Facebook Files For a Patent To Track Its Users On Other Sites

suraj.sun sends word that a recent Facebook patent application details specific methods for tracking its users while they're using other websites. Michael Arrington pointed out over the weekend that this follows explicit statements from Facebook employees that the social networking giant has "no interest in tracking people." Quoting the Patent Application: "In one embodiment, a method is described for tracking information about the activities of users of a social networking system while on another domain. The method includes maintaining a profile for each of one or more users of the social networking system, each profile identifying a connection to one or more other users of the social networking system and including information about the user. The method additionally includes receiving one or more communications from a third-party website having a different domain than the social network system, each message communicating an action taken by a user of the social networking system on the third-party website. The method additionally includes logging the actions taken on the third-party website in the social networking system, each logged action including information about the action."

Let me get this right..

[Moheeheeko]

So they went from denying that they track people outside of Facebook...to patenting the process? What time is it? I clearly missed the logic train.

Re:Let me get this right..

[Scutter]

It's called "lying". Anymore, what companies SAY they're going to do and what they ACTUALLY do rarely have anything in common.

Re:Let me get this right..

[tech4]

No. Just because they patented it doesn't mean they're actually using it. Companies patent lots of things all the time.

Re:Let me get this right..

[GameboyRMH]

The claim that they don't track users runs on CNN where all the Facebook users see it while the patent news runs on Slashdot, where the security experts who are already seen by their friends and family as tinfoil hatters see it. It's not illogical. It's a calculated lie.

Re:Let me get this right..

[GameboyRMH]

Sure, just like Apple's spying tech, they just patented it so the bad guys wouldn't be able to use it, see? ^_^

Re:Let me get this right..

[Chapter80]

Sounds like it's time to create a cookie-swapping service. Install this Firefox plug-in, and your facebook "logged out" cookie will be replaced by a random person's. Then go ahead and "like" whatever sites you want.

I trade my "frequent shopper" cards with people all the time. And the ones that give you a discount on gas? It ends up you can key in a phone number at the gas pump. So pick a random phone number, or a phone number of your arch-enemy, and get a gas discount! (shhh don't tell!)

Re:Let me get this right..

[dskzero]

I wonder how people could believe Facebook isn't tracking them when there are so many sites that indeed do use a FB creds to log in and participate. Thick-headed much?

Re:Let me get this right..

[cjb658]

Sadly, there is prior art.

Re:Let me get this right..

[aztracker1]

That was my first thought... these techniques have been in use, at the very least by google for a decade now. Not sure WTF...

Re:Let me get this right..

Looks like someone's purchase, and thus their worth as a human, is being threatened. Better defend it!

Re:Let me get this right..

[Jahava]

Sure, just like Apple's spying tech, they just patented it so the bad guys wouldn't be able to use it, see? ^_^

Not to take sides on the absolute issue here, but there is a huge difference between patenting something and actually using it. This is part of why the patent system is so horrible.

There are plenty of scenarios that can lead to a company filing a patent. To list a few:

• A team of research employees devises a series of techniques to track users.
• Maybe one employee on his "Google Friday" (or equivalent) decided to track people as a pet project.
• Maybe you just acquired a company who, along with other intellectual property, had developed a novel method for tracking users.
• Maybe you just woke up in the morning with a cool idea.

Bottom line is that if Facebook spends money researching, developing, and/or devising a technique, they will patent it, regardless of whether or not it will ever see the light of day. There's no downside. Worst-case it sits there and they waste trivial amounts of money. Best-case they use it to gain significant market advantage. Everything in between, from licensing to lawsuits, just raises the company's bottom line, and the mere possession of such a patent increases the company's overall worth and also makes it more threatening to would-be rivals or other lawsuit-threatening companies.

Furthermore, Facebook is easily able to deploy the technique regardless of whether or not they patent it. The main reason for acquiring a patent is to increase your intellectual inventory, which has nothing to do with real-world operations.

Now granted, patents like this are stupid... and Facebook is evil, so they're probably doing this and much worse.

Re:Let me get this right..

[GodInHell]

Bottom line is that if Facebook spends money researching, developing, and/or devising a technique, they will patent it, regardless of whether or not it will ever see the light of day.

Lawyer: So, what does this patent do?

Technologist: It personifies everything everyone hates about our company in one easy to understand package. Also it may produce the kind of data that the government will then routinely demand we turn over.

Lawyer: Okay, as you know the patent filing procedure, once my fees are paid and we've drafted the white paper, will run around $30,000.00.

Business Analyst: And just think what this will do to our reputation! Oh well, we invented it we have to patent it.

Somehow -- I think not.

-GiH

Re:Let me get this right..

[EdIII]

I do the same thing with the shopper discount cards. The whole thing is bullshit. If you look at the discounted prices you can readily see how much value they assign to your purchasing history. If they didn't they would just set the discount price as the regular price and be done with it.

The easy way to defeat is to share a single phone number with everyone and not care about the gas. Somebody might be taking the credits at the pump, but who cares really. The whole point is to get the discount price. If you shop smart and keep to the discount items and figure out the time intervals, you can save more money than you ever would on the gas.

For instance, there is a two week interval on sales of boneless skinless chicken. Just wait for it and then load up. That is what a freezer in the garage is for, although heavens help you if the power goes out.

Picking a random phone number and trying to get gas credits is not an idea I would be spreading around. There are cameras at the pump and some people really do spend thousands of dollars every month or so with a medium sized family. You are taking something of actual monetary value away from them and I can imagine at some point, especially in this economy, you will run across somebody that was expecting the credits to be there. Considering your license plate is recorded at the pump, in addition to probably using a payment method that can be tracked, not a good idea to do something that could be a misdemeanor at best, and at worst used with some trumped up interpretations to label you as a hacker and turn it into a felony.

I don't think I am going overboard here. There are always some low-level people in the DA's office looking to make a name for themselves or just having a bad day. You never really know.

*****
As for Facebook:

The answer to FaceBook is not to participate with FaceBook. I always see people complaining and I am reminded of WHOPPER from WarGames where it takes him playing Tic Tac Toe against itself a couple million times before it learns the greatest wisdom much of us need to learn..... the correct move is not to play. I have said many times that I would renounce my citizenship and live on an island made out floating garbage like the people in Water World before I get a single social networking account. That part, I am dead serious about.

That is our biggest problem, specifically, that we cannot find the will power to just say no, or to suffer some inconveniences.

I have not paid for TV (which is subsidizing your exposure to advertisements) for over 5 years now. That alone has saved me between $1200 - $1500 per year. Sure, I cannot participate in conversations about the latest episode of whatever, but most of those conversations are a complete waste of time. If the show is any good, I will eventually be able to purchase, rent, or torrent the seasons on DVD.

I have not participated in BlueRay or HD (whatever that was), or anything else that involves DRM. BlueRay especially, since they are moving towards Internet connected devices to solve their problems of encryption updates breaking forwards compatibility with new titles. Still royally pissed off how many fucking times I am begged by family members to upgrade the firmware on their BlueFucked(tm) devices to watch the latest SpiderMan.

I have not participated in social networking because I understand the true value of my privacy and anonymity.

I have not participated in any device that I cannot completely and totally own. Of course I am referring to the ridiculous statement that loading up my own operating system on hardware I purchased is "hacking", "piracy", and/or violations of the DMCA. They can go to hell. I own it, and if I want to break out their DRM model, I will do it. It's war and I am waiting. Come and get it. This of course precludes me from owning most new devices, since I no longer have the patience or geek motivation to continually fight the battle. This is of particular note with Amazon, since the

Re:Let me get this right..

[russotto]

That was my first thought... these techniques have been in use, at the very least by google for a decade now. Not sure WTF...

Ah, but was exactly the embodiment used in the patent in use? If not, new patent -- "X on social network". In court, one of two things happen -- either your target uses it in the same way as your patent, in which case you win. Or they use it in the older way, which you argue is close enough to infringe, in which case you win.

Re:Let me get this right..

[mjwx]

I do the same thing with the shopper discount cards. The whole thing is bullshit. If you look at the discounted prices you can readily see how much value they assign to your purchasing history. If they didn't they would just set the discount price as the regular price and be done with it.

They definitely wouldn't be offering discounts in order to get you to shop there every week.

Your theory is pants on head retarded.

Stores offer discounts to garner customer loyalty and regular purchases. It's about keeping you going back there by cutting their margin for people who spend more money over time. Occams Razor at work, be careful with it, it's sharp and if you believe your theory, you'll likely cut yourself.

Stores already gather statistics on what products are sold... when they're sold.

Re:Let me get this right..

[Chapter80]

You are taking something of actual monetary value away from them and I can imagine at some point, especially in this economy, you will run across somebody that was expecting the credits to be there. Considering your license plate is recorded at the pump, in addition to probably using a payment method that can be tracked, not a good idea to do something that could be a misdemeanor at best, and at worst used with some trumped up interpretations to label you as a hacker and turn it into a felony.

You are making the assumption that I do this. There's a big difference between laughing at the security of these cards, and succumbing to the temptation of stealing money from someone.

Re:Let me get this right..

[poofmeisterp]

Ah, and that's why the IPO is delayed. Nice move, guys.

Re:Let me get this right..

[poofmeisterp]

Stores already gather statistics on what products are sold... when they're sold.

True. However, long-term tracking and classification only works is you have a tag attached to you. That tag is... the shopper's card. Others actually track you by credit card; cash with no shopper's card is the only way out.

More information attached to individuals is more classifiable, more malleable, and more valuable in the end for sale to other entities.

Re:Let me get this right..

[EdIII]

They definitely wouldn't be offering discounts in order to get you to shop there every week.

Your theory is pants on head retarded.

Stores offer discounts to garner customer loyalty and regular purchases.

Read that again a couple of times and tell me who is is "pants on head retarded".

First off, insults are never productive in a conversation.

Secondly, you admitted twice that I was right.

Re:Let me get this right..

[RobertM1968]

No. Just because they patented it doesn't mean they're actually using it. Companies patent lots of things all the time.

True perhaps as a generalization. But rather funny, in this specific case, where they definitely do so (and report to me what sites my friends have visited when I am on certain partner (but non-FB) sites).

Re:Let me get this right..

[KingBenny]

i had my facebook profiles deleted, i also filed a request at the local privacy commission to see what legal backing i have in requesting (demanding) they remove all and any data they have about me from their records, if this works for facebook, it should work for google. Gov. orgs. are however not known for their processing speed, at night and in the weekend the gnomes powering the computers don't work (a bit like with most banks here who don't do money transfers during week-ends) so it might take a while before i get an answer, anyhow, i need to know and if not, i need to adress some MEP's to adress this on a european level. I think if Europe wants the so-called silent majority to back them they first of all need to give less power to banks and shoot some panicmongering econom-ists, greece is nearing a military coup atm, all because of them, but to the point : when it comes to privacy europe has been less bad than other nations so far (mind you, so far ...)

Re:Let me get this right..

[poofmeisterp]

Sure, just like Apple's spying tech, they just patented it so the bad guys wouldn't be able to use it, see? ^_^

Concerned: "FaceBook, we are concerned that our web presence is being tracked on more than just your site. We are concerned that we cannot opt out of this tracking. What do you have to say about this?"

FB: "No we don't do that sort of thing. It's immoral and insecure. It's one of the major things that everyone would be concerned about, so trust us, we are NOT doing something like that."

Concerned: "Oh, okay. We'll trust you. Thanks for the comforting statements. There may still be public statements about it though, just to keep peoples' eyes on you."

FB Internal: Wow, that's actually a good idea. It might work. Hey, techs, could we do this if we wanted to?

FB Tech: Yep. Sure can. It's actually not that hard. Can you encourage other sites to include <this code>?

FB Internal: Sure. No problem there. We'll make sites feel they are getting a MAJOR benefit from it.

FB Tech: Okay, we can have that done in a very short time, actually. Solid as a rock.

FB Internal: Hey legal team, can we do this or would it be breaking the law?

FB Legal: There's no precedent on this specific method. Since we want more money, you need to bring more money in to pay us so... sure.. yeah. It's safe. Do it! Whose idea was this, anyway?

FB Internal: Well, some concerned group wrote us about it and we denied having anything to do with it.

FB Legal: So they didn't mention that it was an idea or concept that they designed and were going to use?

FB Internal: No.. Actually, they implied that it's something they wish would never happen.

FB Legal: Hmm.. A lot could be made from this, plus if FB is going to be a competitor against other major corporations, especially Google, we need to ensure that we are the only ones doing it. It needs to be fresh. Actually, since it came up as a concern with a lot of profitability attached, I can't believe that other companies aren't doing this already. We need to do some research to make sure we're not missing something here... Give us a week or less. We'll get back to you.

---------- a few days pass ----------

FB Legal: Nope, no one else is using this method. We can't find any examples of patent filings that mention anything EXACTLY like this, so if we were really detailed in the filing... you know, make sure we cross all T's, etc... Plus, *FIRST TA FILE, BITCHEZ!*

FB Internal: Patent. Hmm... I like the sound of that. It's the hip thing that's encouraged nowadays, anyhow. Plus it would give us fuel for lawsuits if we go south in the future. Nobody would you know, KNOW, if we like, filed a patent. It's not announced publicly or anything.... so.... Wow. I like the idea those concerned people brought to our attention. Hey Legal, start the patent process NOOOOWWWWW!

/snark

Facebook sez:

[idontgno]

We have no interest in tracking people, and we've taken out this patent to make sure no one else can either.

See? We're your trustworthy friend! Come join our social network!

Re:Facebook sez:

[GameboyRMH]

That's the exact logic used by Apple fanboys to defend Apple's patents on using phones as audio bugs and remote-disabling cameras.

That's evil!

[ackthpt]

So much for Darth Sidious/Palpatine being evil. This is evil concentrate.

Re:That's evil!

[Mashiki]

Hey. At least Darth Sidious was the type of evil you could get behind.

Re:That's evil!

[idontgno]

OTOH, Palpatine walks away muttering "Those dudes are evil." when he considers the market development team at FB.

Re:That's evil!

[shutdown+-p+now]

At least Palpatine made starliners run on time!

Re:That's evil!

[gmhowell]

So much for Darth Sidious/Palpatine being evil. This is evil concentrate.

You're looking for a Time Bandits reference there.

I gave up...

[gfxguy]

It was interesting and nice to connect to a lot of my old high school buddies, but I don't care where people are going for dinner, or bragging about the vacation they're on (how dumb is that, anyway?), so I logged out and deleted all my cookies. Don't know that I'll completely delete my account, but I'm not missing it.

Re:I gave up...

[Scutter]

It was interesting and nice to connect to a lot of my old high school buddies, but I don't care where people are going for dinner, or bragging about the vacation they're on (how dumb is that, anyway?), so I logged out and deleted all my cookies. Don't know that I'll completely delete my account, but I'm not missing it.

It's not even close to what will delete your account. In fact, they will go to great pains to not delete your account. Google "permanently delete facebook account" for the procedure. Be sure you clear all FB cookies and autologins on every device you have ever owned...

Re:I gave up...

[Bucky24]

Or ever even logged in on....

Re:I gave up...

[gfxguy]

I know... I didn't try to delete it, just logged out and deleted cookies for now. I may decide it had some use, so I didn't even try to delete my account... just leave it in limbo for a while.

Re:I gave up...

[Haedrian]

Its probably much easier to perform plastic surgery and legally change your name..

Re:I gave up...

[MyFirstNameIsPaul]

I use Firefox as my primary browser and I wall facebook into IE. I only occasionally log into facebook to contact an old friend or something, but that's it. I have all facebook scripts blocked with NoScript and all facebook cookies blocked by CookieSafe. I also wall Google into their Chrome browser and have done the same blocks for google.com and associated sites. I have left the YouTube script, but overall I think Google is doing the same thing as facebook.

Re:I gave up...

[DerPflanz]

I'm with you. I stopped caring. Deleted my account today. Also my Google+ account. For me the whole social networking thing was taking too much time with almost nothing in return.

Next week I'll meet a friend IRL for dinner and beers. I called him to make the meeting.

Re:I gave up...

[bill_mcgonigle]

I don't care where people are going for dinner, or bragging about the vacation they're on

You do realize that's like "I can watch news on TV and I've got a stash of Playboys so I canceled my Internet connection," right? People do use Facebook for dumb things, but it's also a heck of a networking tool.

Re:I gave up...

[antdude]

You forgot to delete/cancel your account. :P

Re:I gave up...

[incer]

But that only works if there are multiple people connecting to the internet through the same IP as you, or if you use a proxy or Tor.

Re:I gave up...

[MyFirstNameIsPaul]

I didn't think the like button worked without any scripts running.

Re:I gave up...

[incer]

Not talking about scripts, but cookies. What about facebook cookies coming from an host you don't know (and therefore haven't blocked)? Do you check every single cookie you get? Once you get one, the system can link your ID to your IP, right?

Re:I gave up...

[gfxguy]

Of course I have no-script and selectively choose what I allow.

Re:I gave up...

[gfxguy]

I specifically didn't delete my account. I only recently just cut it off (logged out, deleted cookies, blocked scripts etc.). I will see if I miss it. The answer is "not yet." But I will give it more time.

Re:I gave up...

[MyFirstNameIsPaul]

I use Cookiesafe and have it set to only allow cookies on my whitelist. It is also set to only allow cookies for the domain I am on.

Re:I gave up...

[Ol+Olsoc]

It isn't an either-or proposition. Social networking really isn't. Social is face to face, and no amount of rationalizing will change that. It's merely a fad, and FB is happy to make money off your interest in that fad.

I really loved those clacker balls and pet rocks too.......

Cookie exchanger

[goombah99]

IS there any way it might be feasible to set up some sort of cookie exchanger service. The idea would be like randomly exchanging supermarket loyalty cards with strangers so the data they collect becomes useless to identify with an individual.

What would be needed would be some way to keep a set of real facebook cookies" tucked away for when you are on facebook and then have another completely valid set of cookies used for general web browsing. But you keep swapping these complete and self-consistent sets with random individuals.

is that possible?

Re:Cookie exchanger

Fuck Facebook.

Re:Cookie exchanger

[ByOhTek]

I suspect a browser plugin wouldn't be too bad to find/write.

Good names:
    "CookieSwaper"
    "MixedNutCookies"

Re:Cookie exchanger

[NevarMore]

is that possible?

Possible, yes. Likely, no.

The technically savvy and privacy oriented users who would want a service have other means to protect themselves. Less savvy users would at least be wary of the service. It would finally fall apart for the same two reasons that loyalty card swapping falls apart lack of problems from not swapping and loss of rewards (like gas discounts) that require a card be used and registered and will give it value so it won't be freely traded.

Re:Cookie exchanger

[allo]

Such a plugin existed, but as far as i know it was suspended by its creators, because its to dangerous that actual identity theft happens because of this plugin.

Scope and methods

[Synerg1y]

For everybody getting freaked out, I'm pretty sure by third party sites, they mean sites they have a partnership with, too lazy to find which ones, but I posted like a month ago about this when it first surfaced.

They are only tracking you with their affiliates with which they have achieved systems integration. A cookie is the legacy best practice code approach to sharing data between two sites. I'm sure they had business reasons for using a cookie rather than a web service (helps the smarter than average bear not get tracked since cookies are client based, while a web service happens on the back end).

I want to make it very clear I'm not defending facebook for tracking its users, but they are not tracking EVERY site like the majority of slashdotters seem to be implying.

And last, but not least, merry christmas, tin foil hat ready,

http://blog.blackdown.de/2010/05/20/stop-facebook-from-tracking-you-on-third-party-sites/

Re:Scope and methods

[MrMarket]

Exactly. You can't share your Spotify tracks or Netflix que on your timeline without something that monoitors activity while you are on other sites. Not sure why everyone on here is freaking out. If you want to share your life online, you'll have to allow FB to track your life. If you don't want to, stay off FB.

Re:Scope and methods

[Bucky24]

Appreciate the link.

Re:So Facebook admits it

[ackthpt]

...and now that's not a "secret" anymore, tries to patent it.

Google could run for the patent too. At the end, they're basically the same, and I think Google actually collects more data than Facebook (much more people doing Google searches than those having a Facebook account).

Soon to be followed by the following patent applications:

- Capturing the souls of Internet Users

- Converting Internet Users into lemmings

- Tracking users movements while their computers are actually turned off

- Tracking tooth decay in users.

- Tracking users after they have died

- Tracking the worms (after the worms crawled in, the worms crawled out and the worms played pinochle on your snout.)

Translation

[poofmeisterp]

"Nobody likes this? Well fine. We'll patent it." .....

"Hey guys, leave enough looseness in it so it can be cross-referenced in the future." .....

"If you don't like the way WE do it, then nobody can do it. End of story. Nyaaaaaaaah!!!!"

/humor.....?

Huh?

[MightyMartian]

Apart from the fact that Mark Zuckerberg is a bad dude, how can you patent tracking cookies with a database back end? I mean, that sort of shit has been going on since the 1990s, done by other pre-Zuckerberg evil motherfuckers. What exactly is novel about this? It's like Saddam Hussein patenting "a place where people are burned for eternity and jabbed by evil bastards with pitchforks."

Re:Huh?

[sosume]

exactly, what about prior art .. this is just ignorant, let's see if the USPTO approves this patent.

Re:Huh?

[wintercolby]

The USPTO believes in letting people fight it out in court when it comes to ambiguous software patents.

give them the patent for it, and...

[FudRucker]

tell them you will arrest them and put em in prison for violating people's privacy if they use it...

Re:give them the patent for it, and...

[yacc143]

Well, the US does not place any legal requirement on companies related to privacy in general. (There are a number of niche laws, e.g. HIPAA, but in general companies can collect, mix, sell, ... data about your person, and you have basically no say in that.)

The EU does have a privacy directive, and at least some member countries consider "having control about your personal data" a human right. Still violating the EU data protection directive usually means only an administrative fine, although if they piss of the Irish authorities, 100K€ (>100US$) per complaint, potentially repetitively if they don't stop to violate the law, could make it very expensive for Facebook. And moving out of Ireland would be expensive tax wise (Ireland is a corporate tax heaven, which officially as an EU member is not a tax heaven, as are certain US states, that would probably meet the objective criteria for a tax heaven, but still are not on any official list, as they are US states. So facebook might move out Ireland, but that would mean a hit on profitability, not sure how the IRS thinks about certain "official" tax heavens in the Caribbean.)

Before somebody cries "but Google is doing the same" => well, not exactly, for non-logged in users they've worked out a compromise. dropping part of the IP address (and potentially other stuff). The operative word is that they did contact the German data protection authorities on their own, worked with them, and did not mail out notices to citizens that they do not even plan to keep their legal requirements. (Hint: If they really need a human to assemble the personal information PDF, then they are doing it wrong. Checking that the personal data matches => well that's what you hire temps for.)

So Facebook corporate officers won't be arrested entering the EU, but their Irish subsidiary might be fined quite a bit. The Irish data protection authority already planned to audit them, which suggests that the public available information indicates to them that there might be a problem. And now they have at least two dozen formal complaints. So if they manage to piss the authority off, they could issue slightly over 2 million € fines immediately, plus one fine per user that does not get his/her data inside the 40 days. Not very probable in the first round that the authority will go for maximum fines, but the real issue is that a number of complaints will make it necessary to redo the facebook technical design to get in compliance. And a number of complaints point to core business ideas of FB, and are completely incompatible with Union law. So if people continue to complain about them, and FB does not fix their systems and their business model, they are bound to piss off the data protection authority, no matter how business-friendly authorities usually are.

And I guess the patent won't help them either, it documents their business practices publicly. They could probably manage to track their own users by having a ToS that allows that, although they didn't even bother to change the boilerplate ToS from US to EU legal standards (and an US-style ToS will most certainly not fly in Europe), but they also track non-users, and for non-users there is no way they can assume consent. So they need to implement either similar precautions that anonymize the data enough (what Google does), or to stop the tracking completely.

How can an action

[Stan92057]

How can an action That is against the law "Privacy Laws" be patented? Reasonable question don't ya think?

Re:First Privacy Violation.

[MightyMartian]

The Mr. Belvedere theme song is much better.

Don't "do facebook", anyone question...

WHY I also set myself up the way I do online layering of security measures, in:

---

1.) Custom HOSTS files (mine's currently 1,586,590++ entries strong vs. known malicious sites/servers, botnet C&C servers, bogus adbanners (& ads in general) servers, phishing + spamming sites, & for security's sake alone (I get more out of it speedwise too via "hardcoding fav. sites" into it also, avoiding DNS redirected-poisoned dns servers, & getting there faster by avoiding them totally (their slower lookup vs. my SSD based & cached ones from HOSTS, locally, instead of slower remotely)).

2.) DNSBL filtering DNS servers (NortonDNS, OpenDNS, ScrubIT DNS are all in my IP stack dns servers list, & in my router-firewall too).

3.) Firewall IP rules tables (to catch IP addresses more than host-domain named ones - HOSTS does that too)

4.) IP Security Policies (Via Windows NT-based OS' security policies (I do both domain & local level here)).

5.) OS security hardening -> http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+Secure+Windows+2000%2FXP%22&btnG=Search , which includes remotely listening services if not needed especially &/or potentially vulnerable ones + shares remotely solicited.

6.) IP stack hardening -> http://msdn.microsoft.com/en-us/library/ff648853.aspx

---

( & FAR more in the way of "layered-security/defense-in-depth" stuff, such as using Opera 11.51 to setup a GLOBAL policy for all sites to not use javascript, iframes, cookies, plugins, java etc. "everywhere", & only set it up, via Opera's "By Site Preferences" exceptions list, & only for sites that actual DEMAND their usages (think ecommerce sites) only - PLUS, using its urlfilter.ini file, custom .pac files, & custom CSS sheets )

I.E.-> To simply stay away from what makes you "sick online" by lessening its attack surface area + tools it can use against you (as well as for you, the double-edged sword that any scripted document, yes, including HTML ones, can be)

Why?

* See my p.s. below...

APK

P.S.=> I do ALL that, & more, just to avoid:

---

A.) Tracking (not using javascript @ all, or using sites that 'track you' not only thru their own mass, but thru the mass of other sites too? For Pete's sake, lol, 'enough already')

B.) To avoid malware

C.) To avoid losses of speed & to gain back loads of it too!

D.) To obtain great security for decades online

E.) To get MORE OF WHAT I PAY FOR OUT OF POCKET!

---

Is why, & I have for DECADES now (so have others in the url's above)...haven't been infected online since 1996 in fact because of the above & can make a DSL connection seem like high-end cable or FIOS for websurfing online... +, 4 FREE, & the above's just a part of the "how" is all...

... apk

Re:Don't "do facebook", anyone question...

[sosume]

dude .. 1,586,590++ entries in your host file ..are you for real?
what, you think that setting up a local BIND might affect performance?
must be a troll and I bit.

Re:Don't "do facebook", anyone question...

[Haedrian]

I think setting a whitelist would be more effective...

EU Cookie Law (Directive 2009/136/EC)

[Chris_Stankowitz]

This appears to circumvent the EU cookie law and could be sold to others as a means for doing the same. Evil, or evil genius?

CS-

Re:EU Cookie Law (Directive 2009/136/EC)

[yacc143]

Well, judges love it if you try to circumvent laws.

And I do not think that you can circumvent this directive as easily, as in fact it clears up handling of cookies, and allows cookies in some situations. The generic data protection directive that this directive amends, is still law, and it's more strict (although in more generic terms) on cookie usage. And I do not think that Facebook has any legitimate legal purpose to track non-users. Or to create shadow profiles from data other users have provided them, even potentially linking it with an identifying cookie. So paragraph 66 of the directive does not help Facebook.
 

Prior Art

[EdZ]

Given that Facebook ALREADY tracks you via various methods between sites (usually with the little 'like' button, but also with cookies and non-displaying javascript), unless this is yet another tracking method, does their existing use not invalidate their patent? Does pushing client side code count as publishing? It looks like they're trying to patent the entire method, rather than just the unseen back-end.

Re:Prior Art

[GameboyRMH]

This is true. Facebook tracks you all over the place with their Like buttons and does who-knows-what with the data. They'll even get a little info on you if you have their scripts blocked, the tracking can work on a basic level using pure HTML.

Re:Prior Art

[Nursie]

Which is why you use adblock to block the loading of any resources from facebook or fbcdn when you're not directly visiting facebook.com.

Helps, IMHO.

The sane users already left Dodge.

[Foxhoundz]

The few individuals concerned with their privacy have long fled Facebook. Whatever changes Facebook makes will only hurt those idiotic enough to stay on the social networking site.

Re:The sane users already left Dodge.

[praxis]

to some extent the BBC UK service, but certainly the BBC World Service, trail the "contact us at facebook" line for programs - it is the only way they are allowing people to contact them. It is insidious.

They publish their contact address:

BBC World Service
Bush House, The Strand
London WC2B 4PH
UK

They also have a web-form to contact them: http://www.bbc.co.uk/worldservice/institutional/2009/03/000000_contact_us.shtml

Just block the cookies.

[Evro]

Block cookies in your browser from *.facebook.com. Problem solved.

(Note that this will prevent you from using Facebook as well.)

Re:Just block the cookies.

[UberOogie]

And nothing of value was lost.

Re:Just block the cookies.

[Haedrian]

Solution 2:

Get two browsers. Set one dedicated browser for facebook, block all cookies in primary.

Problem solved.

Solution 3:

Set a rule using adblock/noscript (can't remember which it was) to disallow *.facebook.com cookies except on facebook.com

Problem solved.

Re:Just block the cookies.

[El_Oscuro]

in /etc/hosts:

127.0.0.1 www.facebook.com
127.0.0.1 facebook.com

An added benefit is your kids can't login either

Yet another reason...

[iceaxe]

...not to use FB.

Also not using G+.

I am interested in Diaspora. Then again, I don't really care that much about web based "social networking". I talk to my family and friends in person, on the phone, and via email and SMS. I'm not looking for a bunch of new casual acquaintances, I already have a date lined up every week (or more) for the rest of my life, and I don't have time to read about other peoples' breakfasts. (What am I doing here on /., then?)

Re:Yet another reason...

[shish]

I already have a date lined up every week (or more) for the rest of my life

I hate to break this to you, but if you don't have seven dates every week, you are severely misunderstanding the gregorian calendar :-/

Facebook patents cookies!

[roc97007]

???

Profit!

What did you think that "Like" button was for?

[Eric+Freyhart]

When Facebook introduced the "Like" button which could be installed on other websites across domains it was obvious (at least to me) that it would become a way to trace users on other websites. Anywhere you now see a "Like" button by Facebook you can be assured that your stored cookie information is being transmitted to Facebook directly for tracking purposes.

Now, I have not looked into the code for the "Like" button, but it would not surprise me at all that this will be the means they use.

Small Tracking Pixel, if you are logged in or not

the third-party website 140 transmits a conversion page, such as a confirmation or "thank you" page to the user at the user's client device. In particular embodiment, this page includes an embedded call or code segment (e.g., JavaScript) in the HTML or other structured document code (e.g., in an HREF (Hypertext REFerence) that, in particular embodiments, generates a tracking pixel that, when executed by the client's browser or other rendering application, generates a tracking pixel or image tag that is then transmitted to the social network system (whether the user is logged into the social network system or not). The tracking pixel or image tag then communicates various information to the social network system about the user's action on the third-party website. By way of example, the tracking pixel or call may transmit parameters such as the user's ID (user ID as registered with the social network system), a product ID, information about the third-website, timestamp information about the timing of the purchase or other action, etc.

This _almost_ sounds like a great deal

[Daetrin]

In a perfect world they would get their patent and sue anyone else who tried to track users in the same manner into the ground. Then we'd only have to worry about one site horribly violating our privacy and those who cared could avoid it.

Unfortunately in the real world Facebook would only be all too happy to license this special secret technology to anyone willing to pay the appropriate fees.

Cookie sandboxing

[heson]

I need a tabbed browser with cookie sandboxing, or several instances of separate browsers (like firefox portable or whatever) merged into a tabbed window.

I have no problem with facebook and google+ keeping track of my every move if my browser is the equivalent of the James Bond rotating number plate.

Please suggest solutions.

Do I Need a Separate Browser Now?

[Nom+du+Keyboard]

Do I need a separate browser, with separate cookie storage, just for running Facebook? Or does it need its own virtual machine? It's own separate computer and Internet connection?

Or do I need a government to slam the hammer down hard on FB?

Re:Do I Need a Separate Browser Now?

[intosh]

Do I need a separate browser, with separate cookie storage, just for running Facebook? Or does it need its own virtual machine? It's own separate computer and Internet connection?

Well, new browser profile is a must as also totally new IP address - use it only for FB. Change also location (geolocation) and MAC address... :)

Are you sure it's Facebook?

[wcrowe]

I don't see where in the patent application that it says Facebook is the applicant.

Not that I'm a fan of FB (I plan to leave during the Great Facebook Postout on 10/10), but are they really the ones who filed the patent?

Re:Are you sure it's Facebook?

[enilnomi]

This guy's pretty sure: While the patent doesn't say on its face that it belongs to Facebook, it is listed in the USPTO assignment database as being assigned to Facebook.

Re:Are you sure it's Facebook?

[Zamphatta]

About 40% down the page, you'll see "(e.g., facebook.com/impression.php)", as well as some sample code with a Facebook URL in it, and another reference to a Facebook URL. I think it'd be extremely unusual for one company to use a different companies URL's in their examples in papers. Although I suppose it's possible. Also, I found out at http://seobythesea.com/2011/09/facebook-patent-application-target-ads/ , that this patent is assigned to Facebook in the USPTO assignment database.

Well, yeah.

[thejoelpatrol]

If you're still listening to anything Facebook says, I don't know what else to tell you. This is hardly the first time they've lied about something like this. They say things that are so implausible that they aren't worth listening to. They want every piece of data. Period. They will do whatever they can to get more data on people. Any time they say something to the contrary, they are lying.

Congratulations!

[Zamphatta]

Congratulations Facebook! You just became the first domain I've ever completed blocked from being allowed to set any cookies on my machine. You win!

Google-Plus is different

[billstewart]

Facebook is a social network that wants to also suck up all kinds of information about you. Google-Plus is an identity management service (according to Eric Schmidt), and has some social-networking features to suck in users.

I'm interested in social networks, though I'd prefer one that was less obnoxious. I have entirely no interest in an identity management service, especially one where I'm the product, not the customer. Schmidt clarified things in a way that made it real easy to decide whether to join G+. (And I'd long since given up on Orkut, which was fun for a few months when all my friends were joining, but gradually turned into a system for cute Brazilian guys or occasionally girls to ask to be my friend, even though my profile said I was already married and my picture was obviously way too old for them.)

We have a group of people who've been getting together IRL for dinner for decades. We use email/web to coordinate where we're going to dinner - once upon a time that was effectively a social filter.

VMWare Player + Linux VM

[billstewart]

If I were using Linux as my primary desktop I'd set up a chroot jail and run a Firefox copy in it just for Facebook, keeping it separate from the rest of my browsing. Since I'm not, and since I'm running VMWare Player for other purposes, I'll probably end up setting up a Linux VM just to run Firefox in. (I've already got one, but I'm not that happy with it - it's one of those custom small distro things, doesn't run apt-get, and updates to Firefox haven't worked well.)

Any suggestions for a reasonably small Debianish VM?

Re:VMWare Player + Linux VM

[aaaaaaargh!]

Why don't you do the responsible thing to do and cancel your Facebook account instead?

It's not as if Facebook was offering anything of real value, it's just a big waste of time, and there are plenty of other social sites, chat rooms, etc. you can invite your (real) friends or business contacts to.

Re:VMWare Player + Linux VM

[allo]

just another firefox profile would be okay. if you are paranoid, run firefox under another user with gksu to have it on the same screen as the other firefox. make sure to use another theme to be able to distinguish the two profiles easily.

Advertisement WTF

[curious.corn]

I've been reading so many of these patently absurd patent stories, that adsense thinks I'm a troll myself! I wish I had a screen cap tool installed on this fondleslab but I got offered (oh, the audacity!) an ad to a Kentucky troll harvesting sleaze gang: "we provide the money to make the court system work for you"... What fuckers...

I'm not pasting the link but I'm tempted to read all about it, I'm really curious how these twisted greedy shmucks think...

Yes, it's facebook.

[http]

Take a look at the names on the patent. Then ask where they work. No, I'm not going to google that for you.

Re:So Facebook admits it

[justforgetme]

No, after that Facebook is going to patnent
- having users
and inevitably
- keeping track

Other side of the coint

[Gyorg_Lavode]

No No No! We're looking at this completely wrong! Facebook isn't patenting ways to invade our privacy. They're pattenting cross site scripting so that they can stop it! See, facebook is on OUR side!