Facebook Sued For Violating Wiretap Laws

An anonymous reader writes "Facebook is being sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws. The most recent lawsuit, filed by a Mississippi woman, says: 'Leading up to September 23, 2011, Facebook tracked, collected, and stored its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook. Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook.'"

sorry no

[Osgeld]

There is no way we can let go of this invaluable resource over a few lawsuits. Clearly the wiretap laws need to be changed or we will not have our greatest resource ... worthless information for dumb fuck advertising!

Re:sorry no

[Cryacin]

Wonder how many FacePalms there were at FaceBook after this little verdict?

Re:sorry no

[MacGyver2210]

With one free plugin it becomes worthless information with no advertising.

Or if you're in the entertainment or media business, it can become useful information with no advertising.

http://www.adblockplus.com/

Re:sorry no

[ScrewMaster]

Wonder how many FacePalms there were at FaceBook after this little verdict?

There should not have been any. This is not rocket science, from a legal perspective. Either Zuckerberg ignored the advice of his attorneys ... or never bothered to consult them in the first place.

Facebook more than deserves any fallout from this because there was no need for it.

Re:sorry no

[Pf0tzenpfritz]

It's not only dumb fuck advertising, There also is dumb online games advertising, dumb TV-show advertising, dumb fashion advertising...

Re:sorry no

[jamesh]

ablockplus ftw!

I regularly visit youtube and nearly every music video on there has comments like 'vevo sucks' and I never figured out why all the fuss for an almost invisible watermark in the corner of the video... until I used it in IE one day.

Re:sorry no

[hairyfeet]

I second the ABP and would point out it also Chromium based as well as Firefox. I have noticed since giving my users Comodo dragon with ABP that not only do they have a faster nicer web experience, thanks to no ads dragging them down, but the rates of infection have frankly dropped right off the chart.

I give MSFT credit for making Windows 7 pretty damned good about blocking bugs but the combination of Dragon sandboxing the browser with ABP getting rid of the malware laden ads it has made viruses, at least for my customers, pretty much a thing of the past. Now the only bugs I see are "Forest Gump" social engineering bugs where they wave the right cookie in front of the user and get them to bypass security FOR the malware. The worst I've seen lately is "The New Limewire" which is a bunch of malware wrapped up in a gnucleus client, nasty stuff.

As for TFA that was awfully stupid of them, not to mention more than a little pointless. I don't know if my customers are typical but many of them live in FB so tracking them would be kinda pointless. Besides if they wanted to do that why not just offer a toolbar like everybody and their dog does? From what i've seen if you are stupid enough to agree to your average toolbar EULA you've pretty much agreed to give them keys to the kingdom anyway. I mean with all the money FB generates how hard would it have been to have someone write them a FB toolbar for all the major browsers?

Re:sorry no

[FooAtWFU]

Or, more probably, he consulted with the attorneys and business teams and decided they'd go see exactly how much tracking they could get away with.

A legal team isn't supposed to tell you "you can't do something" - not when you're in charge of them, anyway (everyday employees are another mater). You're supposed to tell them what you want to do, and they try to help you accomplish it legally (or how you're most likely to get away with it, depending on how ethical you are).

Re:sorry no

[webnut77]

How does adblockplus compare to ghostery?

After I installed Ghostery, I was amazed at how many trackers some sites use. One site I went to had 32 trackers. After disabling most of them, guess what. No ads, which was really not my goal. I don't mind the ads since I figure that helps a site pay for itself, but I'm not a Facebook user and I don't want FB tracking me.

And another thought, all that tracking is sure going to eat into any bandwidth cap.

Re:sorry no

[msevior]

With one free plugin it becomes worthless information with no advertising.

Or if you're in the entertainment or media business, it can become useful information with no advertising.

http://www.adblockplus.com/

Mod parent up! No more ads to remove stomach fat :-)

Re:sorry no

[ScrewMaster]

Or, more probably, he consulted with the attorneys and business teams and decided they'd go see exactly how much tracking they could get away with.

A legal team isn't supposed to tell you "you can't do something" - not when you're in charge of them, anyway (everyday employees are another mater). You're supposed to tell them what you want to do, and they try to help you accomplish it legally (or how you're most likely to get away with it, depending on how ethical you are).

True ... and part of due diligence is that you tell the client when his proposed activities are likely to land him in court. It's also possible that said attorneys did not perform due diligence.

Oh well. Couldn't have happened to a nicer bunch.

Re:sorry no

[rtb61]

The best way to crack down on advertising is perhaps not to block it but to force total truth in advertising. No lies, no exaggerations, no false associations, no people recommending who do not provide proof on continued use of the product and required warnings for any known problems with the product to be included in the adds.

Adds should be restricted to informing people about a product, not about manipulating people especially children, not about false product qualities, not about people lying about using the product and, in fact not about anything that company can not prove to be true about the product.

Re:sorry no

[quadrox]

Wow, I have been saying the same exact thing for a while, nice to see someone else agreeing with me :)

Re:sorry no

[DarwinSurvivor]

If you don't mind adds but don't want to be tracked, e-mail the website admins and tell them so. They may not be aware their adds are tracking and switch to non-tracking ones. It's a long shot, but even if they don't change, at least you've regained your peace of mind knowing the website owners don't care if you see their adds.

Re:sorry no

[webnut77]

If you don't mind adds but don't want to be tracked, e-mail the website admins and tell them so. They may not be aware their adds are tracking and switch to non-tracking ones. It's a long shot, but even if they don't change, at least you've regained your peace of mind knowing the website owners don't care if you see their adds.

While I appreciate your suggestion, that places a lot of burden me. After figuring out what email address to use, I have no guarantee that my email won't go straight to the bit bucket or worse, be flagged as spam. Trying to pay my bills is what takes up my time. Plus, I would have to think if these web site administrators don't understand the principles of tracking, then they're incompetent.

Re:sorry no

[Internetuser1248]

Me too, this would actually result in advertising being a good thing. I also add to the suggestion my idea of moving all television advertising to a dedicated channel, where ads are scheduled into half hourly slots for different product categories. That way if you wanted to buy a new fridge for example you could turn on the the tv at the fridge/whiteware timeslot and get all the pertinent information about all the possible purchases you could make. Some people say no one would ever watch this channel but if the truth were enforced and you knew you were going to see ads for a product you wanted to buy, I would bet that people would in fact watch.

Re:sorry no

[bryan1945]

I had forgotten about how bad ads have become since I started using AdBlock. On one site with a forum, I would occasionally here a complaint about the person confusing the ad with the content (um, really?). On one of my favorite sites, the guy runs it as a hobby, so he depends on ad revenue. He offhandedly mentioned something about money, so I disabled AdBlock- wow, what a difference. But I like the site enough to deal with it.

Re:sorry no

[bryan1945]

A few weeks ago someone here suggested Ghostery to me. Wow, so many trackers. I spent the next few days deleting a how bunch of them as I progressed through my usual sites.
AFAIK, AdBlock just keeps the ads from showing, but by doing so it may also block the tracker.
To be safer, I use both.

Re:sorry no

[dell623]

Yes and communism should work perfectly. Seriously, idealism doesn't go far. Ideas to improve the world should keep human nature in mind. So crack down on false claims in advertising. But people do not buy things based on rational informed decisions, and that is NOT going to change. It's better to try to regulate advertising keeping that in mind rather than come up with idealist ideas like the above, which you will carry to your grave as you will never convince enough people about them.

Re:sorry no

[Thaelon]

Very simple fix along those lines that I've wanted to see for years:

Deception for profit is illegal.

Deliberately broad.

Re:sorry no

[bberens]

I've been a web developer for 10 years.. so I feel a bit stupid for not getting it on the technical side. Once you're off Facebook's site Facebook shouldn't be able to get information about what you're doing... except of course if there's a Facebook "like" button or whatever that thing's called. But that's something every analytics/advertiser does and has nothing to do with whether you're logged into Facebook. So.. what's the story here?

Re:sorry no

[Pope]

Block all teeth whitening ads with this one weird tip discovered by a Slashdot poster!

Re:sorry no

[DinDaddy]

Filed suit is not a verdict.

Re:sorry no

[Aeros]

Here is a basic overview. It not every site out there that FB has the potential to track you on which the media eludes too. It's only sites that have FB enabled within their site. Seeing as how more and more sites are doing this it is adding up to quite a few. Hopefully this helps: http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough

Re:sorry no

[hjf]

I'm going to play devil's advocate here. Filter bubbles and all their implications aside, and ignoring the fact that one can go with the torrent way...

I would LIKE my TV provider to "track" me in some way. I would LOVE to have ads tailored to ME and MY needs. I hate so much, really, so much, the damn soap ads they play all day (at least in my country). REALLY, I DON'T want to see any more soap commercials, or Oral-B, or Colgate Whitening. MAN the colgate ads are so annoying, and soap ads are just sexist. I mean every soap and cleaning product ad features a young woman with children, who doesn't work and stays home all day cooking, doing laundry, and scrubbing because if you don't scrub it doesn't clean (unless you buy the new Mr Muscle that "cuts through grease" and cleans without scrubbing).

I DON'T GIVE A FUCK, I just buy the soap that's on sale, the first toothbrush and paste I see. Guess what? They're ALL THE SAME SHIT. A toothbrush that gives you a MASSAGE? Seriously, Oral-B?

I'm a 28 year old male. I don't fucking need ads for cleaning products. Let me know when the next Assassin's Creed is out, that's what I want to know.

Re:sorry no

[rtb61]

Ahh yes, the corporate era, where truth is called idealism and lies make big, big profits. Better to start fining the crap out of corporations and their corporate executives when they get caught lying. When those lies cause physical harm or death off to jail for a very long time go those corporate executives. Nothing idealist about that at all, it is just basically anti-psychopath.

Re:sorry no

[bberens]

Yeah, that's pretty much what I assumed. Any site that has a FB image/link/whatever on it means that FB can track me there. I guess it was just so obvious to me that I didn't understand the shock value of it.

Dumb Question

Dumb-question guy here: how can a web site gather users' "internet browsing history even when the users were not logged-in to Facebook"?

Re:Dumb Question

[Beryllium+Sphere(tm)]

Put a "Like" button on every page they visit and store the Referrer field when the button gets downloaded.

Re:Dumb Question

[icebraining]

See those Facebook "Like" buttons everywhere? They have Javascript loaded from Facebook's website. Even if you're not logged in, it creates a cookie with a random ID, which is then read when you access other sites with the button.

It's easy to reproduce, if they haven't changed it from a month ago: log off from FB, delete all cookies from their domains (fbcdn*, facebook*) and then load some pages with their button.
It worked for me even though I didn't even have an account.

Re:Dumb Question

[mattventura]

I think this lawsuit is related to how the Facebook "like" buttons that are scattered throughout the internet allow FB to track you. Presumably, when you are not logged in, they still track you by cookie/IP/whatever.

Re:Dumb Question

[icebraining]

Actually, they create an ID even if you don't even have an account. Or at least they did until recently.

Re:Dumb Question

[loimprevisto]

Here, let me google that for you: http://lmgtfy.com/?q=how+does+facebook+track+you

Short answer: mostly by setting cookies in your browser, but with several other tricks as well.

Re:Dumb Question

[the+eric+conspiracy]

By loading a page with a embedded link to Facebook. Like buttons, transparent 1 pixel gifs, etc.

Re:Dumb Question

[AwesomeMcgee]

Look, everyone has this all wrong, facebook didn't put the like buttons there, and clients are actively connecting to and making requests of facebook servers so there's NO interception. Facebook is merely mining there own server logs for what people are requesting from them. If this suit goes through it basically means you can no longer use cookies and mine your server logs.

Re:Dumb Question

[sortadan]

Wouldn't that be tracking the communication that the person's browser initiates with Facebook? If there is a law that say logging out of a website has to delete all cookies cookies and wipe any record or what IP you're using, I call dibs on Google.

Re:Dumb Question

[TeamSPAM]

There is also the cookie stored in your browser, You may not be logged in to facebook, but the cookie will still tell them who you are.

Re:Dumb Question

[AngryNick]

so....what's the name of the facebook-blocking add-in for Chrome and Firefox?

Re:Dumb Question

[tomhudson]

"when the button gets downloaded"

Which you *do not have to do*.

It happens automatically. See the "Like" button? It's because it's already been downloaded - even if you NEVER dealt with facebook. Facebook even tracks users vi IP+browser fingerprinting who they can't tie to an existing account so that if/when you DO sign up, they can match that history with you. Totally illegal.

Re:Dumb Question

[mcavic]

If this suit goes through it basically means you can no longer use cookies and mine your server logs.

No, it means you can't track people when they visit someone else's site.

Re:Dumb Question

[Jane+Q.+Public]

That is correct as far as it goes. But the problem there is that you have no way to know, ahead of time, what sites might have Like buttons and what sites not. By the time the page is downloaded, and you see the Like button there, it already has you tracked.

Currently, the only way to prevent that is to use a script blocker to block Facebook's javascript from running. Which I do. But it's not a satisfactory solution... they should only be able to track you if you give your explicit permission. What they are doing now is sneaky and unethical, given that most people don't even know they're doing it.

Re:Dumb Question

[Jane+Q.+Public]

Probably the most popular one for Firefox is NoScript. I don't know about Chrome.

Re:Dumb Question

[fatphil]

So you can no longer serve images which don't have you as the referer and mine your server logs?

Facebook seem the least culpable for this - other websites chose to add the buttons, and users' (unthinkingly) *initiate* communication with facebook. All fb are doing is giving people what is being asked for, and logging that transaction. This seems as badly thought out as the deep linking lawsuits in the past. Blame the browser writers for not defaulting to blocking 3rd-party images before blaming facebook for this.

Re:Dumb Question

so....what's the name of the facebook-blocking add-in for Chrome and Firefox?

i use two things:
adblock software
  - Firebug, to examine the offending frames, span's or div's within the DOM of the page that has the tracking element.
  - Ad blocking plug in. You need to find the URLS of annoying buttons browser-wart frames, and then blacklist the sites with the adblock software.

I don't work for these companies or OS products.
  I was very upset when a 'redesign' of a site that I use everyday to get news suddenly made my browser crawl, almost to the point of wedge. I started going after any frame or div that was absolutely placed within the browser, those annoying buttons that stick to the bottom of the page (do you remember seeing them before three months ago?). They are poxxed with the names of pre-IPO companies, darlings of the self-annoited kings of the world.

Why a company that has a successful site would want to give their site a pox, with buttons that most people don't know how to remove, baffles me! If I had a major site with a lot of traffic I wouldn't let it be subverted by the snoops and market-manipulators of the corporate brainwash factory.
Even if the buttons weren't tracking me I'd still find them offensive.

You absolutely can innoculate your browser from these intrusions into your user experience.

1. Install the software of your choice to do the following:
manipulate the DOM of a loaded page. (if you don't know what the DOM is, you don't need to know a lot about it to do what I am suggesting)
I loaded Firebug and every time I see a wart or pox-button on any page (especially the kind that don't go away or that stick to the browser frame) I do an 'inspect element' using the Firebug extensions.
2. When you see the element that is the offending one, delete it within Firebug (or whatever DOM manipulator that you choose to use). That way you can see if you have really found the correct div or frame that you need to black-list.
3. Using adblocker software blacklist the URL of the offending div or frame (if there is anything loaded you will see it in the code).
Usuaslly there is along string of things such as:
    http:// some site name.com/stuff that looks like jibberish but loads whatever it is that they are trying to load

you take the part that is
http:// some site name.com/
and delete the jibberish part. put a star wildcard at end of the URL to block everything from that URL.

4. Do a test by reloading the page to see if the adblock is working. If it is doing the trick the annoying frame-warts and pox-buttons will be removed!
Your browser will run quicker! You won't be plauged by mal-ware javascript insertions from ad sites (not accusing a reputible company of putting bad-code out there but . . . we all know that . . . uuh. . . stuff . . . happens.

Using top from a command shell I was able to verify that CPU processor time of the firefox process returned to a reasonable level.

It should be a design rule that an element doesn't stick to the frame of the browser. If they ever do I find the div and delete it with Firebug. Then I use the adblock, with the URL of the offending div or frame and that annoyance if firewalled away.

each of those divs that loads down a rouge page from some track-miestr site can be a monolith of bad code and malicious intent. It would only take a hack of any of these ad-monster sites to compromise large swathes of the Internet. They are a security risk of a very high order.
It isn't hard to innoculate yourself from broswer-frame warts and pox-buttons. What compelled me to do it was, as I said, the annoyance of a site that I like suddenly being poxed with buttons that don't scroll away.

Re:Dumb Question

[linatux]

Does this include the "Like" button on this page?

Re:Dumb Question

[maxume]

They stopped with the cookies. Weeks ago.

And really, the only reasonable solution is to (try to) educate people so that they understand how gregarious a web page can be and suggest techniques for controlling them.

(You say 'script blocker', but RequestPolicy can prevent the http connections, and cookie blockers/managers reduce exposure. I expect the long term solution is to revert to only sharing cookies that the user has explicitly whitelisted for a given domain or whatever)

Re:Dumb Question

[tomhudson]

Sure, whatever. So now sites sending you data that YOUR OWN BROWSER requests is illegal? Would you care to stop knee jerking and think a little bit?

I have a right to assume that the web site will act within the law, same as if I invite you into my home I have a right to expect that you would do the same. The web sites enabling such tracking are violating the law, as simple as that, so instead of YOUR knee-jerk reaction, why not think why people are cheesed off?

Web sites simply don't have permission to set ANY cookies without your permission - the fact that they set one if you opt out is also a violation of the law in, for example, Europe. The default should be opt out, not opt in.

Re:Dumb Question

[maxume]

The browser is storing the cookie. The website is requesting that it do so.

Pretending that this involves the website having control over what the browser stores is blatant idiocy.

Re:Dumb Question

[Zontar+The+Mindless]

TL;DR

Sincerely,

Joe User.

Re:Dumb Question

[AK+Marc]

I agree (that there's plenty of blame to go around and other ways to address this without lawsuits), and I don't see how you can defend the practice. I don't go to Facebook. I go to CNN (or whatever) and CNN serves up a "Like" button because they want people to like it and generate more traffic to that page. CNN is trading advertising with Facebook. It's CNN that's loading 3rd party content without "permission" of the user. Facebook is just serving and logging that content. Of course Facebook is logging not just usage stats, but personally identifying information. CNN is wrong for having knowingly allowed a 3rd party "attack" in their page, but Facebook is also violating "trust" by tracking people who have explicitly logged out of their account. People don't "unthinkingly" load the "like" button. They do so inadvertently, but there is no practical choice. The buttons will load automatically from sites with no known affiliation with Facebook and it takes extraordinary effort on the part of the user to block just that content.

Re:Dumb Question

[psiclops]

i could wear a suit of armour to prevent injury from someone stabbing me.

that does not mean that someone should not be charged for stabbing me.

Re:Dumb Question

[maxume]

"no practical choice" and "extraordinary effort" are pretty strong language. The extraordinary effort is of course true, because ordinary people don't bother installing something like Ghostery, but it certainly isn't extreme effort.

The long term, practical solution is to try to educate users as to what the hell the thingamajig on the screen is doing, encourage them to understand and control it, and to raise some frothy outrage over widespread tracking like Facebook was at least enabling themselves to do (they were clearly logging everything, it is less clear if they were actually analyzing any of that).

It might even make sense to start to move browsers away from having a single cookie context. Having cookie zones would mitigate much of what is problematic with sharing everything while minimizing the inconvenience of dealing with sites that use cookies while interoperating. The notion is that managing shared cookies is much less involved than managing all cookies, while still giving very similar benefits.

Re:Dumb Question

[AwesomeMcgee]

you have no control over what or how many third-party cookies that site sics on you without any overt warning.

Cookies aren't stuck to you. Don't like that your browser tells websites your cookies? Browsers are open source, figure it out. But don't sue people servers for your clients behavior.

Re:Dumb Question

[AK+Marc]

"no practical choice" and "extraordinary effort" are pretty strong language.

And quite accurate for the average person. You must tell your TV what channel you want to watch for it to work. People don't expect that their TV tracks them every time they put in a channel number. The same general principle applies with web sites and the average person's expectations. You are arguing from the position of "I know how it works, and I know how to address the issue, so the steps to "fix" the problem are small." But the reasonable person would not understand the root cause of the issue and it would be unreasonable to expect them to be able to recognize a fix as quickly as the average Slashdot reader. Try a little empathy. Can you even imagine being one of the 80 year old grandmothers who couldn't even get online if one of the family didn't set it up for her? What's she to do?

The long term, practical solution is to try to educate users as to what the hell the thingamajig on the screen is doing, encourage them to understand and control it, and to raise some frothy outrage over widespread tracking like Facebook was at least enabling themselves to do (they were clearly logging everything, it is less clear if they were actually analyzing any of that).

Great, so are you volunteering to visit every grandmother and teach them what's going on?

I don't disagree it'd be better if people understood things before they used them, but that's as realistic as demanding everyone poop rare earth metals to alleviate the shortages. Have you seen how dim the average person is? Now remember, 50% of all people are dumber than that.

Re:Dumb Question

[breeze95]

Dumb-question guy here: how can a web site gather users' "internet browsing history even when the users were not logged-in to Facebook"?

By having permanent cookies whose sessions never expire in your browser. I use Firefox with NoScript so I am able to see scripts that are associated with the web pages. It seems most web sites that I visit there is a Facebook script associated with that website and that's how they track you. I permanent blocked Facebook scripts from running in my browser.

Re:Dumb Question

[DeeEff]

Try Ghostery. I believe this is exactly what it is intended to do.

Re:Dumb Question

[houghi]

In your hosts file:
# Block Facebook
127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 www.static.ak.fbcdn.net
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 www.static.ak.connect.facebook.com

This is an opt-out and should never be happening.

Re:Dumb Question

[Jane+Q.+Public]

You are correct about the other software solutions, but I disagree with you about that being "the only reasonable solution". I disagree very much. I don't believe it is ethical at all for someone to compile personal data about my communications without my knowledge or consent, much less peddle that data to others.

Re:Dumb Question

[Jane+Q.+Public]

"But don't sue people servers for your clients behavior."

Sorry, but that's W3C standard behavior, it has nothing to do with the browsers themselves. Although browsers could be changed to block 3rd-party cookies and images, all they are doing is complying with the standard.

Further, this is an overt act on the part of others. It isn't as though those things get there accidentally. So it's not a matter of me dancing naked in front of an open window; morally and ethically it is a hell of a lot more like somebody coming up and peeping in my window. They are not the same things.

Re:Dumb Question

[sodul]

Whose law? The internet is worldwide.

You might have noticed that here it is about US persons (citizens, or residents), on US soil, dealing with US companies, on US soil. The traffic never leaves US soil.

Being on the Internet does not magically make you a Sealand citizen where you would not have to comply with any laws from any country.

Sure Facebook could apply the same tax evasion tricks to avoid to comply with governments laws, but then they would have to move all their employees to some tiny island nation, as well as all their servers.

Good luck with that. As far as I can tell, the majority high level talent loves to stay in the Silicon Valley and Facebook would end up with only crappy employees, or employees that they would have to pay a lot more. Not really viable.
The other option to store all the servers outside of the US (for US traffic) would mean that the site would be painfully slow, and then users would actually move to, and stay, at an other social site like Google+.

Now imagine that Facebook actually did all that, well how to they make revenue on these US users ? By selling ads, and the money would come from the US. It would not be too difficult for the government to lock down the money flow. Well maybe not the current US politicians, but not above the european governments which still (mostly) value people before corporations.

Re:Dumb Question

[ogl_codemonkey]

Logging out doesn't remove the cookie that tells them who you are when you visit a page with the FB 'like' button or similar on it; it just makes it invalid for the purpose of actually being logged in.

Re:Dumb Question

[fatphil]

One thing that annoys me about this story is that it only mentions facebook users who have logged out. You yourself do it above too. Those who have at one point logged in have agreed to facebook's T&Cs, and have accepted that facebook can be the bottom feeders of the internet. Those who have never logged in are still being tracked in exactly the same way, as those cookies are still being handed out with gay abandon.

Of course, elitist nerdy schmuck that I am, I have never accepted a single cookie from facebook, but I'm sure there are millions of others who are not on facebook and who don't like the anonymous tracking that facebook can perform with what are effectively their web-bugs.

It takes minimal effort to ensure that facebook can't track you - use something like adblock to block images from their domains. However, that requires a willingness to never have your "like" counted. (And a willingness to stay off facebook, obviously.)

Re:Dumb Question

[sjames]

It's a bit like stalking. Yes, a person can be seen and incidentally photographed when they're in public places, but dispatching an army of photographers around town to make sure you get photos wherever they go is quite another matter.

Re:Dumb Question

[cyclomedia]

Does anybody else here think that the Like button shouldn't track you even if you ARE logged in?

Re:Dumb Question

[AK+Marc]

They also track if you have never had an account or logged in.

Re:Dumb Question

[fatphil]

Strangely, that's why I said "Those who have never logged in are still being tracked in exactly the same way."

Re:Dumb Question

[xarragon]

At least for Chromium there exists NotScripts, albeit it is not as polished as it's Firefox equivalent.

Re:Dumb Question

[maxume]

I dislike it when people frame arguments in terms of protecting people they clearly have very little respect for. I mean, if you don't respect them, why pretend to care? But maybe you are just using sloppy language there and don't think of the typical person as a dim dumbass.

Anyway, I agree that social pressure (frothy outrage...) is a key component in shutting it down. That said, Ghostery and the like are a couple of clicks for the person helping granny through the 'couldn't even get online' and have third parties maintaining the block lists. That's plenty practical.

Re:Dumb Question

[tomhudson]

The like button is only on the page, because the designer of the page put it there. When you surf to some random website you are implicitly allowing that they can include images from any other website.

The "implicit" part is where the law gets broken. You cannot "implicitly" waive a right granted by statute because of some activity by a 3rd party - in this case the so-called "designer"- especially since you can't see it until after the fact - after you've downloaded the page.

All privacy bugs are rendered shallow by sufficient lawsuits - sue, baby, sue!

Re:Dumb Question

[tomhudson]

I think you missed how facebook tracks you even without cookies. It's not *that* hard to do - I wrote similar code in a day.

Re:Dumb Question

[maxume]

No, I was just responding specifically to "Web sites simply don't have permission to set ANY cookies without your permission".

I agree that users are generally blind to the defaults of their software, but saying that the website sets the cookie without permission ignores the fact that the website can't actually do anything more than request that the browser store the cookie.

The tracking problem is somewhat solved for people that care to understand it, there are lots of ways to prevent requests from even being made to third party servers (for instance, because of Adblock Plus, I know that this comment entry page would use Google Analytics if I didn't block it and that the only other server it refers to is fsdn.com); that leaves the problem of enumerating the services doing the tracking, but blocking Google, Facebook and Twitter goes an awful long way.

Of course, that doesn't solve the problem of log aggregation and proxied tracking, but those are pretty different than requesting that the browser do this or that.

Re:Dumb Question

[140Mandak262Jamuna]

Is there a noscript option block this javascript from being executed?

Re:Dumb Question

[GameboyRMH]

Even blocking JS won't stop the tracking, it just reduces the amount of info they can collect on your browser. They can still get your IP and browser agent, and set cookies, at a bare minimum (the facebook button isn't just a pic, it's a feature-rich page loaded as an iframe).

Re:Dumb Question

[GameboyRMH]

NoScript alone won't do it! You need to block access to Facebook altogether or they can still get your IP & browser agent and set cookies.

Use Ghostery, or NoFace (Facebook-specific). RequestPolicy is another one, it uses a whitelist which is sort of overkill, but they're going to add a blacklist mode soon which should make it more practical for this purpose.

Re:Dumb Question

[AK+Marc]

I dislike it when people frame arguments in terms of protecting people they clearly have very little respect for.

Well, good for you. But that isn't a statement that affects my argument, other than you "dislike" it, and doesn't affect the truth of my words.

Re:Dumb Question

[maxume]

So why focus on that and ignore my insisting that something like Ghostery is actually a practical answer to the tracking?

Re:Dumb Question

[icebraining]

Option? NoScript should block it by default.

Re:Dumb Question

[AK+Marc]

I've addressed the "practical" portion, and your response is to repeat yourself emphatically. That's not a discussion, that's a shouting match. What, mad I'm not going to argue in your preferred manner?

Re:Dumb Question

[rocket+rancher]

"when the button gets downloaded"

Which you *do not have to do*.

It happens automatically. See the "Like" button? It's because it's already been downloaded - even if you NEVER dealt with facebook. Facebook even tracks users vi IP+browser fingerprinting who they can't tie to an existing account so that if/when you DO sign up, they can match that history with you. Totally illegal.

Totally illegal where, dude? The web, last time I checked, is a public venue with planetary visibility and zero expectation of privacy. What legislation, in what country, makes this illegal? More to the point, how on earth would such legislation ever be enforced? I'm not kidding, dude -- put up or shut up.

Re:Dumb Question

[tomhudson]

You don't have an expectation of privacy in public - but you still have the right to have someone arrrested for following you around. Also, the regulation of the collection of personally identifiable information is more advanced on much of the world than it is in the US, where anything is for sale.

Re:Dumb Question

[Carnildo]

$ grep facebook /etc/hosts
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 developers.facebook.com

$ grep local-zone /etc/unbound/unbound.conf
local-zone: "facebook.com" refuse
local-zone: "fbcdn.com" refuse

Re:Dumb Question

[maxume]

No, not really emotional about it.

But I do see that you created a grandma that needs help to get online and then ignore the fact that the helper could, with very modest effort, set gramma up with a blocking tool that keeps itself up to date. It's clearly not as good an outcome as getting websites to not enable Facebook, but it isn't complicated or hard.

Re:Dumb Question

[rapidreload]

Although this generally works well, there are two problems you might encounter when using this technique to block all Facebook stuff:

(1) Some sites integrate Facebook in such a way that a page using Facebook elements will appear to be continually waiting for a domain to respond before the page will have loaded. All this means is that sometimes the browser won't timeout until the connection fails and so some pages will have the "busy" mouse cursor appearing longer than usual, and the "loading page" browser throbber will stay animated longer. Once again, it varies as to whether this happens or not.

(2) Some sites (particularly news sites) have decided to use Facebook for their user commenting system instead of something separate like DISQUS or even their own custom implementation. Apart from the fact this limits commenting to Facebook users, even if you just want to read comments and not respond, a hosts block will prevent you from even doing that.

Re:Dumb Question

[AK+Marc]

Yeah, or just have Facebook stop illegally tracking people...

Re:Dumb Question

[houghi]

(1) I have a webserver answering. I even use 127.127.127.127 so it goes there and shows nothing and logs are somewhere else.

(2) I do not miss that. I even use ways to NOT see comments on many sites,

Re:Dumb Question

[Metabolife]

http://ha.ckers.org/weird/CSS-history-hack.html

Cookies cannot "unlawfully intercept" anything

The thing is that this tracking depends on cookies, which are actually sent by the browsers themselves (as per the HTTP spec). Of course I haven't analyzed all the Javascript so I'm not sure, but Javascript does not have the capability to perform any time of interception of network traffic. Of course, I don't know what Flash, etc. could do.

I highly doubt that there is any "unlawful interception" going on here and this is likely just more waste of taxpayer money because we, the technically apt, have to live with stupid politicians.

Re:Cookies cannot "unlawfully intercept" anything

Yeah! They shouldn't use computers, either.

If you don't want bad shit to happen to your computer, then stop using computers. This is your fault. Your fault!

The only recourse is to throw your arms up in the air like a Fraggle, bend over, and take it. Not taking it is consent.

Re:Cookies cannot "unlawfully intercept" anything

[martin-boundary]

No, it's Facebook's fault. If some guy sells you stolen goods, you still have to give them back. Same principle.

Facebook are taking information from the browser, knowing full well that the person running the browser is unknowingly being deprived of privacy by his browser.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

This is not like receiving stolen goods. The user (via software they choose to use) is willingly handing Facebook this information. It's a bit odd to willingly hand someone something and then complain later about it. The best option is to stop handing them that information in the first place.

Re:Cookies cannot "unlawfully intercept" anything

[cheater512]

That isn't what the law says though. The law only applies in wiretapping cases.

You can try and change the law to include tracking cookies, but you cannot apply the wiretapping law to this case.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

That's not true. Unless you avoid websites that have those obnoxious like buttons on them there's no way of avoiding them without blocking those domains and the related cookies. Which most people wouldn't do as they have no idea that they're being tracked by them.

Worse is that historically they track people who are logged out of FB or don't have an account to begin with.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

It's not willful if you've logged out in the meantime. Just because I have an account with Google for say email or YouTube, does not mean that I consent to have them tracking me when I'm making posts here, or possibly downloading porn.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

"The user is intentionally using software that sends tracking information (cookies) to Facebook"

No, that is not the case at all. If it were, this would be a different story.

We're talking here about third-party cookies. These are images that come from servers OTHER THAN the one you are visiting. But when that image is downloaded from that foreign server, it gets a record of your ip and what the referring domain is.

The issue here is that while you can control what websites you visit, you have no control over what image bugs or javascript they install on their site, nor is there any way to tell in advance what they are. So you aren't voluntarily doing anything at all; in fact most of the time you probably don't even know it is happening. That does not fit the definition of "intentional". On the contrary; it is downright sneaky.

Tracking bugs like that are completely unethical, and if they are not in fact illegal they should be.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

And yet you use software that you know sends this information. Being logged in or not isn't relevant. You've configured your software to send tracking information to any web server you browse to.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

That does not fit the definition of "intentional"

Configuring your browser so it sends cookies is intentional. You can change it so it doesn't. Being aware of this, and doing nothing shows that you consent (if you didn't consent, you wouldn't let your software send tracking information).

Re:Cookies cannot "unlawfully intercept" anything

[ScrewMaster]

That isn't what the law says though. The law only applies in wiretapping cases.

You can try and change the law to include tracking cookies, but you cannot apply the wiretapping law to this case.

I'll bet they can. "Wiretapping" doesn't necessarily have to involve wire. I'm not a lawyer, and I haven't read the statute in question, but if these States Attorneys didn't feel they had a case I doubt they'd have filed suit. Furthermore, even if the law doesn't sound to applicable to the technical types that populate Slashdot, odds are it can be made to sound that way in court. Just takes a friendly or misinformed judge to allow a twisted interpretation to stand. You just have to look at thirty-odd thousand RIAA copyright infringement cases for any number of stellar examples of how courts can get technical issues dead wrong.

Re:Cookies cannot "unlawfully intercept" anything

[fatphil]

The browser is willingly doing it. Website X has said "please connect to facebook for an image", the browser says "sure thing, I love facebook, I love them so much I even store data for, and share data with, them". The browser loves facebook because the user has either shown a love for facebook, or for all websites, and is simply doing what it thinks you want.

If you have given your consent for your browser to load 3rd party images on webpages, you *have* consented to have 3rd party websites tracking your web usage.

Re:Cookies cannot "unlawfully intercept" anything

[Narcocide]

While I actually like where the logical conclusion of this argument goes, I just don't see it happening. What you're suggesting is only practical for most users to implement by turning off all cookies and scripting entirely, and Facebook could still trivially sidestep that unless you also turned off all images and all URLs for any embedded resources that are not on the current website's domain.

So, personally I'd like to back your argument and agree with you here. If everyone did this it would certainly take the wind out of Facebook's revenue and marketing plans (and many other social networks and news sites, no doubt) but I think we can also both admit here that the suggestion is impractical to the point of being absurd.

Re:Cookies cannot "unlawfully intercept" anything

[Narcocide]

Well, while the last sentence *might* be true since most browsers typically *do* give out cookies without asking your permission first, your analogy is totally flawed because most people's wallets do *not* automatically default to dispensing $100 by default when someone (usually without you even hearing it happen) asks your wallet (not you) directly for $100.

Re:Cookies cannot "unlawfully intercept" anything

[Score+Whore]

If you don't want google to know you're downloading porn (and exactly what porn you are downloading) (and any warez, etc.) then you'll need to make very sure that you never use a site that uses recapcha. Fucking google.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

I understand your point, but how does that relate to this law suit? At the end of the day this is not about Facebook taking your private information, it's about you *giving* that information. From a legal point of view that quite a big difference, regardless of how impractical it is to configure your software to stop handing this info to Facebook. There are a few Firefox add-ons that prevent this from happening without disabling cookies altogether.

Re:Cookies cannot "unlawfully intercept" anything

[maxume]

"Load Images Automatically" has been a browser option for something like 15 or 20 years.

I can see reasons to desire more fine grained control than that, but it sort of makes statements like "you have no control over what image bugs or javascript they install on their site" sound really stupid (because the browser option makes the presence of the bug in the html irrelevant).

Re:Cookies cannot "unlawfully intercept" anything

[EdIII]

The only recourse is to throw your arms up in the air like a Fraggle, bend over, and take it

Dude.... I don't think we were watching the same TV show as kids.

Re:Cookies cannot "unlawfully intercept" anything

[psiclops]

how do you block the loading of the facebook button BEFORE you know it exists?

Note:By before you know it exists, i mean before you know it exists anywhere on the internet, not before you know it exists on this one specific site.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

The browser doesn't have legal standing to consent, and a lack of opt out is not the same thing as granting consent. One does not have the ability to prescreen sites before loading them.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

Nice trolling. The computer doesn't have the means to decide what is and is not acceptable to download from a website, I do. However, I don't have the option of making that decision until such a time as it is downloaded. And sites never disclose to me what sites they're using for what purposes, I can of course block sites, but I have no way of knowing what ramifications there might be.

It isn't a matter of human beings being chimps so much as it is the complete lack of information available. I've looked up sites that a site I was going to was wanting to load and found nothing on the site itself. Now, I don't know about you, but I don't have hours on end to look that information up, hoping not to find an unknown site in the meantime. And quite frankly, the whole idea is ludicrous given that you end up in a catch 22 situation of being unable to find out what's going on with the information without giving the information to somebody.

Re:Cookies cannot "unlawfully intercept" anything

[martin-boundary]

At the end of the day this is not about Facebook taking your private information, it's about you *giving* that information.

No it's not. *You* (aka the average user) aren't giving the information. You have no idea the information is being given, and in all likelihood you would object to giving the information if you knew it was being given (*). So there's no consent (by you) when your *browser* is communicating with a facebook server through an unrelated website. Your argument therefore is inapplicable.

(*) proof: all major browsers have various kinds of privacy settings, which would not exist if there wasn't popular demand. The correct default position is that people do object to giving out information to random websites.

Re:Cookies cannot "unlawfully intercept" anything

[OneMadMuppet]

How is this even slightly different to the banner adverts we've had since the 90's? Remember doubleclick? How is a Like button different to a Digg button, or SU, or even a Slashdot button? It's not.
If I got to a website that has adverts or articles I EXPECT it to have tracking for either advertising or social buttons (as well as it's own metrics). Clean your browser and see how many cookies are set by slashdot, or CNET (shudder) or MSN.
You know, I don't mind cookies - and here's why: They're going to show me adverts ANYWAY - I might as well let them show me something appropriate.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

Because most websites tend to be broken if you start disabling random javascript. Which is really the problem, you don't have a basis for making informed consent as they don't tell you what the sites are they're pulling code from and why. If you do start disabling random javascript then you have no actual knowledge of which ones are and aren't necessary or worse aren't even intended by the site.

Now, if you can propose someway of knowing what to actually load, then you're way beyond damn near every single web browser.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

So there's no consent (by you) when your *browser* is communicating with a facebook server through an unrelated website.

You are responsible for the software (in this case a browser) - it's yours, installed on your computer that you are using. You have it configured to send out tracking information. If you don't want it to send out such information, then don't leave it configured to. You choose to use it with those options enabled.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

"Configuring your browser so it sends cookies is intentional. You can change it so it doesn't. Being aware of this, and doing nothing shows that you consent (if you didn't consent, you wouldn't let your software send tracking information)."

Absolute rubbish. The fact is that it is not practical these days to browse regularly with your cookies turned off. Too many sites require logins, or some other kind of verification. So you are asking me to go far out of my way, and suffer a LOT of daily inconvenience, in order to prevent someone from doing something that is unethical in the first place.

And further yet, I DO NOT CONSENT... it is actually impossible for me to consent... to something that I do not even know is there ahead of time! Consent requires advance information. If there is no advance information, there is no consent. Period.

Re:Cookies cannot "unlawfully intercept" anything

[martin-boundary]

You are responsible for the software (in this case a browser) - it's yours, installed on your computer that you are using. You have it configured to send out tracking information. If you don't want it to send out such information, then don't leave it configured to. You choose to use it with those options enabled.

Nope, most people never configure their browser at all. It's got a default configuration that came with the computer (ie it was actually configured by some technician prior to delivery of the machine). So they aren't making a choice to let the browser send out private information, they don't even know that they have such a choice in the first place.

I agree with you about responsibility, but responsibility is not the same as choice. And that still leaves the question of Facebook, whose tracking technology is explicitly designed to exploit the ordinary operation of popular browsers in their default configuration. It is very much like illegal wiretapping IMHO.

Re:Cookies cannot "unlawfully intercept" anything

[fatphil]

Both of your poinst are mostly true, but don't cover all aspects of the transactions that are taking place.

The reader, when using most modern browsers in their default configurations, does say "I trust my browser to do what site X asks it to do, no matter what", and site X is saying "I trust facebook to do whatever they want to my readers".

I say "mostly", as it's entirely possible to view a web page without loading any images/iframes/scripts linked to by that page. That happens every time I use links, lynx, or w3m from a tty (which I do occasionally, but my g/f uses text mode browsers as her browser of choice most of the time). That's the simplest of all prescreenings - I don't want anything.

I also remember mosaic back in 1993 not showing inline images. If you moused over the icon, you'd see the URL, and if you were interested in that image, you had to click on the placeholder in order to pop up an xv window containing the image. If that isn't pre-screening, I don't know what is. Of course, that's impractical for the image/script-heavy piles of vomit that the youngsters like to look at nowadays, but that's different from not "having the ability".

A better compromise I remember from the 90s was to always run with a "no 3rd-party images" setting in an early netscape - that worked fine. If it was too much bandwidth for you to serve to me, it's too much bandwidth for me to be bothered to download.

I wish those darn kids would get orf moi web!

Re:Cookies cannot "unlawfully intercept" anything

[julesh]

No, that is not the case at all. If it were, this would be a different story.

We're talking here about third-party cookies.

Every browser I've used since some time around 2005 or so can be configured not to send third party cookies. Most come preconfigured not to do so; I know that some time around 2006 I had to rewrite some of my sites that used third party cookies (to track users across a single site that operated on multiple domains) because it simply didn't work for the majority of my visitors. Preventing yourself from being tracked by third party cookies is *trivially easy*.

If we're just talking about the referer[sic] header, then that's a different matter entirely, but I fail to see how it amounts to interception of communications. That's like saying that *any* web site that hosts images that other web sites are using is intercepting communications, because exactly the same thing is happening. OK, so they're ignoring them when they get to the other end (possibly; many sites log referrers automatically), but the law in question doesn't differentiate based on what you do with the information once you have it.

Re:Cookies cannot "unlawfully intercept" anything

[cffrost]

It's a bit odd to willingly hand someone something and then complain later about it.

Sure, just like those people that willingly handed $65 gigabucks to Bernard Madoff and then complained about it later... Say, what ever became of Mr. Madoff?

Re:Cookies cannot "unlawfully intercept" anything

[N1AK]

Bollocks. Your browser, which you control, sends the information automatically when asked because you told it to. You could set it to ask and haven't. There is no way you can argue that you aren't consenting with any credibility. The thing is that isn't the point. Just like EULAs no one reads, crazy TOS etc we are constantly 'agreeing' to things that we don't want to agree to because the time taken to even consider it makes it effectively impossible to do so.

If the major browser manufacturers implemented different defaults together they could kill off a lot of these abusive practices straight away. If a consumer advocacy group worked with the browser makers to certify TOS/EULAs etc then users could click a couple of check boxes when they first see an EULA and the browser could advise them if it fits there needs.

We don't need governments to regulate this. Based on previous experience it won't work, will take too long and will cost a fortune. This is something that can be solved much more quickly by a little consumer advocacy.

Re:Cookies cannot "unlawfully intercept" anything

[Xserv]

Well, technically, they can. They can build a profile using Third Party Cookies. There's a site I saw awhile back about how to block them in multiple browsers (http://www.bobulous.org.uk/misc/third-party-cookies.html) which handles most of your advertisers out there.

For the technically inclined, by loading the javascript through an iframe which runs it natively from the remote server, also borking any browser warnings you might get, you have the ability to set the cookie as itself and read it across multiple sites who share the same information. Facebook does it this way if I'm not mistaken.

You can set a P3P header with:
response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'")

This is known as a "Compact Privacy Policy" and allows IE to handle the cookie which it would normally block. You can read about p3p policies here: http://www.p3ptoolbox.org/guide/

Once you do that, you can set the cookie using whatever language you want as normal. You can also read those cookies through the same method.

Re:Cookies cannot "unlawfully intercept" anything

[maxume]

Half of my point is that you really need to coach your argument in terms of what the average user can be expected to do, not make hilariously wrong statements about what is possible.

I mentioned RequestPolicy in another comment. It enables the user to inspect each off site http request that Firefox makes (the default configuration is deny all). That's going to be pretty tedious, but it isn't going to involve analyzing any html or working through any obfuscated javascript. For a lot of the tracker crap, denying the first connection isn't going to break anything on the page, solving the problem.

(I get that this is not a particularly attractive solution to the problem, I haven't reached the point yet where I have decided to work through the pain of creating white lists for RequestPolicy, so I don't use it. But it is very much current technology and it very much solves the problem of not knowing about what sites are being contacted and controlling those requests.)

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

Thank you. Informed consent is the point I have been trying to make, but some people here just don't seem to get it.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

Perhaps what's needed is a grass roots campaign to inform people they their software is sending out tracking information. I don't believe legal action is appropriate when Facebook are simply using information that people are (willingly or ignorantly) sending them.

Re:Cookies cannot "unlawfully intercept" anything

[maxume]

None of that defends "As a practical matter, the only real control you have is "all, or none"."...

Re:Cookies cannot "unlawfully intercept" anything

[agm]

I repeat: if I do not know in advance that someone intends to do something, I do not give my informed consent. It is actually impossible for me to do so.

You have your browser configured to send tracking information out to any site that requests it. If that's not consent then I don't know what is.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

Then you don't know what consent is. It is impossible to consent to something that you don't know in advance someone is going to do, or who is doing it, or when.

Your argument is like saying that leaving my curtains open is equivalent to giving permission for someone to sneak up and spy through my window. Sorry, but the law in my state disagrees with that kind of excuse.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

Yes it does. Tell me: does Request Policy block addresses it hasn't yet encountered, while still not blocking others? Is it clairvoyant?

I admit that all or none is not the "only" way, however. There are 3 other methods I know of: whitelists, blacklists, and user interaction. If you are given the choice, in realtime, whether to block requests, then my objection does not hold. But most people don't use Request Policy, or even know it exists.

Re:Cookies cannot "unlawfully intercept" anything

[agm]

Your argument is like saying that leaving my curtains open is equivalent to giving permission for someone to sneak up and spy through my window. Sorry, but the law in my state disagrees with that kind of excuse.

Leaving curtains open is analogous to leaving ports on your router open, and in that case your analogy is fine. Sending out tracking information to any web server that requests it is more like putting a big pile of your business cards outside your house with a sign saying "take one". Can you then be annoyed if someone actually uses the information on those business cards?

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

You still aren't getting it. I don't know where your failure to understand is.

Look: it takes an overt act by somebody, to either peep through my window, or spy on my communications. Okay? They are deliberately acting against me. Therefore, they are ethically responsible, not me. The same applies to leaving router ports open.

I am NOT referring to whether it is stupid or not to leave it open. What I am saying is that a person or people who take overt action against me are responsible for what they do. I am not ethically responsible for what they do.

That is the context in which I was saying that it is like saying someone who wears a short skirt is "responsible" for being raped. That's not true; that's not the way it works. It might not be smart to do it, but that does not excuse overt, unethical or criminal actions on the part of others. They are responsible for their own actions.

And that is why, in my state, it is legal for me to open my curtains... however, it is NOT legal for someone to come across my lawn and peep in my window... whether my curtains are open or not.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

In the same way, as the saying goes: it might be stupid to leave my door unlocked, but that is not at all the same as giving permission to be burglarized. The burglar is still committing the crime, and whether I am being dumb or not, I am under no obligation to lock my door.

Re:Cookies cannot "unlawfully intercept" anything

[Jane+Q.+Public]

"Sending out tracking information to any web server that requests it is more like putting a big pile of your business cards outside your house with a sign saying "take one". Can you then be annoyed if someone actually uses the information on those business cards?"

Again, I disagree. *I* am not actively, intentionally sending out tracking information at all. My intent, when visiting a website, is to interact only with that website. Tracking bugs actively request my information, in most cases without my knowledge.

You are confusing two different things: whether it is ETHICAL for them to do that, and whether it is SMART of me to allow them to do it. (I am not doing it, they are.)

Those are two completely different issues. I am not claiming it is smart to allow them to do that. But at the same time, I assert that it is unethical for them to do that. Ethically, I am not responsible for their actions.

Re:But Privacy Doesn't Matter!

[PyRoNeRd]

If you aren't a criminal you don't need privacy!

First Facebook, then ...

[PPH]

... everyone else.

What FB is doing has already been done via banner ads provided from a few major ad sites for years (instead of 'Like' buttons). Its possible that Facebook is legally in a different position then the advertisers, since they (FB) can identify their users. But other then that, tracking is tracking.

Re:First Facebook, then ...

[MacGyver2210]

Everyone else? Good.

This is invasive and illegal if you correctly read the laws and don't 'interpret' them to suit your donors and benefactors.

Misuse of wiretapping law.

[BitterOak]

As much as I dislike Facebook's rampant disregard for users' privacy, this is simply not what the wiretapping law is about. The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties. What Facebook did is entirely different. With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites. Facebook is not intercepting and recording any communications.

Many of us might not like Facebook, and may see this lawsuit as a victory, but misapplication of federal computer and communication laws sets a dangerous precedent for anyone who uses the Internet. Do something that pisses someone off? The Feds will find a law and twist it to make it fit your actions. If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

Re:Misuse of wiretapping law.

[frosty_tsm]

This is sort of like the "wire fraud" laws used against businesses. They never did anything related to wire fraud, but it's kind of a catch-all for "you did business in a shady way to get money from people." In this case, it's "you tracked people in a shady way."

What we really need is our laws to be updated to reflect technology rather than using laws created back when telegraph lines were high-tech.

Re:Misuse of wiretapping law.

[Nidi62]

If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

But how can you know if a new law is required to cover a new technology without a judicial test of the existing laws? That is what the courts are designed to do: test and apply the laws to a given situation. Let this go to trial. If the courts shoot down the lawsuit due to these laws not applying, then you can go ahead and get new legislation passed.

Re:Misuse of wiretapping law.

[Bill+Dimm]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked? The tech-savvy ones might have realized that that was a possibility, but I would guess that a lot of website operators put the button on their pages to allow their users to "like" a page, not for the purpose of allowing Facebook to track them. Car analogy: If I give my car keys to a mechanic to change the car's oil, that doesn't mean I've consented to having him install a GPS tracker so he can monitor me.

Re:Misuse of wiretapping law.

[ILongForDarkness]

Agreed let it go to trial. I hope people don't get bribed into a settlement and Facebook get off "without accepting any guilt". I think being able to settle without accepting guilt in general is silly. You settle to save the cost of court and the risk of losing more money then the settlement is going to cost you. You shouldn't be able to get away without admitting that you did something wrong that is why you needed to pay. Somehow only individuals are expected to apologize when wrong and corporations are supposed to protect their "brand image".

Perhaps a catch all "I know it when I see it" clause is needed for tech. Tech is going to change quicker than legislation can. Streaming video okay? What about streaming from one persons iTunes library to another persons, isn't that just sharing something you own? Who knows. Courts should be able to weigh the case without having to wait 10 years for both houses to figure it out, especially since what they come up with will likely be hugely lobbied by special interests and likely not reflect common sense.

In this case as the judge I'd probably have to agree that the wiretappnig laws apply. Sure technically it is your browser talking to Facebook and telling it who you are but the thing is you've logged out, as far as a "reasonable person" would think you are no longer on Facebook but on company Xs website. You didn't chose the banner ad that was presented but if it happens to be one from Facebook they get your info, but if another companies ad happened to be shown your browser won't have "chosen" to send info to Facebook? It doesn't pass the "reasonable person" test since if I really wanted Facebook to know my browsing habits I would have installed something willingly that would talk to Facebook regardless of the ad (we don't go to sites usually because we want to look at their ads but for the content on the page).

Re:Misuse of wiretapping law.

[CastrTroy]

All good and fine when it's facebook, a multi billion dollar company facing the charges. They will probably get off. But I don't think people would have the same attitude if it was a much smaller entity getting charged, without so much means to defend itself.

Re:Misuse of wiretapping law.

I doubt you really understand the level at which these marketting people have tracked everyone on the Internet. The amount of bandwidth needed to do this must be considerable! They basically are tracking people as they click around the pages, logging every site, putting a time stamp on the various page requests. Do you like that they know every site that you go to if you don't do advertisement blocking and ad-site black-listing?

You have no idea how far they have taken this. None. They have crossed a line and it sure seems like tapping to me becuase the communication that they tap is the request and order of request for data. You you like everyone knowing every book you pickup in a book store? Do you want everyone to know what rocks and pebbles you examine on a beach? At what level is this an invasion of privacy when my private behavior is fodder for their attempts at hypnosis and brainwashing?

How is what they do different from pointing a telescope into someone's living room and watching their keystrokes and mouse moves with a telephoto lens? Ya, of course it is different. What they do is a far easier and more accurate way to get the data.

If you really have no problem with them tracking you does the frivilous use of power resources to do all of this not present some kind of environmental concern? Do corporations and the government realy have a need to know all my keystrokes and mouse clicks?

If you are not a shill for these web-trackers then you really can't have thought about this for very long. And you probably don't know anything about web-page architecture.

Re:Misuse of wiretapping law.

[Jane+Q.+Public]

"Facebook is not intercepting and recording any communications."

Yes, it is, at least in a sense.

Facebook is recording your IP, What sites you visit, and when. While it isn't recording any other communications, it doesn't need to in order to violate privacy.

What Facebook is doing is equivalent to a Pen Register used on telephones. The Pen Registers record what calls are being made, when, and to what number. But they don't record any actual conversations.

But even Pen Registers are illegal, and can only be used by Law Enforcement under strict conditions. The standard of evidence for allowing use of a Pen Register is lower than for actually tapping a phone line and listening to the conversations, but it is still legal only for law enforcement and it still requires due process, meaning they have to petition a judge for permission, and explain their evidence.

Re:Misuse of wiretapping law.

[Aighearach]

The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties.

No, it is often intended to cover cases where any of the parties are non-consenting.

Re:Misuse of wiretapping law.

[fatphil]

Your analogy has nothing in common with the situation in question at all.

The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade: the first google hit points to 1999, http://news.cnet.com/2100-1017-243077.html , but they go back a while before that.

Re:Misuse of wiretapping law.

Is it facebook's fault that when given a piece of embeddable, executable javascript, they were too lazy and inept to see what a technically savvy person could have in 15 seconds?

Oh wait, let me guess--you're like my old manager who taught IT at a local community college and thought she was tech smart because she could use Excel macros. And even wrote HTML back in like 1998. Not that she knew a fucking thing about how the protocol worked, how cookies were sent, how CGI worked... it was all just "magic" she pushed over frontpage's FTP.

Sure, facebook didn't go out of their way to advertise this, but that's because it's irrelevant to the function they offered. If you're going to load my script, and my image, using my high-speed CDN and bandwidth--I can't help but fucking know about you.

And if you've got a cookie--I still know who you are--logged in or not.

If you think this is bad, try looking at the little thing called google-analytics and ask yourself what google knows about you! Or maybe comscore--it's right here on *this* page you're reading.

Then look at the other CDNs commonly in use that have data sharing arrangements. And then when you're done being inept, think for a split fucking second about the marketing and analytics firms like what I mentioned above. You know, that are also everywhere and /served/ via CDNs? Once again making the vast majority of your access...visible.

And hey--it takes a single damned piece of paper in an agreement to aggregate that data and traffic and maybe start sharing it. Is that too dangerously close to a wiretap for you and your general counsel? Okay, I'll serve a randomized beacon via the CDN and have it resolve via ultrafast caching DNS (installed at the ISP because we paid for it to sit there) and it'll forward the report back to me later.

Your car analogy fails. When your car automatically and programmaticaly stops at every fucking mcdonalds it happens to drive past because every store includes instructions to it right before the exit (bottom of webpage) it's your fault for not getting a better driver.

And this is why car analogies...suck. It's a damned computer. And you're the idiot that thought it would be a good idea to let some random website execute any piece of programming that some underpaid shithead from delhi thought to put on it. In addition to what every psychotic from marketing thought they could add in for a few cents on their next paycheck. In addition to whatever the undermanned IT team thought to include from Google to save time and cost and figured it's just your privacy vs their time and budget.

YOU. Made. The. Choice.

Not microsoft. Not Google. Not Apple or Adobe.

It's your damned computer, and your damned website. And you were too inept, incompetent, or lazy to think for a split second that the 'freeby' might have some other cost, or even to fucking ask someone that knew about it.

Yes, I'm ranting.

If you're a web developer and you can't talk HTTP natively, you make me sick.

Re:Misuse of wiretapping law.

[Bill+Dimm]

Your analogy has nothing in common with the situation in question at all.

Nothing at all? Facebook is given access to another website's users for one reason (to supply a "like" button), and it uses the opportunity to do something else (tracks the user). Likewise, the mechanic is given access to my car for one purpose (change oil) and uses the opportunity to do something else (install GPS tracker).

The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade...

Please re-read the post by BitterOak that I was replying to, and you'll see that it is different. BitterOak claimed that it isn't wirefraud because wirefraud involves interception by a third party when neither party consents, and he claims that websites displaying a "like" button have consented. I've never posted a Facebook "like" button on a website, but if Facebook simply provides some HTML code and says "paste this into your website so users can 'like' your page" without explaining that pasting the code in will also allow Facebook to track the website's visitors, how can Facebook claim that the website operator gave consent for that tracking? It's like saying that I consented to a mechanic putting a GPS tracker in my car because I took it in for an oil change. If a website operator puts a 1x1 pixel web bug into his/her page, he/she almost certainly knows that it is being used for tracking -- there isn't much opportunity for him/her to think that it serves some simpler purpose like displaying a "like" button.

Re:Misuse of wiretapping law.

[syousef]

If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

But how can you know if a new law is required to cover a new technology without a judicial test of the existing laws? That is what the courts are designed to do: test and apply the laws to a given situation. Let this go to trial. If the courts shoot down the lawsuit due to these laws not applying, then you can go ahead and get new legislation passed.

That is why I wholeheartedly disagree. As far as possible the law should be based on the intent of the offender and consequences to victims, not on which technology de jour was used to commit it. Then we wouldn't need judges with degrees in IT as well as law to make a sound judgement. In general tech is just the enabler. The issue here is privacy, not whether HTTP cookies, like buttons, FTP, gopher or carrier pidgeon was used to transfer the information.

Re:Misuse of wiretapping law.

[Bill+Dimm]

Is it facebook's fault that when given a piece of embeddable, executable javascript, they were too lazy and inept to see what a technically savvy person could have in 15 seconds?

If it intentionally does something significantly different than what Facebook tells the user it does, yes it is Facebook's fault. Is it the mechanic's fault if he plants a GPS tracker in your car during an oil change when you could find it with a 15 second inspection? It's ridiculous to expect everyone (including bloggers and other non-technical people) that posts something on the Internet to audit the tools provided by others to verify that they do what they claim. Furthermore, all a code inspection would tell you is what information could be transmitted to Facebook -- not whether or not Facebook stores/abuses it.

Oh wait, let me guess--you're like my old manager...

Bad guess. I've done web development, but my qualifications are irrelevant. This is about people pasting "like" buttons into their webpages, not me.

Sure, facebook didn't go out of their way to advertise this, but that's because it's irrelevant to the function they offered.

That's exactly my point.

If you're going to load my script, and my image, using my high-speed CDN and bandwidth--I can't help but fucking know about you.

There is a world of difference between your webserver receiving information in a HTTP header, which is unavoidable, and you choosing to store and utilize that information. You don't need to store a referrer or a cookie to serve an image of a button.

try looking at the little thing called google-analytics

The website operator that chooses to use Google analytics knows that it is tracking users, since that is its purpose. The website operator does not, I'm guessing, know that adding a "like" button implies tracking, since, as you pointed out, "it's irrelevant to the function they offered." That was my whole point -- how is the website operator giving consent if he/she doesn't know that the "like" button has functionality beyond what is advertised? That's what this whole discussion about the applicability of wiretap is about -- consent.

When your car automatically and programmaticaly stops at every fucking mcdonalds...

Please read my post again. I didn't say the mechanic was modifying your car's existing GPS. I said the mechanic added a GPS tracking device. The mechanic could, for example, sell data about how often you speed to your insurance company. The analogy is a lot more apropos than you give it credit for.

Re:Misuse of wiretapping law.

[DoofusOfDeath]

If a law is written such that people don't know how it applies until a judge rules on it, isn't that an ex post facto law, for all intents and purposes?

Re:Misuse of wiretapping law.

[BitterOak]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked?

Well, in that situation, the person clicking the Like button is communicating with Facebook, not the hosting website, so wiretapping laws are even less applicable. How can Facebook be wiretapping a communication between a user and Facebook?

Re:Misuse of wiretapping law.

[BitterOak]

No, it is often intended to cover cases where any of the parties are non-consenting.

Not the federal wire-tapping laws. Some states require two party consent for recording conversations (and then the law generally only covers audio recording, which is not the case here), but I think Facebook is being sued under a federal wiretap law.

Re:Misuse of wiretapping law.

[Bill+Dimm]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked?

Well, in that situation, the person clicking the Like button is communicating with Facebook, not the hosting website, so wiretapping laws are even less applicable. How can Facebook be wiretapping a communication between a user and Facebook?

This isn't about tracking someone that clicks the "like" button (note that I said "was not clicked" in my previous post); it is about them tracking someone when the "like" button is displayed on some webpage. So, a website operator embeds a "like" button thinking that it does nothing but allow the user to like the page by clicking it, the user does nothing but load the page into the browser, and Facebook gets tracking info. How did the website user consent to tracking when he/she did nothing but load a webpage on a site that is not Facebook, and how did the website operator consent when he/she did not know that adding a "like" button to his/her webpage had the side-effect of adding tracking?

Re:Misuse of wiretapping law.

[Burning1]

Actually, it's my understanding that wiretap laws are being used to model laws against GPS and other tracking devices, and it's totally possible that illegal tracking of people can fall into the realm of wiretap law.

Beyond that, it's not difficult to argue that the facebook bug is being used to intercept and record communication between two parties without concent of both parties. After all, my requests and responses are private communication, and I would not be surprised to find that the facebook bug is being used in situations where encryption is being employed.

Re:Misuse of wiretapping law.

[Jane+Q.+Public]

"That's legal under wiretapping laws."

Not in my state. Here, unless ALL involved parties agree, it is illegal as hell.

Re:Misuse of wiretapping law.

[fatphil]

Including javascript written by somebody else on your website is about the most ass-rapingly huge consent that you can give anyone - it says "here, do anything you want with my readers' virtual machines". They may be too stupid to realise that, but stupidity is never grounds for reducing culpability.

Re:Misuse of wiretapping law.

[drinkypoo]

The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties. What Facebook did is entirely different.

how?

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

The cookie mechanism is loaded directly from facebook.

Facebook is not intercepting and recording any communications.

They're intercepting and recording the fact of communications, and as we have seen, you can extract information from such a side channel. Therefore consumers should be protected from this activity.

Re:Misuse of wiretapping law.

[Bill+Dimm]

Including javascript written by somebody else on your website is about the most ass-rapingly huge consent that you can give anyone - it says "here, do anything you want with my readers' virtual machines".

Likewise, installing any software on your computer that you didn't write yourself says "here, steal my credit card info and encrypt my hard drive and hold it hostage until I pay ransom." You have disassembled Microsoft Office to ensure that Word won't wipe your hard drive if you type the magic words "Bing sucks," right? Because, after all, it could do that, and it is unreasonable to trust a software developer to provide software that only does what it claims to do, right?

Re:Misuse of wiretapping law.

[luisdom]

cover interception by a third party of communications between two other non-consenting parties

Ok, entirely different. It's one other non-consenting party. If you call a company you wouldn't like next calls to be registered, right?
And laws should be used to cover any behavior we don't like, that's why we make laws in the first place.

Re:Misuse of wiretapping law.

[fatphil]

No, I haven't disassembled MS Office. But then again, I've not installed MS office. Even if it came in a linux/POWER version, which is my platform of choice currently, I still would install it.

Every single package I have installed comes from sources I have chosen to trust, which have very thorough and exclusive vetting procedures before letting people contribute (some won't even let me contribute presently, for example) and which only distributes software cryptographically signed. On top of that, if I'm less keen to trust them on particular packages, as I don't particularly trust their upstream for example, I can examine the code, as it's all freely available.

This is about 10 orders of magnitude less ass-rapey than running javascript which is sent afresh (and thus can and does change even after you've reviewed it, were you to so do) from a commercial site whose interest in you is that of a farmer's interest in his pigs.

Re:Hooray for Adblock + Antisocial filter

[RazorSharp]

If I wanted to see Facebook crap, I would join Facebook.

I've used multiple extensions that claim to block Facebook stuff and they only work half the time. I still haven't found one to stop getting Facebook cookies. I have to delete them all the time even though I've never gone to Facebook's website. I can't go to any commercial website these days (except Google) without getting their crap on my computer.

Figures they went to that Bilderberger meeting....

[sgt_doom]

....attended by the Usual Suspects, David Rockefeller, Henry Kissinger, top banksters on the planet (and the hedge funds which are owned by the banksters which own the banksters --- interlocking stock ownership up the wazoo!). Once Marky Zuckerberg (Facebook) and Bezos begin attending with the rest of the global banking cartel -- it figures that they are the forward army of societal information systems engineering --- and I'm being quite serious.

http://disinfo.s3.amazonaws.com/wp-content/uploads/2010/11/Screen-shot-2010-11-17-at-10.30.55-AM.png

http://farm7.static.flickr.com/6231/6238828974_5389387b60_b.jpg

Re:No one has pointed out the most shocking fact..

[Osgeld]

the south is coming around, I saw a "Books-a-Million" in Alabama!

Wouldn't this apply to other tracking mechanisms?

[Virtucon]

I guess unless you explicitly "opt-in" this could be extended to all tracking mechanisms such as fine grained or coarse grained GPS tracking, Ad-Aware cookies which track which websites you've been on etc. It seems Facebook is being singled out here but I can't honestly think that they're doing much of anything different than what has been happening on the web for years.

Disabling Cookies has been mentioned here so I guess like disabling Adoobe Flash Cookies (Storage) and disabling cookies in General, you'll solve some of the tracking issues.

Now if Amazon would stop inferring that because one time I bought a Kids PC Game they'd stop sending me Kids PC game announcements. I know, I can opt-out but it's still funny since I bought those games over 15 years ago yet they still hope that some day I'll buy another version of "putt putt."

Who they REALLY need to sue.

[tomhudson]

Hopefully they'll get a clue and sue the web site owners as well. There's no need for such detailed information.

Or eventually, we'll come up with "Consumer DRM" - where WE manage our own digital rights. After all, if it's good enough for Sony, it's good enough for you and me :-)

Re:Who they REALLY need to sue.

[maxume]

There are easy ways to control browser behavior, it is entirely possible, today, to manage what you browser does. The degree of control varies from browser to browser, but the more configurable ones are nicely cross platform.

That said, it is a giant pain in the ass because big companies like Facebook and the websites they work with know that not that many people actually care (i.e., given the pervasiveness of relatively anti-user content, client side white listing is the only workable option, and it is a pain in the ass. Stuff like Ghostery takes over the job of building the whitelist, but then you have the problem of trusting them.).

Re:Who they REALLY need to sue.

[tomhudson]

But why should we have to go to such extremes because web sites refuse to comply with the law and users' rights?

Back when my former boss wanted to implement some really serious tracking (pretty much everything, including mouse movements and keypresses) to help combat click fraud, I made it clear that there was no way in hell that would pass legal muster, and would attract all the wrong attention ... and that there were other ways that aren't so invasive.

Re:Hooray for Adblock + Antisocial filter

[fatphil]

What's so hard about the "Never" answer, when asked if you want to accept a cookie from facebook? In firefox it's just two clicks - "always", "no".

Chrome - NotScripts

[Killer+Instinct]

NotScripts [google.com] for Google Chrome.
You can also block third party cookies from this page.. => chrome://settings/content
And make sure "Block all third-party cookies" is set to enabled on this page .. => chrome://flags/
Also, Run in incognito mode as needed

Not really concerned with Facebook tracking me.

[idbeholda]

What's going to happen, really? Am I going to be publicly chastised for my good taste in porn? Somehow, I don't see that happening.

Been happening for ages...

[craznar]

I've had this issue with Facebook for ages (i've cleared my Facebook account over a year ago, and logged out) - I visit a site I've never been to before and it goes "Welcome " ... where the name is the name I have on my Facebook account.

Irony

[Zemran]

Did anyone else notice the Facebook like button at the bottom of the page? They now know you know they are watching you ....

Re:Wouldn't this apply to other tracking mechanism

[maxume]

If you tell the site that you own a bunch of other things, it will probably send you a wider range of recommendations.

Telling it you own books from the library that you have already read prompts it to recommend books that you have not read. And so on.

(Of course, the items you tell it you own do not have to have any basis in the reality, but basing them in reality may make them more interesting...)

Re:Wouldn't this apply to other tracking mechanism

[Virtucon]

Well owning vs. interest is one thing but I guess it goes to salesmanship. It just seems funny as in the rest of the Internet, that they don't forget and think that I'm a potential purchaser of products from 15 years past. It just still seems funny because by that logic, my ex-wife would think that I should still pay for her credit cards because I did it 15 years ago.

Re:Wouldn't this apply to other tracking mechanism

[maxume]

Sure, it's odd. But it isn't the result of anyone thinking, it is the result of them using heuristics that work against most of their customers against all of them.

Can Facebook Ever Get Privacy Issues Right?

[kindsvater]

Facebook is a useful service, but an incredibly dumb company. How many privacy problems and complaints has it had? Google doesn't need to compete. It can wait, sit back, and watch Facebook self-destruct and needlessly subject itself to lawsuit after lawsuit, injunction after injunction.

Re:MS media player

[Kaenneth]

No, it dosn't, I've run Windows Media Player (Version 11) with a packet sniffer running dozens of times, and every single connection is easily accounted for.

Care to be more specific?

Re:SlashDot and HTTPS

[cheros]

SSL (https) requires extra computing power, and you'd be wasting that to read something that is already in cleartext and public. I won't even hide your browsing habits, because that would require URL obfuscation, not SSL.

Ironically

[AliasMarlowe]

Ghostery says that TFA site is infested with Facebook Social Plugins (which Ghostery blocked).

Ghostery and NoScript are strongly recommended for avoiding this sort of crap. Disabling third-party cookies is another method. If you're not a user of Facebook, then yet another technique is to add a bunch of Facebook's sites to the blocked list in your router, or redirect them to 127.0.0.1 in your hosts file. The sad thing is, we should not have to do these things; tracking without explicit authorization per site should not occur.

I'm cheering for the plaintiffs here, and hoping Facebook gets (i) stopped from doing this stuff in the future, and (ii) enough of a punishment that it makes a material difference to their financial results. Having Zuckerberg as the star of Ow, my balls hurt for several episodes could be an optional extra.

This

[cyclomedia]

I have no problem with the Like button being there. But EVEN IF I AM LOGGED INTO FACEBOOK it should not record my page hit unless I click that button.

and BetterPrivacy

[Hyperhaplo]

When mentioning adblockplus you should also mention BetterPrivacy

ABP rocks for preventing most ads and cookies.. but BetterPrivacy controls flashcookies - LSOs.

Ghostery is also a must.

Facebook Blocker

[hey]

I have the Facebook Blocker add-on for Firefox but I still see Facebook content on non-Facebook sites. Don't want to turn off all javaScript. What to do?

ShareMeNot

[mrbill1234]

http://sharemenot.cs.washington.edu/

Excellent firefox plugin to solve just this "problem".

"ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience."

"When not logged in"

[HalAtWork]

What difference does it make if you're logged in or not? They shouldn't be collecting these things either way. Data from their own site, ok, but they should not collect your data pertaining to sites and services outside of Facebook at any time. "Likes" should be anonymized as well. The only time it would be unavoidable is when you "Share [URL] with facebook friends," since at that point the user explicitly understands what is happening.

Easy solution

[NumenMaster]

There is an easy solution to the problem. People complaining about FB should quit using facebook. They can imagine life without that hopeless timesink.

If a brick-and-mortar can, why not a website?

[rocket+rancher]

Ghostery says that TFA site is infested with Facebook Social Plugins (which Ghostery blocked).

Ghostery and NoScript are strongly recommended for avoiding this sort of crap. Disabling third-party cookies is another method. If you're not a user of Facebook, then yet another technique is to add a bunch of Facebook's sites to the blocked list in your router, or redirect them to 127.0.0.1 in your hosts file. The sad thing is, we should not have to do these things; tracking without explicit authorization per site should not occur.

I'm cheering for the plaintiffs here, and hoping Facebook gets (i) stopped from doing this stuff in the future, and (ii) enough of a punishment that it makes a material difference to their financial results. Having Zuckerberg as the star of Ow, my balls hurt for several episodes could be an optional extra.

Since brick-and-mortar businesses don't need your explicit authorization to track you when you are on their premises, why should a website be any different? Brick-and-mortar stores like your local supermarket accumulate as much, if not more data about you than any website on the net (including your likeness, if you will allow that their security cam data can easily be correlated with purchase history.) Supermarkets routinely share (read: profit by selling) this information to anybody that wants it and can afford it; I'm not understanding why you think online retailers should be held to a different tracking standard than their brick-and-mortar competitors.

Re:If a brick-and-mortar can, why not a website?

[AliasMarlowe]

Since brick-and-mortar businesses don't need your explicit authorization to track you when you are on their premises, why should a website be any different?

I think you answered your own question. When you are visiting their web site, they obviously can track your activities and are entitled to an expectation that they can track you. The issue is being tracked when you visit other web sites, especially when logged out of Facebook. The analogy would be if Walmart tracks your activity when you visit Sav-On-Drugs, Barnes & Noble, Red Lobster, Exxon, etc., even though you don't use any Walmart loyalty cards or suchlike in your purchases.

Re:If a brick-and-mortar can, why not a website?

[ScrewMaster]

Since brick-and-mortar businesses don't need your explicit authorization to track you when you are on their premises, why should a website be any different?

I think you answered your own question. When you are visiting their web site, they obviously can track your activities and are entitled to an expectation that they can track you. The issue is being tracked when you visit other web sites, especially when logged out of Facebook. The analogy would be if Walmart tracks your activity when you visit Sav-On-Drugs, Barnes & Noble, Red Lobster, Exxon, etc., even though you don't use any Walmart loyalty cards or suchlike in your purchases.

Well, if you're comparing real-world situations, it would be like some dude from Wal-Mart follows out out of the store and goes with you to all the other places you're shopping and takes notes.

Re:But Privacy Doesn't Matter!

[rocket+rancher]

Unless you earn too much, are a minority, have been raped or abused by an ex-partner, are too young or too old to have good judgment, etc.

If privacy isn't a right inherent to all people, then perhaps it is better if we enforce nudism. If we remove all of our clothing for queen and country, it would be much easier to spot any terrorist bombs.

Privacy is not an absolute right, because the expectation of privacy is constrained by the venue. Tell me, do you think you have a right to privacy when you are sitting in the right field bleachers at a Red Sox home game? Of course you don't. How about at a political rally? In a movie theater, maybe? How about at the local mall? You no more have an expectation of privacy on the internet than you do at a baseball game, or any of those other venues. Your attempt to defend privacy as an absolute right via your reductio ad absurdum argument is a non-starter.

Re:Exactly, for 'you'

[lennier]

I want everyone to be able to choose from thier own free will. ... the problem really is with the clueless masses, they dont know and cant decide

One of these beliefs is not like the other.