Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Confirms New Cookie-Tracking Issue

Posted by timothy on from the issue-is-such-a-nice-bland-word dept.

An anonymous reader writes "Facebook is once again setting its datr cookie via the Like button and other social plugins on third-party websites. The datr cookie can be used for tracking users whether you are logged in or logged out of the service. Facebook has confirmed this is indeed a bug, but says that it is limited in scope and that it will be fixed today. Talk about damage control."

60 of 85 comments (clear)

  1. And of course "today" by bwintx · · Score: 2

    has already passed, since TFA (3rd link) was from yesterday.

    --
    Discussion System prefs link: http://slashdot.org/users.pl?op=editcomm
    1. Re:And of course "today" by interval1066 · · Score: 1

      Blunt, yet apropos. I've fixed all Facebook bugs for ever in my case by simply not using the service.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    2. Re:And of course "today" by RocketRabbit · · Score: 1

      They can still set cookies unless you have explicitly blocked them. Or sites you visit may affiliate with Facebook, so you could well be tracked by Facebook without ever actually using it.

    3. Re:And of course "today" by interval1066 · · Score: 1

      Well, I guess its Zuckerberg's world and we just surf in it.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  2. Bullshit... by Aeros · · Score: 1

    This is a bug. Right!!

    1. Re:Bullshit... by Jeremiah+Cornelius · · Score: 3, Insightful

      This IS a bug. As in "I think this phone is bugged".

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    2. Re:Bullshit... by ArhcAngel · · Score: 4, Insightful

      It is a bug to Facebook as in oops they can still tell we are doing it.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    3. Re:Bullshit... by rvw · · Score: 1

      This IS a bug. As in "I think this phone is bugged".

      This is a bug as in "it's bugging us that we were caught".

  3. good to disabled 3rd party cookies anyway by Anonymous Coward · · Score: 2, Insightful

    The web generally works fine if you only accept 1st party cookies, not 3rd party cookies. There's pretty much zero reason to accept cookies from other than the main site you are visiting, and firefox has long had an easy preference setting to do just that. It's one of the basic "setting up a new machine" tasks that people should be used to doing by now. Don't run 3rd party javascript, don't allow 3rd party cookies - that alone increases your privacy and safety by a huge amount. I've almost never seen anything break like that, and if some rare thing does, it was badly written anyway and needs to have people putting pressure on it to stop doing that.

    1. Re:good to disabled 3rd party cookies anyway by Synerg1y · · Score: 1

      Priceless advice I would mod +1 if you weren't an anonymous coward :)

      Then again I've been doing that since about the time firefox came out, your right there is just no reason, I'm surprised it's still checked as on by default in new browser installs, it doesn't nearly break as much as IE8 being installed w/o compatibility view on by default.

    2. Re:good to disabled 3rd party cookies anyway by yahwotqa · · Score: 1

      Mod +1 regardless. You're modding posts, not people.

    3. Re:good to disabled 3rd party cookies anyway by yahwotqa · · Score: 1

      Or allow all of facebook's cookies only for duration of current session. Combined with a browser restart every now and then (or mere switch to and back from privacy mode in FF), it just gives them new meaningless data to choke on every time.

    4. Re:good to disabled 3rd party cookies anyway by Runaway1956 · · Score: 1

      True. I avoid looking at names on posts when I mod. I read the post, and respond to the post. Afterwards, I sometimes realize I modded up someone with whom I almost always disagree. And, the opposite happens as well. Just don't look at names, and the moderation gets a lot more fair!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    5. Re:good to disabled 3rd party cookies anyway by anomaly256 · · Score: 1

      And I disabled it anyway because I didn't like how Disqus tries to post my comments directly to my facebook wall without asking me for confirmation first. Disqus is complicit with the facebook privacy problem, and may even facilitate it.

    6. Re:good to disabled 3rd party cookies anyway by RocketRabbit · · Score: 1

      I blocked disqus in my hosts file because it is sometimes very slow and adds 5-10 seconds to the load time of a page.

      Same with all the ad networks.

  4. Adblock by Nursie · · Score: 2

    Block facebook.com and fbcdn.com, then add exceptions for the two sites when visting facebook.com. Problem solved, no more fb tracking.

    1. Re:Adblock by _0xd0ad · · Score: 3, Informative

      Here's my list.

      ||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net
      ||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net
      ||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net
      ||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com

      A few more domain exceptions on my home FF installation to permit certain Facebook Apps to work correctly.

    2. Re:Adblock by StripedCow · · Score: 1

      But apparently, this is still not possible in Chrome.

      WHHHYYYY??!!!

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    3. Re:Adblock by Anonymous Coward · · Score: 3, Informative

      ghostery... google it.

    4. Re:Adblock by zugaldia · · Score: 1

      I don't know if they want you to block Google Analytics, but they give you a browser add-on to opt-out from it. It works in Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera.

    5. Re:Adblock by Runaway1956 · · Score: 1

      You actually use the apps? I don't have a single one. All that I use Facebook for, is to look at "important" people's walls. I've friended the "most important", so most of the time, I don't even need to look at their walls. But, I sure as hell don't enable any apps, so that the "developer" can browse through my information!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    6. Re:Adblock by _0xd0ad · · Score: 1

      You actually use the apps?

      Not very many.

    7. Re:Adblock by contrapunctus · · Score: 1

      i though that if your friends enable apps, then your data is already accessible to the developers

    8. Re:Adblock by Runaway1956 · · Score: 1

      You thought, but I don't think so. There have been a number of articles detailing how to stop app developers from accessing your data. I read, visit Facebook, check the settings, then halfways forget what I read, LOL

      You can google for articles, if you like, to compare your own settings. As far as I remember, I've disabled friend's ability to share my information.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    9. Re:Adblock by vinayg18 · · Score: 1

      Yes, it is. There are several extensions, one of which is Facebook Disconnect.

    10. Re:Adblock by rvw · · Score: 1

      You actually use the apps?

      Not very many.

      One is enough for them!

    11. Re:Adblock by coolmadsi · · Score: 1

      i though that if your friends enable apps, then your data is already accessible to the developers

      I think, if you disable all apps (not just remove them all, but disable the platform alltogether), then your friends can't accidentally be leaking your information to other developers. This may or may not have been the case a year or so ago, so I don't know the situation now.

  5. So they requested a patent on a "bug"? by Kenja · · Score: 1

    Not sure I trust em. Not that I ever did. If a company has income, but does not charge their users anything. Then their users are their products, and are being sold to someone else.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:So they requested a patent on a "bug"? by surmak · · Score: 2

      Maybe, they requested the patent on the bug to insure that nobody else can invade users' privacy. (Yeah right, I don't believe that either.)

  6. If only there were a competitor by grasshoppa · · Score: 2, Insightful

    If only there were a competitor to facebook that addressed these issues. I'm sure they'd be able to take a large portion of facebook's sub base about as quickly as facebook did to myspace.

    And if only said competitor could somehow make such a service work with it's other internal services that paying customers are currently locked out of.

    Talk about a market ripe for take over, if only someone could get their act together.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re:If only there were a competitor by grasshoppa · · Score: 1

      You'll note that's addressed in my post. Which I have a feeling you only read the words you wanted, and interpreted them however you wanted to arrive at the results you wanted.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    2. Re:If only there were a competitor by mccrew · · Score: 1
      Increased competition benefits the customers.

      Remember that you are not Facebook's customer. You are the product. Therefore, you should not expect to see any benefit with increased competition.

      --
      Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
    3. Re:If only there were a competitor by StripedCow · · Score: 1

      Problem is, Facebook has got their users locked in, like nobody has been locked in ever before.

      I would rephrase your question as: if only there were some regulations on social website lock-in, and data-harvesting.

      (Somehow, these regulations exist for telcos but are not applicable to social websites; or are they?)

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    4. Re:If only there were a competitor by Oswald+McWeany · · Score: 1

      It is more complicated than that you are actually BOTH the customer and the product.

      Think of it like a flower. Facebook is the flower- you (the bee) goes to the flower to consume their nectar. They don't get benefit from you eating their nectar (communicating mundane comments with your friends) - but their way of continuing on is that they attach a packet of pollen to you (sell your data) so that you can propagate the species (pay the employees and Suckerborg's wallet).

      If another flower offers more and sweeter tasting nectar- you may be encouraged to visit it instead.

      --
      "That's the way to do it" - Punch
    5. Re:If only there were a competitor by Oswald+McWeany · · Score: 1

      You can leave Facebook any time you like. Nothing locks you in. Leave- go somewhere else and ask your friends to follow. Some will, some won't- even with half the amount of friends on a rival network such as Google+, you still will have the ability to waste more time than you should.

      --
      "That's the way to do it" - Punch
    6. Re:If only there were a competitor by Algae_94 · · Score: 1

      There's no lock in. Throwing your pictures and slips of paper you've written on down a well doesn't lock you into that well. You can go away anytime you like, but you're gonna have to expend some real effort to take all that crap you threw in that hole with you.

    7. Re:If only there were a competitor by PopeRatzo · · Score: 1

      There's an AdSense ad at the top of this page right now for PayPal (see the blue arrow in the corner that says AdChoices... that's Google)

      Actually, I don't see it. That's how laughably easy it is to avoid being part of Google's "revenue stream".

      --
      You are welcome on my lawn.
    8. Re:If only there were a competitor by Runaway1956 · · Score: 1

      What the pope already said. I don't see any AdChoices - or any other adverts. And, I have never used the opt-out here at slashdot to hide advertisements. All blocking is done on my router, or my computer, or in my browser. I don't see ads, unless and until I do a search for a product. I don't see it on Gmail, G+, iGoogle, or anywhere else. You gotta get with the times - every tool that I use to block ads has been discussed many times right here on slashdot.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  7. Those F-ing cookies show up no matter what! by david.emery · · Score: 1

    I run Facebook in a totally separate browser than I use for -everything else-. So why is it I still get Facebook cookies in a browser that has never logged onto Facebook? I remove those cookies about 2-3 times/week. I haven't figured out where they're coming from (i.e. what site puts them there) yet. This is not new behavior, I've seen this for months.

    1. Re:Those F-ing cookies show up no matter what! by ArhcAngel · · Score: 1

      Do any of the other sites you visit have the Facebook "Like" button?

      I bet they do neighbor.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    2. Re:Those F-ing cookies show up no matter what! by Pope · · Score: 1

      Because of the Facebook Social Plug-in, which runs on third party sites that have comment boxes and/or like buttons. There'll still be FB cookies, they just won't have your FB-linked info.

      --
      It doesn't mean much now, it's built for the future.
  8. possible solution by Mister+Fright · · Score: 1

    Sharemenot

    Not having an account with them and blocking everything from their domains is what I chose to do.

  9. Third Party Cookies by Tepar · · Score: 1

    Isn't this defeated by simply disabling third party cookies in your browser?

    1. Re:Third Party Cookies by maxume · · Score: 1

      No.

      Visit facebook.com, Log out, Facebook sets cookie at log out. Visit other page, other page includes link to resource on facebook.com, browser sends that cookie with the request to facebook.com.

      It isn't news that it is happening, but apparently there are a bunch of people that had no idea at all about how browsers function. I guess that is a little bit snide, but the tone of some of the articles about it has been pretty funny, like it was some sort of big bust to catch them doing it (the last time it was a kerfuffle was when Amazon was serving personalized advertizing images).

      --
      Nerd rage is the funniest rage.
    2. Re:Third Party Cookies by allo · · Score: 1

      its only sent, if you do not disable thirdparty cookies.

    3. Re:Third Party Cookies by maxume · · Score: 1

      I think you are mistaken.

      I have Cookie Monster installed, so I would have to mess around to test the default configuration of Firefox, but if I use developer tools to inspect the requests such and such a page is making, I can see that some of the requests to other domains have cookies associated with them, cookies that are not from such and such a page's domain.

      My understanding of the cookie features in Firefox are that the options only control what cookies can be set, they don't have any impact on what cookies are sent. The name of the option, 'Accept third party cookies', at least suggests this is correct.

      --
      Nerd rage is the funniest rage.
  10. disconnect... by IANAAC · · Score: 1

    The disconnect addon for Firefox seems to be working well for me.

  11. Re:Totally illegal by Oswald+McWeany · · Score: 1

    Actually, it is more like if you visited Walmart and they told Best Buy that you went into their store at 6:30pm last Saturday.

    Best Buy is not actually following you around- and there is nothing illegal about two companies sharing data about you. I don't like it- you don't like it- but it is not actually illegal.

    --
    "That's the way to do it" - Punch
  12. Just download another browser. by InterGuru · · Score: 1

    Devote it exclusively to Facebook. I downloaded Opera.

  13. Fake it out by EkriirkE · · Score: 2

    Write a greasemonkey script to write the cookie over with, say, Zuckerberg's profile ID? So everywhere you go tracks to his profile (but not tied to you)

    --
    from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
  14. It is beginning to look like... by QuietLagoon · · Score: 1

    ... Facebook's development is out of control, that Facebook does not even know what its developers are doing. Or maybe the developers are doing exactly what Facebook wants, and Facebook thinks the public is too stupid to figure it out.

    1. Re:It is beginning to look like... by game+kid · · Score: 1

      They could just be Schrödinger's corporation: simultaneously responsible, and not.

      --
      You can hold down the "B" button for continuous firing.
  15. It will be fixed by Yvan256 · · Score: 1

    Facebook has confirmed this is indeed a bug, but says that it is limited in scope and that it will be fixed today.

    Once it's fixed, it won't be limited in scope anymore.

  16. alternatives by Onymous+Coward · · Score: 1

    What I'd like to see is a protocol for handling all the social interactions that Facebook provides. Then folks could write apps and servers to implement it. Technically-minded nerds could run their own servers. Other folks could just choose whichever provider they pleased, much like selecting mail or web hosting.

    Decentralize.

    1. Re:alternatives by KernyKat · · Score: 1

      http://diasporafoundation.org/ and http://noserub.com/ ...but don't kid yourself that these things will take ever over the mainstream without widescale support from a leading corporation.

  17. Said it before.... by Eric+Freyhart · · Score: 1

    Did I not in fact tell everyone this a few days ago? See! No one believes me! :) :) :)

  18. Unity? by Autie · · Score: 1

    Does this mean both distros adobted Unity? I don't like that on my desktop computer. Only good idea for use with laptops or smaller.

    1. Re:Unity? by Autie · · Score: 1

      Sorry, wrong threat :)

  19. Re:I don't understand. by allo · · Score: 1

    and you do not get, how a passport can identify you.

  20. Facebook knows all by marperl · · Score: 1

    How about the latest Facebook tracking option. It's called ALLforALL: 10:50:09: Breathed in. 10:50:14: Breathed out. 10:50:24: Noticed cat sleeping on chair. 10:50:32: Wind stirring leaves outside house. Temp 71 degrees. 10:51:02: Sun came out from behind cloud. 10:51:12: Had dalliance with Greek heiress 10:51:34: Cleared throat. 10:51:49: Rear section of Upper Atmosphere Research Satellite (UARS) just crashed through house. 10:52:59: Cat now awake. 10:53:17: Thirsty. --from Thinking Out Loud, http://marperl.blogspot.com/