Slashdot Mirror

← Back to Stories (view on slashdot.org)

French Gov't Gives Facebook 3 Months To Stop Tracking Non-User Browsers

Posted by timothy on from the non-non-non dept.

Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.

76 of 176 comments (clear)

  1. Youtube next? by sims+2 · · Score: 4, Insightful

    I wonder if youtube is going to be next they keep track of the videos you watch to show you recommended ones on the home page even if you don't sign in.

    --
    Minimum threshold fixed. Thanks!
    1. Re:Youtube next? by Schmorgluck · · Score: 1

      If it only impacts what happens on Youtube's website, based only on interactions with said website, I'd tend to say it's kosher.

      --
      There's nothing like $HOME
    2. Re:Youtube next? by EzInKy · · Score: 5, Insightful

      It is their website after all. Facebook tracks people who don't visit their site. Big difference here. We could use a law such as this French one here in the "land of the free".

      --
      Time is what keeps everything from happening all at once.
    3. Re:Youtube next? by sims+2 · · Score: 1

      Thanks thats what I get for reading the summary.

      Doesn't twitter have tracking buttons too?

      --
      Minimum threshold fixed. Thanks!
    4. Re:Youtube next? by EzInKy · · Score: 2

      So you want a law that forces Google to provide services to you without any recompense? If the web is broken for you without Google then you obviously have a use for their services. Start a grass roots campaign to replace the services that Google provides. This is entirely different from the Facebook issue. Facebook tracks people who have no need or use for Facebook.

      --
      Time is what keeps everything from happening all at once.
    5. Re:Youtube next? by EzInKy · · Score: 1

      Don't know, I've never used Twitter either. My cookie list shows nothing from either Facebook or Twitter. Guess my blocking has been pretty successful.

      --
      Time is what keeps everything from happening all at once.
    6. Re:Youtube next? by unrtst · · Score: 1, Insightful

      Aren't there any devs left on this site?

      I'm all for privacy, but if:
      * I'm running some site
      * someone (a bunch of people) embed an image on their page that hits back to my site (or a service I offer)
      * I log that shit cause those users are hitting my servers ... why is it wrong for me to use that however data however I like?

      IMO, if anyone should be dinged here, it's those sites that are embedding the trackers without notifying the user that they'll be sending the users browser off to umteen different external sites.

      Browsers can also be configured to aid with this. For example, the option "Block third-party cookies and site data", aka "from originating website only". I believe that used to be available for images as well.

      Users also have multiple options to control what the computer they own does online. For general browsing, solutions vary from browser plugins (AdBlock and friends), Proxy based solutions, hosts file modifications, local DNS server, firewalls, etc.

      FWIW, I do NOT think sites should be encouraged to evade these options. As long as they're using their domains on all those tracking things (which, as far as I can tell, they are), then I don't see the blame falling on the service provider. Don't want them to get your hits? Block them (facebook/twitter/google/linkedin/etc), or don't use sites that do that to you. This level of legislation seems to go a step beyond the "don't post links that point to sites that host copyrighted works", which no one in their right mind agreed with.

    7. Re:Youtube next? by Anonymous Coward · · Score: 1

      I'm all for privacy, but if:

      * I'm running some site

      * someone (a bunch of people) embed an image on their page that hits back to my site (or a service I offer)

      * I log that shit cause those users are hitting my servers ... why is it wrong for me to use that however data however I like?

      Because it's not "I'm running some site". It's "Facebook is running some site" and "someone (a bunch of people) embed an image (or other tracking data) on their page that hits back to [Facebook]" is being done at the behest of Facebook, either through direct monetary compensation or some indirect social-norm manipulation. And quickly, you no longer have privacy in a meaningful way.

      Honestly, replace "Facebook" with "French government" and would you not see how quickly this turns into a privacy violation that leads to tyranny? You can argue that Facebook doesn't have the force to do things against you, but history is full of examples of companies doing all sorts of shitty things to harm peoples lives even if they never outright kill people--and sometimes they've outright killed people.

      IMO, if anyone should be dinged here, it's those sites that are embedding the trackers without notifying the user that they'll be sending the users browser off to umteen different external sites.

      And? Trackers don't have to be literal redirects to facebook.com. It's enough for servers to merely register ips or otherwise trade tracking information. And it's only done at the behest of Facebook. Why shouldn't they go after the source if without them the trackers* wouldn't exist.

      Browsers can also be configured to aid with this. For example, the option "Block third-party cookies and site data", aka "from originating website only". I believe that used to be available for images as well.

      See above. Collusion between sites doesn't require client based subversion. In face, server based collusion is invariably more effective because it can regenerate tracking data across devices, browsers, "private" sessions, etc. But yea, keep on pretending that like spam it all comes down to you being smart and technology being the answer.

      Users also have multiple options to control what the computer they own does online. For general browsing, solutions vary from browser plugins (AdBlock and friends), Proxy based solutions, hosts file modifications, local DNS server, firewalls, etc.

      Again, see above. Really, as pervasive as Facebook tracking is, the only "option" that a user really has is to not use the internet to be sure that Facebook isn't tracking them.

      FWIW, I do NOT think sites should be encouraged to evade these options. As long as they're using their domains on all those tracking things (which, as far as I can tell, they are), then I don't see the blame falling on the service provider. Don't want them to get your hits? Block them (facebook/twitter/google/linkedin/etc), or don't use sites that do that to you. This level of legislation seems to go a step beyond the "don't post links that point to sites that host copyrighted works", which no one in their right mind agreed with.

      No, you're fundamentally wrong. This is not some generic "people, out there, need to stop doing bad stuff". This is, Facebook, specifically, has to stop colluding with other sites to track non-users. There's a specific organization that's actively engaging in an activity and they can be actively punished for not complying with an order. Compare "P2P facility copyright violation has to stop" and "Napster facilitating copyright violation has to stop". You can argue that it was unjust to target Napster either because they weren't the only ones doing it or that their actions weren't actively responsible for their users behavior. But at some level it was clear that Napster wasn't passively involved in copyright viola

    8. Re:Youtube next? by Sique · · Score: 2
      Facebook has strict rules how the buttons have to be implemented, and thus they are liable for anything caused by those buttons.

      It would be different if Facebook didn't have those rules in place, then they could claim innocence for the data arriving at their servers.

      And if would be different if EU law didn't explicitly forbid collecting data without the consent of the ones creating the data. And no, it's not the responsibility of the users to take care to not create the data in the first place. It's always the fault of the one collecting it afterwards without consent. "But it is out there and can easily be collected" is not a valid argument in the view of EU law.,

      --
      .sig: Sique *sigh*
    9. Re:Youtube next? by N1AK · · Score: 1

      Doesn't that rather depend on whether 1/ they tell you they are going to track it and 2/ how they track it. If you use a shared computer then they are making the details of one user available to other users and this strikes me as something that they should be expected to make clear to users.

    10. Re:Youtube next? by Bert64 · · Score: 1

      Do facebook not disclose what information is collected via the buttons alongside the rules on how to implement them?
      If so, then it is the responsibility of each individual site to pass this information on to the end users...

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    11. Re:Youtube next? by JaredOfEuropa · · Score: 3, Interesting

      Fair points, but those concerned with privacy take issue with that last remark, that you can use that data however you want. Many countries have laws that may not forbid the collection of data outright, but put limitations on how you can use the data and what for. Often, there is a law that says that you may only use the data for the stated reasons you collected it, and never sell it on to third parties. And there's such a thing as implied reasons and reasonable expectations: the purpose of Facebook's "like" button is ostensibly to allow FB members to show approval for a site, and perhaps to entice non members to sign up. Visitors and site owners rightfully do not expect that button to track them. By the same token, people can reasonably expect to end up in a server log if they visit a site with embedded images. But the implied reason for collecting a server log is to diagnose issues and compile aggregated site statistics, not to track individual users. And tracking cookies can get a lot more information than you can glean from your server logs.

      FB's practise of tracking users through their Like button clearly violates privacy regulations in a number of countries. And even so, I don't think legislators are looking to stop people from collecting server logs or to ban 3rd party cookies. They are however putting limits on what companies can do with the data.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    12. Re:Youtube next? by JaredOfEuropa · · Score: 1

      And if it turns out that Google tracks individual browsers through sites using Google API, they are in violation of privacy regulations in France and many other countries just like Facebook.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    13. Re:Youtube next? by Morris+von+Habsburg · · Score: 1

      That was a disingenuous response from Facebook and has no bearing on the legality of their tracking. The viewing of content on Facebook.com by non-logged in users was not part of the legal case. Facebook is fined for tracking non-Facebook users on other sites than Facebook.com and none of their actions so far have been enough to legalise their current operation.

      So, they may try the same thing as in Belgium but, just like in Belgium, it is completely irrelevant to the case and won't help them one bit.

      The technical solution for Facebook to escape massive fines could be to provide websites with a 'social button' whose image is only allowed to be stored locally at the website. Facebook's servers should then only be contacted if someone clicks on the button. In its current design even viewing the button makes Facebook track everyone and that is clearly illegal.

    14. Re:Youtube next? by herve_masson · · Score: 3, Insightful

      What you write is technically true. The thing is: a very tiny fraction of internet users has a clue about ways to protect their privacy. Most of them don't event think it matters. Because it's rather impractical to educate billions of users about this, some need to act to prevent big corporation to abuse their position. That's why french instances gave facebook a warn. Even though thay have no power to enforce anything seriously, I'm glag they took that position.

    15. Re:Youtube next? by AmiMoJo · · Score: 1

      Sites are encouraged to add those buttons, because people sharing them drives in more traffic. The problem is that when those buttons appear they don't usually have a Facebook EULA or warning attached to them, and in any case by the time you see them it's too late and you are being tracked.

      Going to a site gives it implied permission to collect some data about your visit, but that doesn't extend to 3rd party sites like Facebook. Advertisers should take note of this too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    16. Re:Youtube next? by Impy+the+Impiuos+Imp · · Score: 1

      They just wanna sell you stuff via automated computers. They aren't assembling lists for politicians to track.

      I think.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    17. Re:Youtube next? by moronoxyd · · Score: 2

      This isn't about stuff that a user explicitely clicks on.
      This is about code embedded into third party websites.

      Pretty much every blog, every news site etc. have 'share on FB' buttons. And the mere fact that these buttons are loaded when I open the page sends Facebook information about me. Without me using Facebook or having a FB account.

      You're solution parses as 'don't open any link unless you know beforehand where said link leads and that the page in question does not contain any Facebook tracking'. That's just not practical. And not every user knows how to block tracking mechanisms.

    18. Re:Youtube next? by FatdogHaiku · · Score: 1

      Privacy Badger helps.
      https://www.eff.org/deeplinks/2015/08/privacy-badger-10-here-stop-online-tracking

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    19. Re:Youtube next? by budgenator · · Score: 2

      If you use a shared computer then they are making the details of one user available to other users and this strikes me as something that they should be expected to make clear to users.

      To me sharing a used user account on a computer is like sharing a used condom.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    20. Re:Youtube next? by omnichad · · Score: 1

      For example, I emailed someone at an apparently custom domain several weeks ago. Turns out, their email is served by gmail, even though it is not a "gmail" address. I did not know that at the time. Thus, Google has now obtained copies of my private email without my consent. THAT is what needs to stop.

      That's your own fault for not checking the MX record.

      Really, though, this is like ordering something from Amazon and complaining when they use UPS to ship the package because you didn't want to deal with UPS. You didn't, Amazon did.

    21. Re:Youtube next? by mujadaddy · · Score: 1

      Going to a site gives it implied permission to collect some data about your visit, but that doesn't extend to 3rd party sites like Facebook.

      I cannot agree. I understand the problems this causes, but loading HTML doesn't come with the assumption that you're only going to get content from Dale's Dildoes Dot Com.

      The web is not as friendly as it used to be, and Google, primarily, is in a position to abuse this fact by acting as if 3rd party content is not a problem. It is a problem (citation: TFA), but problem is that sites are not trustworthy: they have abused 3rd party content, and lost the public trust.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    22. Re:Youtube next? by fbobraga · · Score: 1

      To me sharing a used user account on a computer is like sharing a used condom.

      +1 to it :P

    23. Re: Youtube next? by ChickPea · · Score: 1

      Why log it? Why not block it instead, unless you want them to lift your stuff?

    24. Re:Youtube next? by unrtst · · Score: 1

      ... But the implied reason for collecting a server log is to diagnose issues and compile aggregated site statistics, not to track individual users. And tracking cookies can get a lot more information than you can glean from your server logs.

      Click the checkbox to "Block third-party cookies and site data". Done.
      It's sad that isn't the default, but who's fault is that? If one actually cares about their privacy online, they'll have done the bare minimum to protect it. There is no reason, as far as I can tell, to allow 3rd party cookies, except things like tracking, so add exceptions where you want to allow it.

    25. Re:Youtube next? by unrtst · · Score: 1

      Technically true is what we should be relying on for laws.
      For the cookies to work, they have to be under the facebook.com domain for facebook.com to pick them up. That's a 3rd party, and easily identifiable, domain, and easily blocked with a checkbox - which, arguably, should be the default behavior. If they use a bunch of domains, the cookie will be useless (it'd be a bunch of different and unassociated cookies).

      Others have mentioned collusion between site operators trading backend logs that have nothing to do with anything facebook specific.... whether or not that's the true, that's not really the case at hand. I'm fine with saying that's dishonest, manipulative, illegal, whatever. However, in most cases, they're really straight forward.

      The issue of scale has also been brought up, but scale doesn't really matter. Laws are laws. This will have other consequences to all other businesses, and facebook will simply find a way to make people click accept to see any part of the page, and people will click it. They should go after the root cause.

    26. Re: Youtube next? by unrtst · · Score: 1

      Why log it? Why not block it instead, unless you want them to lift your stuff?

      How do you differentiate the traffic from normal traffic?
      The referrer header is a joke, and there is no other differentiation.

    27. Re:Youtube next? by epine · · Score: 1

      You're getting your annual check up and your GP suddenly launches into an unprovoked tirade:

      These people are showing up and spreading their grubby, contagious micro-organisms all over my scattered nose bag of Cosmo and Golf Digest magazines, why is it wrong for me to use their personal medical data however I like?

      Tell me, how would you answer your GP? With your jaw hanging open, wondered why the question even needs to be answered?

      In a local community, it's not considered good neighbourly etiquette to broadcast to all and sundry every tidbit of information you glean—right down to the license plate numbers—about who you see coming and going on your street during the quiet hours of the day and night.

      But then given the same information at the scale of big city strangers passing in the street, suddenly the attitude is "fuck yeah, what's now mine is mine, let's link!" Cause, you know, if they were willing to bump shoulders with you on the crowded sidewalk in the first place, trading a few jacket fibers in the process, that's all the permission you need to go all CSI on the acquired residue.

      In fact, your local dry cleaner gives you a 10% discount if you sign over all data collection rights, and what crazy person would even begin to think that's not self-evidently good business sense?

    28. Re:Youtube next? by herve_masson · · Score: 1

      Again, "third party cookie" does not mean anything to most people. Granted, the checkbox is one clic away, but you need t know about cookies to use it. (or listen someone who told you "it's better this way"). Having this setting won't solve the large scale tracking issue (if we consider there is an issue here). This, at best, is a workaround for educated people.

      "facebook will simply find a way to make people click accept to see any part of the page,"

      FB does not control pages using their "like" button. Hence, prompting to "click somewhere" to see the page won't work, ok?

    29. Re:Youtube next? by matthewv789 · · Score: 1

      That's why I, as a web developer, have always avoided the usual social sharing Javascript embeds (which all load iFrames which contain even more Javascript), or similar plug-ins from ShareThis etc. It's sufficient to use a basic link to the sharer URLs for each service (Facebook, Twitter, etc.) with the right parameters, and optionally use JS to have the links open in a little window. So it only tracks or loads when someone actually clicks on it. Easy, lightweight, fast-loading, more control over appearance, more private, what's not to love? I think it's lazy and irresponsible and uncaring about your customers to do anything else.

    30. Re:Youtube next? by unrtst · · Score: 1

      Again, "third party cookie" does not mean anything to most people. Granted, the checkbox is one clic away ...

      Why not go after the default browser setting then? Why not go after the sites that are using this feature (there is no technical reason why that like image or link have to do anything until the user clicks it, and the image can come from the originating site, preventing FB from getting a hit).

      My whole point is, why is FB the target here? We have a very simple way to easily control and prevent this, and many other ways to further prevent such actions, and FB is not attempting to circumvent those means.

      FB does not control pages using their "like" button. Hence, prompting to "click somewhere" to see the page won't work, ok?

      The pages with existing like buttons would have to update the bit of code for said button on their site. They'll do that if they want to keep the feature, as FB can just disable or replace the existing like button. With an update, they can have the 3rd party site include a small bit of js to do the work (if no tracking cookie, display prompt to accept conditions). That is, if we don't hold the 3rd party sites responsible.
      Those sites are the ones that are delivering html that tells the client to automatically go and get external site data, and they're not informing the user that they'll be doing that.

      Our complacency with allowing cross domain data is the root cause. Get rid of that, and all tracking and ads as we know them today will go away. It'll also break most sites these days, but that's part of the problem.

    31. Re:Youtube next? by herve_masson · · Score: 1

      I agree: sites hosting those like button are the ones we should blame hard, because they should protect their visitor's privacy. It's very easy for any web site to implement "safe" social buttons but they don't care for most.

      I don't blame FB when they try to use any way they can to gather data. This is their business. I do think though there are some boundaries nobody should cross. Because there is no good technical answer yet does not mean we should just let them do anything. That's my opinion (and this is only an opinion). The french law set some of those boudaries in a way that seems balanced to me.

      The french CNIL (I'm french) has ben setup long long time ago (back in the 70's) to ensure data privacy law is applied. They go after FB because FB violates a french law. In france, this is unlawful to collect data without signing a consent form. You also have to provide a way to remove any data to end users, on simple request. There are 5 ou 6 key points like that where FB violates the french law.

    32. Re:Youtube next? by dave420 · · Score: 1

      Don't be so overly dramatic. "Stalking"? No. Of course not. You are diminishing your argument with such ridiculous language.

  2. Works for me by 93+Escort+Wagon · · Score: 4, Insightful

    I deleted my Facebook account several years ago. I never visit the site, nor do I follow links that will take me to Facebook even incidentally. Yet, when I do my regular cleansing of cookies, I always find some from Facebook.com and Facebook.net in the list.

    Too bad I don't live in France...

    --
    #DeleteChrome
    1. Re:Works for me by EzInKy · · Score: 2

      Maintaining a whitelist is quite tedious. The idea behind AdBlock Plus is fine, it is their defaulting to purposely allowing "acceptable" to them ads through that is not.

      --
      Time is what keeps everything from happening all at once.
    2. Re:Works for me by EzInKy · · Score: 2

      And you should have the ability to express that view by clicking on a "show me acceptable ads" button. The problem with AdBlock Plus is that it defaults to that button being clicked for you. People use AdBlock Plus to block ads, believe it or not. It should be up to individuals to determine if an ad is acceptable or not.

      --
      Time is what keeps everything from happening all at once.
    3. Re:Works for me by EzInKy · · Score: 1, Redundant

      Others who, like you, are okay with "acceptable ads" absolutely should be able to view them. My point is that people who download AdBlock Plus do so to block ads, so blocking all ads is the obvious default.

      --
      Time is what keeps everything from happening all at once.
    4. Re:Works for me by Nikademus · · Score: 1

      Too bad I don't live in France...

      In Belgium Facebook is already prohibited from tracking non users. The result is: you cannot see any facebook page, even public ones if you are not a member.
      This is fine for me.
      For the cookies part, check out "self destructing cookies" add-on.

      --
      I gave up with the idea of an useful sig...
    5. Re:Works for me by gstoddart · · Score: 5, Interesting

      Well, too bad you've not taken ownership of your own privacy and blocked them.

      France is saying "no, you can't track people who don't even know they're being tracked and aren't visiting your web site". Until the country you lives in passes privacy laws .. you've got to do it on your own. Sadly, most normal internet users have been tracked by these parasites who feel it's their right to do so.

      The amount of websites which have Facebook, Twitter, or any of dozens of other sites which track you even if you don't visit them is mind boggling.

      So when those companies say "boo hoo, stop blocking out ads", you need to say "fuck you, I don't consent to being tracked by 15 3rd parties" and use your own blockers.

      Most other governments are too much on the fucking payroll to limit what companies can do. The US sure as hell will never to do, the US is pretty much the international champion of the rights of corporations to be douchebags. If your government isn't going to force them to stop tracking you, then you really need to do it yourself.

      And, honestly, even if your government tries, you need to do it yourself.

      I applaud trying to block this, but the scale on which this shit happens is beyond understanding to anybody who isn't in full possession of their own tinfoil hat.

      My primary browser? It can't even see facebook.com. If you're not actively defending yourself from this shit, you're already being tracked, whether you know it or not.

      --
      Lost at C:>. Found at C.
    6. Re:Works for me by Jack+Griffin · · Score: 1

      You do realize that adblock plus has sold out to the ad industry, right? It's default behavior is not to block all ads. You have to take action not to see those they deem "acceptable". .

      And that action consists of one single tick box. Hardly worth throwing the toys out of the pram for...

    7. Re:Works for me by Errol+backfiring · · Score: 5, Informative

      I deleted my Facebook account several years ago.

      You cannot delete a facebook account. Everything is stored and stays so. They might have a "delete" function somewhere, but nothing is actually deleted. So you are still tracked and your data is still actively being used.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    8. Re:Works for me by Burz · · Score: 1

      The EFF has Privacy Badger. Blur and Disconnect are two other options.

      Adblock plus and Ghostery are partnered with the ad industry.

    9. Re:Works for me by AmiMoJo · · Score: 2

      Being able to truly delete your Facebook account is what the (not yet implemented) European Right to be Forgotten is about. The term has since been abused to talk about existing data protection laws, but originally the proposed right was that you would be able to force companies to delete your data if they had no legal reason to keep it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:Works for me by rizole · · Score: 1

      I deleted my account and came back a year later with a new one. Obviously my list of friends and interests haven't substantially changed but, based on how hard it was to link back up with some friends, facebook doesn't seem to have tied the two accounts together. Which suprised me on the one hand but it's nice to know they haven't thought of or managed to impliment that feature yet.
      It probably helps that I also have good security/privacy habits.

    11. Re:Works for me by antdude · · Score: 1

      What about when Facebook kick their members off? I assume they still keep their data and track?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  3. What about other advertisers? by jader3rd · · Score: 2

    What about all of the other advertisers? They certainly don't have users. As much as I dislike Facebook I don't think that they're doing anything that any other advertising platform isn't doing.

    1. Re:What about other advertisers? by herve_masson · · Score: 1

      FB is specific by its size and the amount of data they control. They have acces to an absurd amount of data compared to anyone else. That does not make the other harmless, that makes FB a priority.

    2. Re:What about other advertisers? by jader3rd · · Score: 1

      They have acces to an absurd amount of data compared to anyone else. That does not make the other harmless

      I don't believe that they have an absurd amount more, compared to Google.

  4. Just block the cookies.. by duke_cheetah2003 · · Score: 3, Informative

    I like this great tool from EFF. https://www.eff.org/privacybadger Lets you selectively block cookies of all kinds of tracking that occurs during casual browsing.

    1. Re:Just block the cookies.. by CrashNBrn · · Score: 1

      Or just use, uMatrix and have full control of: cookies, scripts, XHR, iframes, html-video tags, etc.

      Or one can use, Privacy Badger, NoScript, Ghostery, and uBlock.

      I'll stick with uMatrix.

    2. Re:Just block the cookies.. by locofungus · · Score: 1

      I had to give up on Firefox a few months ago because there are too many websites I need to access that force https but firefox refuses to let me see.

      So I had to find a replacement for noscript and found uMatrix. Although it took about a week to really understand what it was doing and how to configure it it's fantastic on how configurable it is.

      I've now removed firefox from my machines (although I believe uMatrix is available for firefox for anyone still using it)

      --
      God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
    3. Re:Just block the cookies.. by mujadaddy · · Score: 1

      All of these but NoScript operate on a blacklist basis

      No, uMatrix blocks all 3rd party elements by default. By allowing certain 3rd party domains to serve content, you can find the minimum number of domains and content thereof to serve the page to your satisfaction.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
  5. Why give them 3 months? by melted · · Score: 4, Insightful

    This should literally be like a 3-line code change. if (not logged in) { // don't log the cookie } Give them three weeks and a stern look to ensure compliance.

    1. Re:Why give them 3 months? by Zocalo · · Score: 5, Insightful

      You are assuming they are only tracking people based on Cookies. That's a rather naive view, I'm afraid. You'd be better to assume that they are using everything they can get their mitts on to try and track and identify people; IP address, which browser, which headers the browser supplies, any OS details they can get... Just installing extensions to protect your privacy can in itself make you more readily identifiable for tracking purposes. Have a play with the EFF's Panopticlick tool and although you need to enable scripting to make it work the results from the fingerprinting should be an eye opener if you've not seen them before.

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:Why give them 3 months? by Nikademus · · Score: 1

      They have already done it in Belgium, so it's only a matter of adding France to the list where facebook is forbidden?

      --
      I gave up with the idea of an useful sig...
    3. Re:Why give them 3 months? by Hognoxious · · Score: 1

      Should be. Probably isn't. It'll need a restructuring of two frameworks, changing 23 xml files, and tweaking a dozen json generators.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:Why give them 3 months? by Solandri · · Score: 1

      Yeah, Facebook's tracking is why I first installed no-script (I now rely on Ghostery). You know that little "f" logo that's nearly ubiquitous on every web page to let you share the page via Facebook? That isn't just a graphic and a link. It's accompanied by a godwaful script. Every time you visit a page with that 'f' logo, your computer contact's Facebook's servers and hands over enough information (Facebook cookie, cookies for other sites, browser ID and version, system info, etc.) for them to uniquely identify your computer. If you're logged into Facebook, they add the page you've visited (with a 'f' logo) to the browsing history of your secret personal profile. If you're not logged into Facebook, they build up the profile and the moment you login, they append that browsing history to your profile.

      Even if you don't have a Facebook account, they build up a profile for unknown user 512415792346. And one day when your friend emails you a Facebook invite and you happen to view it in your browser, they suddenly know that 512415792346 is in fact John Smith, because that's the name your friend has been using to tag photos of you (auto face recognition FTW) he has on his Facebook account. And your email is johnsmith@gmail.com because that's where your friend sent the invite. And that you live at 1234 Main St, Springfield, CA because that's where the GPS tagging in those photos say you're mostly at in the evenings. And you work at Yoyodyne Propulsion because you were present in photos he and other Facebook users posted of last year's company picnic. And that you're a closet furry (the sex fetish kind) because that's where the browsing history they've collected on you says you spend most of your time online. You don't even have a Facebook account and they already know everything about you.

      The is the crap the French govt is trying to get them to stop doing. People who've opened a Facebook account have presumably consented to this in one of the myriad EULAs they've agreed to. But Facebook has no business tracking people who don't use Facebook and never consented to any of this.

  6. hey'll be fine, as long as they've already collect by Johnniea · · Score: 1

    They'll be fine, as long as they've already collected enough information to potentially embarass the judge. Or the prosecutor - then they won't find themselves in the dock in the first place.In fact, the judge and prosecutor probably wouldn't have been given their jobs otherwise. These people don't overlook the important details. 70-469 braindumps

  7. Okay, I'll ask. by BitterOak · · Score: 3, Funny

    I guess I'll ask the obvious question. What is a "non-user browser"? Is it a browser operated by a robot or something? All the browsers I've used have been meant to be operated by a user. That's kind of the definition of a browser. There are programs like curl and wget which can fetch pages automatically, so is that what they mean by a non-user browser?

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Okay, I'll ask. by bigfinger76 · · Score: 1

      Non-Facebook users' browsers.

    2. Re:Okay, I'll ask. by gurps_npc · · Score: 1
      A non user browser is any browser that does not have a cookie on it identifying it as having been used to log into Facebook.

      If you erase all cookies, then you become a 'non-user' browser. When you log into Facebook, you become a Facebook user.

      --
      excitingthingstodo.blogspot.com
  8. Normally by Anonymous Coward · · Score: 1

    ... ...

    Normally, the US state department would interfere ^H^H^H^H assist the offending ^H^H^H^H misguided country by demanding ^H^H^H^H arguing the laws change to a multinational- ^H^H^H^H user-friendly position. France takes "Liberte, Egalite, ..." seriously and and has disagreed with US policy before. France (and the rest of Europe) isn't interested in the TPP, so laws can't be changed via that either.

  9. Privacy is for everyone by sjbe · · Score: 1

    I log that shit cause those users are hitting my servers ... why is it wrong for me to use that however data however I like?

    Because you didn't ask the user. Did the user explicitly consent for you to track them? User tracking should be opt-in not opt-out.

    IMO, if anyone should be dinged here, it's those sites that are embedding the trackers without notifying the user that they'll be sending the users browser off to umteen different external sites.

    While I agree that doesn't absolve Facebook from their own responsibility.

    Browsers can also be configured to aid with this. For example, the option "Block third-party cookies and site data", aka "from originating website only". I believe that used to be available for images as well.

    Which is FAR too crude of a filter to be actually useful. Sometimes third party cookies are helpful. Most of the time they are not. A crude filter like that cannot determine the difference.

    Users also have multiple options to control what the computer they own does online. For general browsing, solutions vary from browser plugins (AdBlock and friends), Proxy based solutions, hosts file modifications, local DNS server, firewalls, etc.

    Really? You seriously think my grandmother is going to understand how to modify a host file? Privacy isn't something that should only be available to the technologically proficient.

    1. Re:Privacy is for everyone by mujadaddy · · Score: 1
      First let me say that I block everything that I can, to the point of ignoring a lot of content on the net.

      Because you didn't ask the user.

      That's...not how HTML works. The user asked for the data, and they're gonna get it, hard.

      The issue is trust. No one should trust anyone else. In the Ad space, that's why they need 3rd-Party Everything in the first place.

      Trust that you are going to get conned in public spaces. The conversation about Trust gets ignored by companies in a position to profit from your trust.

      tl/dr: it is absolutely your fault for getting raped.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    2. Re: Privacy is for everyone by mujadaddy · · Score: 1

      Facebook is acting in bad faith, and probably breaking French Privacy Laws, but the Privacy Laws don't change how HTML works.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    3. Re:Privacy is for everyone by unrtst · · Score: 1

      Browsers can also be configured to aid with this. For example, the option "Block third-party cookies and site data", aka "from originating website only". I believe that used to be available for images as well.

      Which is FAR too crude of a filter to be actually useful. Sometimes third party cookies are helpful. Most of the time they are not. A crude filter like that cannot determine the difference.

      Please provide an example or two of "helpful" 3rd party cookies.
      I'm guessing the answer will be something along the lines of, "so that the 'like' button works on my foxnews.com articles", and that would also be wrong (that button does not need to be loaded from FB's servers and, when clicked, could do the deed that talks to FB).

    4. Re: Privacy is for everyone by dave420 · · Score: 1

      The problem is not HTML. You seem to not understand this issue at all.

    5. Re: Privacy is for everyone by mujadaddy · · Score: 1

      Let me speak slowly, then: HTML allows content to be pulled in from different domains.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
  10. Re:AdBlock+ = inferior & 'souled-out' vs. host by omnichad · · Score: 1

    It didn't block your ad.

  11. Re:A domain in "phantasyland", perhaps? by omnichad · · Score: 1

    What about tech.slashdot.org? What if people want to read the article and on-topic comments but not your ads?

  12. NO TRACKING! by SenseiTim · · Score: 1

    ALL tracking should be banned! I will do anything I can do to prevent any website from tracking Web browsing!!!

  13. Blame the victim by sjbe · · Score: 1

    First let me say that I block everything that I can, to the point of ignoring a lot of content on the net.

    So what? Lots of people don't even know that is possible.

    That's...not how HTML works. The user asked for the data, and they're gonna get it, hard.

    First off, don't even begin to pretend that webpages these days consist of merely HTML. Second, there is absolutely NO reason why the web page serving up the data cannot ask if the person requesting wants stuff from these third parties and to explain who and what these third parties are. That is technologically trivial. The reason they don't is because they are acting in bad faith and trying to hide their shady activities.

    tl/dr: it is absolutely your fault for getting raped.

    So my grandmother is at fault for "getting raped" because she didn't have the technical chops to defend herself? Wow... just wow. That is a perfect example of the sort of idiotic blame-the-victim attitude that forced governments to step in. Relatively few people are the sort of uber-nerd who reads slashdot for fun. Privacy rules by necessity must be a sort of lowest common denominator thing.

    1. Re:Blame the victim by mujadaddy · · Score: 1

      So what?

      Well, it's meant to disarm kneejerk accusations, demonstrating that I actually do understand the privacy concerns. Clearly, it didn't work.

      there is absolutely NO reason .... The reason they don't...

      Um? Please slow down; you're speaking faster than you can handle.

      So my grandmother is at fault for "getting raped" because she didn't have the technical chops to defend herself?

      Yes, she is absolutely at fault. People seem to want individual benefits without individual responsibility. I do not discount that there are bad-faith actors on the internet who should absolutely not be trusted; I am only saying that grandmother should not expect that the domains she visits have her best interests at heart. IT professionals know (should know) this, and it is our fault that grandmother does not.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    2. Re:Blame the victim by unrtst · · Score: 1

      Second, there is absolutely NO reason why the web page serving up the data cannot ask if the person requesting wants stuff from these third parties and to explain who and what these third parties are.

      ... and your browser can do just that if you like! It's not a site feature, it's a browser feature, and the reason it's not on by default is the same reason that the default firewall does not prompt you for every new SYN packet it sends. Feel free to enable that, or block 3rd party cookies. Expecting them to behave (be there and work when you want, but don't do bad things) is crazy.

  14. Re:A domain in "phantasyland", perhaps? by nukenerd · · Score: 1

    Ads from same domain as site are about as plentiful as unicorns.... apk

    Well, for a start, there are about six such unicorns with your initials at the bottom on this very web page. Funny that.

  15. Re:Restating A Non-Anwser Is Not An Answer by dave420 · · Score: 1

    How does a post prove software is safe? That is a ridiculous assertion, APK. Seriously.