tomhudson's Journal: Facebook tracks everyone through the "Like" button on sites

From the groklaw.net sidebar

[PJ: Be aware that this scholarly paper, Facebook Tracks and Traces Everyone: Like This!, says that any time you visit a page with a Like button, a cookie is placed on your computer, and harvested by Facebook, so you can be tracked from that day forward, whether or not you are a Facebook member: "When a user does not have a Facebook account, there is no cookie and no user ID available. In this case, a visit to Techcrunch.com includes an HTTP GET request for the Like button. However, when the button is provided there is no cookie issued. Thus, it seems that the Like button itself is not used to issue cookies. However, when a site is visited which includes Facebook Connect (for instance Gizmodo.com) this application issues a cookie (fig. 2). From that moment on, visits to other websites which display the Like button result in a request for the Like button from the Facebook server including the cookie....

As indicated, after visiting a web site on which Facebook Connect has been implemented, the request for the Like button includes a cookie. This cookie has an expiration date two years from the moment it was issued. However, by browsing across web sites, additional cookies can be placed on the users computer and these can be added later on in new requests....

Based on the cookie, the entire web behavior of an individual user can be followed. Every site that includes some kind of Facebook content will initiate an interaction with the Facebook servers, therewith disclosing information about the visited web site together with the cookie." Just so you know. Oh, and if you later become a member of Facebook, such as is required now by the LA Times if you wish to make a comment there, Facebook has already a treasure trove of information about you to connect with your new user ID.] - James Niccolai, ComputerWorld

If you're in Canada, this is illegal without your consent under PIPEDA. And Facebook isn't the only one.

And if you're running firefox with noscript

[plover]

and Adblock Plus and Ghostery and Greasemonkey and Flashblock and blitzableiter and BetterPrivacy and CookieButton and RefControl and SkipScreen it's not only not a surprise, but it's not an issue. Same with whatever that "bruzzer" one was or whatever they called the tracking thing that shared your purchase history with friends. Or google adsense. Or crazyegg. Or any of the several hundred tracking sites. Or any site that adds extra javascript to a web page.

On those odd occasions where I want to see the

Re:

[Bill Dog]

"why the hell do people voluntarily put up with this shit?"

I looked at that list of addons you spent time and energy tracking down and installing and figuring out how to set up, and asked myself basically that same question. Maybe if I got paid I'd do that.

I used to have a UNIX shell acct. for Internet access back in the day (until SLIP or PPP accounts supplanted them) and had it customized out the wazoo. Same for my Mac Plus in college. I also used to spend hours on end gaming.

But that was in my teens and

Re:

[plover]

Well, being paranoid takes time. :-) Staying malware-free while never installing an anti-virus tool in the last 30 years takes care and knowledge. And I'm both malware-free and paranoid.

But really, I've been dragging most of those tools around for a lot of years, and really only think about them when installing a new machine. For example, do I really need both Flashblock AND noScript when noScript offers flash protection? Probably not, but I've run Flashblock since it came out because it's dead simple;

Re:

[Bill Dog]

Trained, or maybe rather it's convinced. Your "greedy and foolish" is someone else's "why should I have to go thru all that, and why should I miss out on things just because there's a chance I might catch a virus, and why should I care if I do". My dad says he doesn't care if someone's spying on his computer, because he doesn't do or have anything of value on it. And it would never fly to tell my mom not to view everything forwarded to her by her friends and extended family.

Some people just aren't willing t

Re:

[tomhudson]

The problem is that as long as you can SEE the "like" button, you're already tracked, even without them putting a cookie on your hard drive. It's the same way I implemented anon shopping carts that can be transferred to a user after they register or sign in.

Re:

[plover]

but I don't SEE this "like" button that you're talking about. (Perhaps if I were running Aieee! I'd see it.) At least one of those blockers I use must kill it like the cockroach it is.

Depends where you're sitting

[plover]

If you're in Canada, this is illegal without your consent under PIPEDA.

Good think facebook isn't a Canadian company then, otherwise they might be breaking some kind of law that we wouldn't give a shit about anyway. Now, if it was a Canadian company that was offending the fragile sensibilities of the USAsians, that'd be a completely different and obviously illegal situation.

Besides, it's the user's browser that's requesting the script from facebook and sending the info to them; facebook's hardly at fault just because some idiots sent them their I.P. address to be tracked.

Ghostery, Privacy+ and AdBlock+

[Jeremiah Cornelius]

with *.facebook.com in my /etc/hosts as 127.0.0.3

Re:

[Ruzty]

You want to add fbcn.net or something similar. It's the Facebook Content Network domain. They feed up a lot of cruft from there too.

Re:

[Jeremiah Cornelius]

Thanks!

Tahoe/Data Manager

[tqft]

I posted this at groklaw as well

New data manager addon for firefox (built into seamonkey 2.?)

http://home.kairo.at/blog/2010-11/tahoe_data_manager_updated [kairo.at]

"Central access point to Cookies, Content Preferences, Permissions, Form Data"

I live in seamonkey (pity chatzilla is currently busted - bleeding edge and all that).

When I want to go to ugly sites, I fire up ff. On exit - all gone. Track that assholes.