Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Sued For Violating Wiretap Laws

Posted by samzenpus on from the join-the-club dept.

An anonymous reader writes "Facebook is being sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws. The most recent lawsuit, filed by a Mississippi woman, says: 'Leading up to September 23, 2011, Facebook tracked, collected, and stored its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook. Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook.'"

36 of 284 comments (clear)

  1. sorry no by Osgeld · · Score: 4, Funny

    There is no way we can let go of this invaluable resource over a few lawsuits. Clearly the wiretap laws need to be changed or we will not have our greatest resource ... worthless information for dumb fuck advertising!

    1. Re:sorry no by Cryacin · · Score: 2

      Wonder how many FacePalms there were at FaceBook after this little verdict?

      --
      Science advances one funeral at a time- Max Planck
    2. Re:sorry no by MacGyver2210 · · Score: 3, Informative

      With one free plugin it becomes worthless information with no advertising.

      Or if you're in the entertainment or media business, it can become useful information with no advertising.

      http://www.adblockplus.com/

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
    3. Re:sorry no by hairyfeet · · Score: 2

      I second the ABP and would point out it also Chromium based as well as Firefox. I have noticed since giving my users Comodo dragon with ABP that not only do they have a faster nicer web experience, thanks to no ads dragging them down, but the rates of infection have frankly dropped right off the chart.

      I give MSFT credit for making Windows 7 pretty damned good about blocking bugs but the combination of Dragon sandboxing the browser with ABP getting rid of the malware laden ads it has made viruses, at least for my customers, pretty much a thing of the past. Now the only bugs I see are "Forest Gump" social engineering bugs where they wave the right cookie in front of the user and get them to bypass security FOR the malware. The worst I've seen lately is "The New Limewire" which is a bunch of malware wrapped up in a gnucleus client, nasty stuff.

      As for TFA that was awfully stupid of them, not to mention more than a little pointless. I don't know if my customers are typical but many of them live in FB so tracking them would be kinda pointless. Besides if they wanted to do that why not just offer a toolbar like everybody and their dog does? From what i've seen if you are stupid enough to agree to your average toolbar EULA you've pretty much agreed to give them keys to the kingdom anyway. I mean with all the money FB generates how hard would it have been to have someone write them a FB toolbar for all the major browsers?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:sorry no by webnut77 · · Score: 2
      How does adblockplus compare to ghostery?

      After I installed Ghostery, I was amazed at how many trackers some sites use. One site I went to had 32 trackers. After disabling most of them, guess what. No ads, which was really not my goal. I don't mind the ads since I figure that helps a site pay for itself, but I'm not a Facebook user and I don't want FB tracking me.

      And another thought, all that tracking is sure going to eat into any bandwidth cap.

    5. Re:sorry no by rtb61 · · Score: 4, Insightful

      The best way to crack down on advertising is perhaps not to block it but to force total truth in advertising. No lies, no exaggerations, no false associations, no people recommending who do not provide proof on continued use of the product and required warnings for any known problems with the product to be included in the adds.

      Adds should be restricted to informing people about a product, not about manipulating people especially children, not about false product qualities, not about people lying about using the product and, in fact not about anything that company can not prove to be true about the product.

      --
      Chaos - everything, everywhere, everywhen
    6. Re:sorry no by bryan1945 · · Score: 2

      A few weeks ago someone here suggested Ghostery to me. Wow, so many trackers. I spent the next few days deleting a how bunch of them as I progressed through my usual sites.
      AFAIK, AdBlock just keeps the ads from showing, but by doing so it may also block the tracker.
      To be safer, I use both.

      --
      Vote monkeys into Congress. They are cheaper and more trustworthy.
    7. Re:sorry no by Pope · · Score: 2

      Block all teeth whitening ads with this one weird tip discovered by a Slashdot poster!

      --
      It doesn't mean much now, it's built for the future.
    8. Re:sorry no by hjf · · Score: 2

      I'm going to play devil's advocate here. Filter bubbles and all their implications aside, and ignoring the fact that one can go with the torrent way...

      I would LIKE my TV provider to "track" me in some way. I would LOVE to have ads tailored to ME and MY needs. I hate so much, really, so much, the damn soap ads they play all day (at least in my country). REALLY, I DON'T want to see any more soap commercials, or Oral-B, or Colgate Whitening. MAN the colgate ads are so annoying, and soap ads are just sexist. I mean every soap and cleaning product ad features a young woman with children, who doesn't work and stays home all day cooking, doing laundry, and scrubbing because if you don't scrub it doesn't clean (unless you buy the new Mr Muscle that "cuts through grease" and cleans without scrubbing).

      I DON'T GIVE A FUCK, I just buy the soap that's on sale, the first toothbrush and paste I see. Guess what? They're ALL THE SAME SHIT. A toothbrush that gives you a MASSAGE? Seriously, Oral-B?

      I'm a 28 year old male. I don't fucking need ads for cleaning products. Let me know when the next Assassin's Creed is out, that's what I want to know.

  2. Dumb Question by Anonymous Coward · · Score: 4, Interesting

    Dumb-question guy here: how can a web site gather users' "internet browsing history even when the users were not logged-in to Facebook"?

    1. Re:Dumb Question by Beryllium+Sphere(tm) · · Score: 5, Insightful

      Put a "Like" button on every page they visit and store the Referrer field when the button gets downloaded.

    2. Re:Dumb Question by icebraining · · Score: 4, Informative

      See those Facebook "Like" buttons everywhere? They have Javascript loaded from Facebook's website. Even if you're not logged in, it creates a cookie with a random ID, which is then read when you access other sites with the button.

      It's easy to reproduce, if they haven't changed it from a month ago: log off from FB, delete all cookies from their domains (fbcdn*, facebook*) and then load some pages with their button.
      It worked for me even though I didn't even have an account.

      --
      Dilbert RSS feed
    3. Re:Dumb Question by the+eric+conspiracy · · Score: 2

      By loading a page with a embedded link to Facebook. Like buttons, transparent 1 pixel gifs, etc.

    4. Re:Dumb Question by TeamSPAM · · Score: 2

      There is also the cookie stored in your browser, You may not be logged in to facebook, but the cookie will still tell them who you are.

      --
      Brought to you by Team SPAM! where we believe: "Information in the noise!"
    5. Re:Dumb Question by tomhudson · · Score: 4, Informative

      "when the button gets downloaded"

      Which you *do not have to do*.

      It happens automatically. See the "Like" button? It's because it's already been downloaded - even if you NEVER dealt with facebook. Facebook even tracks users vi IP+browser fingerprinting who they can't tie to an existing account so that if/when you DO sign up, they can match that history with you. Totally illegal.

    6. Re:Dumb Question by Jane+Q.+Public · · Score: 5, Insightful

      That is correct as far as it goes. But the problem there is that you have no way to know, ahead of time, what sites might have Like buttons and what sites not. By the time the page is downloaded, and you see the Like button there, it already has you tracked.

      Currently, the only way to prevent that is to use a script blocker to block Facebook's javascript from running. Which I do. But it's not a satisfactory solution... they should only be able to track you if you give your explicit permission. What they are doing now is sneaky and unethical, given that most people don't even know they're doing it.

    7. Re:Dumb Question by Jane+Q.+Public · · Score: 4, Informative

      Probably the most popular one for Firefox is NoScript. I don't know about Chrome.

    8. Re:Dumb Question by psiclops · · Score: 3, Insightful

      i could wear a suit of armour to prevent injury from someone stabbing me.

      that does not mean that someone should not be charged for stabbing me.

      --
      i spent five minutes thinking and all i got was this crappy sig
    9. Re:Dumb Question by houghi · · Score: 4, Informative

      In your hosts file:
      # Block Facebook
      127.0.0.1 www.facebook.com
      127.0.0.1 facebook.com
      127.0.0.1 static.ak.fbcdn.net
      127.0.0.1 www.static.ak.fbcdn.net
      127.0.0.1 login.facebook.com
      127.0.0.1 www.login.facebook.com
      127.0.0.1 fbcdn.net
      127.0.0.1 www.fbcdn.net
      127.0.0.1 fbcdn.com
      127.0.0.1 www.fbcdn.com
      127.0.0.1 static.ak.connect.facebook.com
      127.0.0.1 www.static.ak.connect.facebook.com

      This is an opt-out and should never be happening.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Cookies cannot "unlawfully intercept" anything by Anonymous Coward · · Score: 2, Interesting

    The thing is that this tracking depends on cookies, which are actually sent by the browsers themselves (as per the HTTP spec). Of course I haven't analyzed all the Javascript so I'm not sure, but Javascript does not have the capability to perform any time of interception of network traffic. Of course, I don't know what Flash, etc. could do.

    I highly doubt that there is any "unlawful interception" going on here and this is likely just more waste of taxpayer money because we, the technically apt, have to live with stupid politicians.

    1. Re:Cookies cannot "unlawfully intercept" anything by Anonymous Coward · · Score: 2, Funny

      Yeah! They shouldn't use computers, either.

      If you don't want bad shit to happen to your computer, then stop using computers. This is your fault. Your fault!

      The only recourse is to throw your arms up in the air like a Fraggle, bend over, and take it. Not taking it is consent.

    2. Re:Cookies cannot "unlawfully intercept" anything by hedwards · · Score: 3, Informative

      That's not true. Unless you avoid websites that have those obnoxious like buttons on them there's no way of avoiding them without blocking those domains and the related cookies. Which most people wouldn't do as they have no idea that they're being tracked by them.

      Worse is that historically they track people who are logged out of FB or don't have an account to begin with.

    3. Re:Cookies cannot "unlawfully intercept" anything by hedwards · · Score: 2

      It's not willful if you've logged out in the meantime. Just because I have an account with Google for say email or YouTube, does not mean that I consent to have them tracking me when I'm making posts here, or possibly downloading porn.

    4. Re:Cookies cannot "unlawfully intercept" anything by Jane+Q.+Public · · Score: 5, Informative

      "The user is intentionally using software that sends tracking information (cookies) to Facebook"

      No, that is not the case at all. If it were, this would be a different story.

      We're talking here about third-party cookies. These are images that come from servers OTHER THAN the one you are visiting. But when that image is downloaded from that foreign server, it gets a record of your ip and what the referring domain is.

      The issue here is that while you can control what websites you visit, you have no control over what image bugs or javascript they install on their site, nor is there any way to tell in advance what they are. So you aren't voluntarily doing anything at all; in fact most of the time you probably don't even know it is happening. That does not fit the definition of "intentional". On the contrary; it is downright sneaky.

      Tracking bugs like that are completely unethical, and if they are not in fact illegal they should be.

  4. First Facebook, then ... by PPH · · Score: 2

    ... everyone else.

    What FB is doing has already been done via banner ads provided from a few major ad sites for years (instead of 'Like' buttons). Its possible that Facebook is legally in a different position then the advertisers, since they (FB) can identify their users. But other then that, tracking is tracking.

    --
    Have gnu, will travel.
    1. Re:First Facebook, then ... by MacGyver2210 · · Score: 2

      Everyone else? Good.

      This is invasive and illegal if you correctly read the laws and don't 'interpret' them to suit your donors and benefactors.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  5. Misuse of wiretapping law. by BitterOak · · Score: 3, Insightful

    As much as I dislike Facebook's rampant disregard for users' privacy, this is simply not what the wiretapping law is about. The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties. What Facebook did is entirely different. With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites. Facebook is not intercepting and recording any communications.

    Many of us might not like Facebook, and may see this lawsuit as a victory, but misapplication of federal computer and communication laws sets a dangerous precedent for anyone who uses the Internet. Do something that pisses someone off? The Feds will find a law and twist it to make it fit your actions. If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Misuse of wiretapping law. by frosty_tsm · · Score: 2

      This is sort of like the "wire fraud" laws used against businesses. They never did anything related to wire fraud, but it's kind of a catch-all for "you did business in a shady way to get money from people." In this case, it's "you tracked people in a shady way."

      What we really need is our laws to be updated to reflect technology rather than using laws created back when telegraph lines were high-tech.

    2. Re:Misuse of wiretapping law. by Nidi62 · · Score: 5, Interesting

      If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

      But how can you know if a new law is required to cover a new technology without a judicial test of the existing laws? That is what the courts are designed to do: test and apply the laws to a given situation. Let this go to trial. If the courts shoot down the lawsuit due to these laws not applying, then you can go ahead and get new legislation passed.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    3. Re:Misuse of wiretapping law. by Bill+Dimm · · Score: 5, Insightful

      With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

      Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked? The tech-savvy ones might have realized that that was a possibility, but I would guess that a lot of website operators put the button on their pages to allow their users to "like" a page, not for the purpose of allowing Facebook to track them. Car analogy: If I give my car keys to a mechanic to change the car's oil, that doesn't mean I've consented to having him install a GPS tracker so he can monitor me.

    4. Re:Misuse of wiretapping law. by ILongForDarkness · · Score: 2
      Agreed let it go to trial. I hope people don't get bribed into a settlement and Facebook get off "without accepting any guilt". I think being able to settle without accepting guilt in general is silly. You settle to save the cost of court and the risk of losing more money then the settlement is going to cost you. You shouldn't be able to get away without admitting that you did something wrong that is why you needed to pay. Somehow only individuals are expected to apologize when wrong and corporations are supposed to protect their "brand image".

      Perhaps a catch all "I know it when I see it" clause is needed for tech. Tech is going to change quicker than legislation can. Streaming video okay? What about streaming from one persons iTunes library to another persons, isn't that just sharing something you own? Who knows. Courts should be able to weigh the case without having to wait 10 years for both houses to figure it out, especially since what they come up with will likely be hugely lobbied by special interests and likely not reflect common sense.

      In this case as the judge I'd probably have to agree that the wiretappnig laws apply. Sure technically it is your browser talking to Facebook and telling it who you are but the thing is you've logged out, as far as a "reasonable person" would think you are no longer on Facebook but on company Xs website. You didn't chose the banner ad that was presented but if it happens to be one from Facebook they get your info, but if another companies ad happened to be shown your browser won't have "chosen" to send info to Facebook? It doesn't pass the "reasonable person" test since if I really wanted Facebook to know my browsing habits I would have installed something willingly that would talk to Facebook regardless of the ad (we don't go to sites usually because we want to look at their ads but for the content on the page).

    5. Re:Misuse of wiretapping law. by Jane+Q.+Public · · Score: 3, Informative

      "Facebook is not intercepting and recording any communications."

      Yes, it is, at least in a sense.

      Facebook is recording your IP, What sites you visit, and when. While it isn't recording any other communications, it doesn't need to in order to violate privacy.

      What Facebook is doing is equivalent to a Pen Register used on telephones. The Pen Registers record what calls are being made, when, and to what number. But they don't record any actual conversations.

      But even Pen Registers are illegal, and can only be used by Law Enforcement under strict conditions. The standard of evidence for allowing use of a Pen Register is lower than for actually tapping a phone line and listening to the conversations, but it is still legal only for law enforcement and it still requires due process, meaning they have to petition a judge for permission, and explain their evidence.

    6. Re:Misuse of wiretapping law. by fatphil · · Score: 2

      Your analogy has nothing in common with the situation in question at all.

      The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade: the first google hit points to 1999, http://news.cnet.com/2100-1017-243077.html , but they go back a while before that.

      --
      Also FatPhil on SoylentNews, id 863
    7. Re:Misuse of wiretapping law. by Bill+Dimm · · Score: 2

      Your analogy has nothing in common with the situation in question at all.

      Nothing at all? Facebook is given access to another website's users for one reason (to supply a "like" button), and it uses the opportunity to do something else (tracks the user). Likewise, the mechanic is given access to my car for one purpose (change oil) and uses the opportunity to do something else (install GPS tracker).

      The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade...

      Please re-read the post by BitterOak that I was replying to, and you'll see that it is different. BitterOak claimed that it isn't wirefraud because wirefraud involves interception by a third party when neither party consents, and he claims that websites displaying a "like" button have consented. I've never posted a Facebook "like" button on a website, but if Facebook simply provides some HTML code and says "paste this into your website so users can 'like' your page" without explaining that pasting the code in will also allow Facebook to track the website's visitors, how can Facebook claim that the website operator gave consent for that tracking? It's like saying that I consented to a mechanic putting a GPS tracker in my car because I took it in for an oil change. If a website operator puts a 1x1 pixel web bug into his/her page, he/she almost certainly knows that it is being used for tracking -- there isn't much opportunity for him/her to think that it serves some simpler purpose like displaying a "like" button.

  6. Figures they went to that Bilderberger meeting.... by sgt_doom · · Score: 2
    ....attended by the Usual Suspects, David Rockefeller, Henry Kissinger, top banksters on the planet (and the hedge funds which are owned by the banksters which own the banksters --- interlocking stock ownership up the wazoo!). Once Marky Zuckerberg (Facebook) and Bezos begin attending with the rest of the global banking cartel -- it figures that they are the forward army of societal information systems engineering --- and I'm being quite serious.

    http://disinfo.s3.amazonaws.com/wp-content/uploads/2010/11/Screen-shot-2010-11-17-at-10.30.55-AM.png

    http://farm7.static.flickr.com/6231/6238828974_5389387b60_b.jpg

  7. and BetterPrivacy by Hyperhaplo · · Score: 2

    When mentioning adblockplus you should also mention BetterPrivacy

    ABP rocks for preventing most ads and cookies.. but BetterPrivacy controls flashcookies - LSOs.

    Ghostery is also a must.

    --
    You have a sick, twisted mind. Please subscribe me to your newsletter.