I don't even see those Facebook buttons. Since in practice nobody will manually mess with their cookies each time they log out of a site, and may even want to visit other sites while still logged in, this is the only realistic solution.

Re:Fix This With Add-Ons

[jafac]

I especially like TrackMeNot; because it counter-spams the trackers. It submits fake search traffic back to the search engines, so they think I'm constantly submitting all these random searches on all kinds of crap. Add to this: I habitually browse from 4 different profiles, depending on whether I'm doing "professional", "personal/social", "hobby", or "research/school" (I have my own rationale for how I break those down) browsing. I've even used a fifth profile for "personal/family" at times. Different variation of my name, birthday, address, and other personal information.

I've always wanted to write an add-on that just randomly browses a bunch of sites, like trackmenot does for searches. Just to piss-off the cookie trackers. But I don't want to peg my traffic too much. Feed them SO much bogus info, that the supposed "good" info they have doesn't do them any good. Keep the signal-to-noise ratio LOW.

My sure fire plan

[frozentier]

My sure fire plan is not to fucking worry about it. FB only posts what I tell it to post. So they know I went to a certain website? Honestly, it doesn't matter. I've never noticed it make a single change in my life other than giving me ads about stuff I'm interested in as opposed to ads I couldn't give a damn less about. Oooo, big bad facebook.

Use Ghostery

[The+Zen+Cow+Says+Mu]

Plugin for most browsers. Blocks tracking cookies, including the multiple ones that facebook uses. An added benefit is that (for me anyway) it speeds up rendering of a lot of slow gawker and gawker-like websites. Probably because they have so many trackers (record is 25). http://www.ghostery.com/

Automatically clear cookies

[pgpalmer]

This is one reason why I have my browser clear all cookies upon exiting.

Re:Automatically clear cookies

[Zhiroc]

Yes, but how often do you actually exit? I never close mine, unless I'm forced to.

Re:Automatically clear cookies

[pgpalmer]

I usually exit my browser whenever I'm (a) not with anything important open, and (b) away from the computer. If I walk away from the computer but need it to remain open (for a download, for example), I lock the screen.

You misunderstand browsers

[SuperKendall]

What part of "Don't use facebook" is so confusing to you? Requesting an image from Facebook and using Like Buttons ARE using Facebook.

If I visit "WampaWorld.com", and it has a like button, and I never press that button - the browser loading the web page is issuing a request for that like button image from Facebook, without my doing anything other than simply visiting a web site that is not facebook.

That is what the OP was saying.

Re:You misunderstand browsers

[517714]

I appreciate the clarification. I went to a couple of websites to verify this, and what I found is that the button images were served from the domain of the website I was visiting, and Facebook domains (facebook.com, fbcdn.net, etc.) only get tapped if the button is clicked. I do not suggest that this is always the case as my search was very cursory, but it might be less of an issue than suggested.

Does InPrivate Browsing (IE) help this?

[gemtech]

I would think that it does, but I'm just a hardware guy.

This is probably much more common than just...

[Artifakt]

...Facebook.
There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?

To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.

Incognito mode

[trojjan]

I always use facebook in Chrome's incognito mode. Works well for me. This is also available in firefox but don't remember the name of the feature.

Re:Incognito mode

[trojjan]

Off topic why is there a 'Preview' button on the 'Preview' screen something xen?

Facebook Blocker software?

[John+Da'+Baddest]

Any comments about this Facebook Blocker plugin? http://webgraph.com/resource/facebookblocker/

Re:Golden Girls!

[insertwackynamehere]

Hey you! We're supposed to be wagging our dicks around about how we don't use Facebook! Cmon get with the program we can't shit up this superintelligent thread about typical web based network traffic patterns and why websites that have reached a certain threshold of popularity are stupid and the users, cattle.

Xss

[c0d3r]

Tracking non fb sites is easily accomplished via xss where a partner site adds a script reference to javascript in facebooks domain. This means the the site you visit must allow fb to track you.

Why I should care

[TangoMargarine]

If I run Adblock Plus 24/7, do I really have a reason to care what sort of ads they're serving me?

Don't get a false sense of privacy here...

[rjbrown99]

Wiping your cookies, adblock, flashblock, etc - it's all worthless.

Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:

1) Log out of Facebook
2) Remove all Facebook cookies
3) Browse around to other sites
4) Clear all Facebook cookies AGAIN
5) Log in to Facebook

Without step #4 the rest of it is not doing you any good.

The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.

Re:Don't get a false sense of privacy here...

[heathen_01]

Wiping your cookies, adblock, flashblock, etc - it's all worthless.

Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:

1) Log out of Facebook 2) Remove all Facebook cookies 3) Browse around to other sites 4) Clear all Facebook cookies AGAIN 5) Log in to Facebook

Without step #4 the rest of it is not doing you any good.

The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.

Missing Steps:

1.5 Change IP Adress
2.5 Change IP Adress
3.5 Change IP Adress
4.5 Change IP Adress
5.5 Change IP Adress

Re:Don't get a false sense of privacy here...

[m85476585]

No, Adblock works. I have it block anything to do with Facebook on third party sites. The like buttons and scripts simply don't load, so Facebook never knows what other sites I go to, and I can leave the Facbook cookie in place.

Re:Don't get a false sense of privacy here...

[t0m5k1]

if you are tooooo fed up with having to do this create a 2nd firefox profile or (like me) run firefox 3.6 alongside firefox 5 dang you could even just use chrome & create a SSB for facebook & then do all your 'normal browsing' in a normal chrome session
hell if you are really into SSB's then use prism to create a SSB for facebook (if you love firefox) which by default uses a new profile for each SSB created

i know it is a bit arcane but you only need to do this once & facebook will be 'in a jail' lol

also most of the addictive games seem to run a bit smoother in 3.6

all i am saying is dont think that all you have to do is clear cookies or add a few addons as this is either a pain in the butt or makes firefox etc heavy

too many people forget there is more than 1 way to skin a cat

Share Me Not

[mrbill1234]

http://sharemenot.cs.washington.edu/

"ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience."

No bother for me!

[Khyber]

All of my friends have my phone number and e-mail. They've got data plans and smartphones. It's just that simple.

Re:No bother for me!

[Khyber]

Actually, no, Google does not have any of their numbers, or addresses.

Quit assuming the e-mail you see above my comments is one I actually bother to check.

answer

[Tom]

A german magazine has developed an answer to that about a month ago:

http://www.heise.de/extras/socialshareprivacy/

Absolutely worth a read, and if you use a "like" button on your page and you're a geek, you should definitely use this.

Re:answer

[ConfusedVorlon]

go on - tell us what it does (in English)

Wow

[bytesex]

That Nik Cubrilovic must be a wizard.

forget about cookies

[StripedCow]

Cookies are not the only way to track people. Please check out http://panopticlick.eff.org/

So forget about cookies. And like others mentioned elsewhere, even if you do not have a fb account, you can still be tracked.

The only way to do it properly, so to block facebook.com at the DNS level (and even then, facebook might be using different domain names, but this would be a good start).

In-Private Browsing

[EmagGeek]

Does Firefox In-Private Browsing have any effect on Facebook's (and others) ability to track you?

I suppose one could always spin a virtual machine for the express purpose of browsing Facebook (and only Facebook), and a VM that reverts to the image after every machine reset at that.

Tracking nothing new...

[EDinNY]

I remember at least 7 years ago when I went to the SETI website and Amazon.com greeted me by name in a little box on the site and asked if I wanted to donate to SETI.

Have you ever gone to a web site to look at some product like insurance then notice that everywhere you go on the web you see insurance ads for that company popping up? Until you figure out which cookie to delete or go to the advertising management's website and opt out you are going to keep seeing that ad!

Solution existed before problem discovered.

[ElmoGonzo]

If you use Firefox and have a different profile used only for Facebooking, the cookies that the Facebonkers set is invisible to the other profile. I found this out several months ago when I encountered this site: http://www.starmind.org/2011/05/31/firefox-and-facebook/

I believe there is a term for this.

[3seas]

Stalking.

Just what we need... A SSO to hack...

[jonnyf5ve]

Ok.... My feelings on this whole ordeal.... Facebook is wanting to incorporate this "seamless integration" model... Well, that is the worlds larges cyber-mistake... To date..... Just what the public internet needs... a SSO solution that can be easily hacked and infiltrated... By that, I do not mean the databases of FB, but the end users themselves. Why the hell does the world want a single account that can be hacked, and access all of your other accounts? Is it just me, or is this world becoming to damn lazy, thus opening doors for exploitation. I for one, support 11/5/11.... It would do the world some good.... Make us safer. Well, no... That isn't true.. Humans will still possess their lazy ways, thus opening themselves up for disaster. If it takes five or six steps to get an app to stop tracking me, something is w

Firefox addons that can stop most of this

[plastick]

Of course, they might break in the next release of Firefox (*sigh*) but I use:

AdBlock Plus (Stops ads!)
Beef Taco (Opt out of tracking)
BetterPrivacy (Deletes cookies)
FlashBlock (Stops Flash)
Ghostery (Stops most tracking)
NoScript (Stops Javascript)
RefControl (Stops telling the current page what last website was visited)

Of course, nothing stops your Internet Service Provider (like Time Warner Cable) from storing all the links you went to and selling them.

Re:STDs

[insertwackynamehere]

Facebook is like STDs. Slashdot users have misplaced pride that they will never have to worry about it.

Not enough

[Hentes]

I'm not sure that not using Facebook will prevent tracking. You have to get rid of the Facebook cookies.

Adblock filters to fix this

[kitsi]

Before everyone (incl. me) starts to learn Adblock Plus syntax, just add the four required filters as explained here:

http://tygerbox.com/2010/05/20/adblock-plus-filter-rules-to-make-facebook-somewhat-less-nosy/

Who do you trust?

[SeanBlader]

It's not even just that Facebook tracks you, it's that whoever has a file presence on the sites you visit can track you. it used to be Double Click, but since Google AdWords and Analytics were released they've really been the best trackers. If the site uses Analytics or AdWords, it means you're loading a .js file from Google, and to get that .js file you have to send them your Google cookie, hence you're tracked.

CNN for example sends your requests to: scorecardresearch.com (comScore), imrworldwide.com (Neilsen), and Facebook.
cnet uses: scorecardresearch.com, imrworldwide.com, crowdscience.com, gigya.com, Facebook, and Twitter.
slashdot uses: scorecardresearch.com, and Google Analytics,

You can realistically not include comScore or Neilsen because they don't know who you are, just where you've been. So in the end the question comes down to, who do you trust, Sergey/Larry or Zuck?

How to pollute Facebook's tracking database...

[knorthern+knight]

Remember Phorm http://yro.slashdot.org/story/08/06/05/148234/Covert-BT-Phorm-Trial-Report-Leaked and all the ideas about screwing them by running a script to randomly load websites? Howsabout people *NOT* blocking the Facebook domains? Instead, everybody share their Facebook cookies, and let Facebook load them.

This would pollute Facebook's database, and reduce (hopefully destroy) its economic value. I hereby formally state the Slashdot-contrapositive meme...

3 No Profit from X

2 ...

1 Company won't waste money doing X

Not just browsers, HTML email too?

[keysdisease]

Wouldn't this vulnerability also occur in HTML formattd emails.. Any image or other widget in the msg will give a shout out to the mothership when it's loaded.

You just won the game

[SendBot]

I lol'ed at this :)

An Idea .. Then A Reality

[jimnorcal]

I suddenly had this thought to make some kind of browser add-on that would delete the FB cookies automatically whenever you signed out of FB. Then the reality of what could happen set it. In a flash, I already saw a letter showing up in my email or mailbox out in front of my house with a cease and desist letter from FB signed by zuckerman's legal team. Then I pictured a lawsuit for interrupting FB's business; countless of hours and dollars I don't have lost to the void of fat rich snickerting lying lawyers.

Now a days it seems that doing anything that is right (ie: left) and that helps fight intrusion into our privacy does nothing but get you into trouble with a legal machine that is as much now practially worthless as it is corrupt and dangerous to our society. And now that I just said that, I'm sure an FBI probe will begin into everything I do to make sure I'm not some kind of domestic terroist. Yep, gotta love how things have turned out.