Facebook's 'Like This' Button Is Tracking You

Stoobalou submitted a story about some of the most obvious research I've seen in a while ... "A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move. Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not. Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect."

Not that hard to kill facebook's tracking

[gurps_npc]

Noscript, Taco with Abine, BetterPrivacy.

Plugins

[mr100percent]

This is why I use plugins like Defacer [babelstudios.se], which hides the iframes for Facebook and (coming soon) the other Share buttons.

Re:Not that hard to kill facebook's tracking

[jo_ham]

Even easier, I just keep Facebook sandboxed in a totally separate browser that never visits any other website. This browser is also equipped with adblocking, script blocking and so on.

They can't track you if you don't go anywhere. I also never click on links in facebook posts or on the facebook page - I copy and paste them into a text file and strip off any added facebook nonsense to get to the actual URL.

Re:Plugins

[Anti-S]

AdBlock exception rule: ||facebook.*$domain=~facebook.com|~127.0.0.1

Re:Perspective, kthxbai

[Faylone]

Even if you're not going to read the article, could you at least read the summary? Even if you don't use Facebook, you're still being tracked.

RTFA

[Anonymous Coward]

If you even have a facebook session going - and the controls for a "Like this" button are on the page, I wouldn't be surprised if that information gets stored.

"Hey you're logged in! Hey this control knows you're logged in, so it'll work instead of redirecting you to login. Hey, why don't we just send information back to facebook that you visitted this page, even if you didn't hit the like button!"

Would this shock anyone? I haven't proven it but its not far off nor technically impossible. In fact it's pretty easy to embed it in the control, which people just put on their pages, they hardly look at the code.

Yes, that's obvious. The point of the article is that Facebook sets tracking cookies even for people who don't, and never did, have Facebook accounts. This effectively lets Facebook track the surfing habits of non-users as well.

Take this moment to make sure you have your browser's cookie acceptance set to "Only from sites I visit."

Not if you...

[Posting=!Working]

Add this to your Adblock Plus filter:

||facebook.*$domain=~facebook.com|~127.0.0.1

What like button?
You can still use facebook, but they're blocked from any page that isn't facebook.com.

Re:Not that hard to kill facebook's tracking

[BitZtream]

Except the article is about facebook tracking everyone on sites other than facebook, such as when you go to some stores website and they have a 'Like It' button for all their products ... facebook is tracking you and that you've viewed that item, regardless of wether you have a facebook account or not.

But don't bother reading the article or even the summary or anything.

Re:Not if you...

[bassman998]

I use the following Adblock rules:

||fbcdn.com/*$domain=~facebook.com
||fbcdn.net/*$domain=~facebook.com
||facebook.com/*$domain=~facebook.com
||facebook.net/*$domain=~facebook.com

I never see Facebook content on any site other than Facebook, and their social plugin can't track me.

Re:Not that hard to kill facebook's tracking

[seandiggity]

...apparently the pre-Abine version of TACO has been forked as Beef TACO [mozilla.org], so I'm giving it a second chance on this machine...hopefully it doesn't ever get updated with the Abine crapola.

Re:Speak for yourself

[gambino21]

I only recently discovered facebook's instant personalization "feature". I went to rottentomatoes and it showed movies that my facebook friends liked. This seems very inappropriate to me because how did rottentomatoes know who I am in facebook, without logging in or doing any kind of verification. Apparently rottentomatoes uses thirdparty cookies to fetch your facebook info and display it. This seems to mean that potentially any website can check who you are in facebook (if you are currently logged in). I was able to turn off this feature by disabling thirdparty cookies [mozilla.com] in Firefox.

More than anything this seems like a big privacy leak and is the fault of the browsers. This should be off by default [mozilla.org] in firefox and other browsers. If I go to rottentomatoes.com, I would expect that by Firefox would only send cookies back to rottentomatoes and should not even allow read access to other cookies while I'm on that page. The same goes for flash plugins and other scripts, etc. that read cookies, they should only have read access to the cookies for the current page.

Re:No surprises here

[GuruBuckaroo]

Well, many home routers use 127.0.0.1 as the Info/Config page. I think mine uses 127.0.0.2, but still...

I hate to be negative, I really do. However, this post merely illustrates that you have absolutely no idea of what you are talking about.

Unless your router has a monitor and keyboard attached to it, it is impossible for any machine to talk to any other machine using any address that starts with 127. These are "localhost" addresses that always, always equate to the same machine the request originates from. In other words, your workstation.

I'm pretty sure your router actually uses something more like 192.168.0.2. Linksys routers will default to 192.168.1.1, for instance.