Heise's 'Two Clicks For More Privacy' vs. Facebook

First time accepted submitter FlameWise writes "Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)." As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."

don't people already do this?

[Anonymous Coward]

"disable unintentional automatic tracking of all page visits by third-party social sites like Facebook"

I think anyone who cares the slightest bit about privacy already blocks facebook's address blocks, googles trackers, and so on.

Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control. I figure that my computer exists to make MY life easier, not to make

Re:don't people already do this?

[Samantha Wright]

This is a mindblowingly old and tired debate, but I think the typical reply to you goes something like "most people are mostly stupid and as a result we need to take care of them. Further," goes the repartee, "all of this this should be opt-in to begin with."

Re:

[KiloByte]

You mean, it should be legal to rob you or murder you unless you register for a legal protection program?

Re:

[Sique]

It's not called "legal protection program", it's called "applying for citizenship/residental status and paying taxes", but you get the general idea.

Re:

[redcaboodle]

So - where you live tourists are fair game ofr killing and robbing?

Safety of life, limb and property is a human right in civilized countries, not a citizen's right.

Re:

[The Archon V2.0]

So - where you live tourists are fair game ofr killing and robbing?

Yeah.... Duck season, rabbit season, tourist season....

Re:

[Isaac Remuant]

Yes, tourists are just anarchists who can whatever they want and have anything done to them. That's how it works. /sigh

Re:

[Samantha Wright]

By "all of this" I meant "all of this privacy-invading tracking stuff." Didn't you even read the headline?

Re:

[Ihmhi]

They have those, they're called Concealed Carry Licenses.

Well, not everywhere sadly. New Jersey sucks.

Re:

[HiThere]

I can think of decent arguments in favor of that, as long as you weren't bound to any of their rules unless you interacted with those who were signatory. Could end up with governments based around the idea of insurance companies, with some people opting for a more tightly controlled one and others opting for a looser one. And a few just not signing up.

Implementation, of course, would probably be a nightmare. But in theory it sounds nice.

Re:don't people already do this?

[Anthony Mouse]

"Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

If I'm just reading the news, I use whatever computer is in front of me. Sometimes that's my PC, or my laptop, or my PC at work, or a school computer, etc. Having to change a setting on every different computer I use is a huge annoyance, to say nothing of the times when I don't have administrative access to make certain changes.

Anything that makes protecting my privacy the default is a win.

Re:

[Tomato42]

Because installing AdBlockPlus on library computers is so realistic...

Re:

[martin-boundary]

That's exactly right. The ONUS should be on the sites to get individual permission for their tracking, not on you to withold permission each time.

The point being that tracking is already superfluous work that the companies go out of their way to do, so it's ok if the law says they aren't allowed to do it without even more work to get permission from every surfer.

Re:

[John Hasler]

The ONUS should be on the sites to get individual permission for their tracking...

They do get permission. Every cookie, bit of JS, etc was sent to your computer as a result of a GET request from your browser. Every bit of information they receive is sent to them by your browser. Your browser is silently volunteering to let you be tracked. Why don't you fix it or replace it?

...it's ok if the law says they aren't allowed to do it without even more work to get permission from every surfer.to get permissi

Re:

[KGIII]

Most "surfers" don't want the hassle and are happy to be tracked.

[citation needed]

Re:

[martin-boundary]

They do get permission. Every cookie, bit of JS, etc was sent to your computer as a result of a GET request from your browser.

GET is not asking for permission. A GET is an action performed by the browser software, not by the person doing the browsing. What the person is doing is clicking on an unrelated link, so implicit permission applies to the expected content of the click. In particular, hidden content (like web bugs) that merely hitches a ride on the content is not covered by the permission.

Mo

Re:

[nosferatu1001]

That is implicit consent, and is insufficient in the EU

Re:

[Caesar Tjalbo]

I can be bothered but I can use every help I can get. Installing NoScript is easy, determining which sources are legitimate for functionality and content and which I'd like to block isn't. Too many sites require third party resources or writable (flash) cookies to function and still I've no idea how to block browser fingerprinting through the installed fonts.

I've recently gone through the list provided by Ghostery again, blocking all by default and then allowing what seemed to make sense to me, including Di

Re:

[Zorpheus]

Either I accept a site as it is, or I will not visit it regularly. If a site tries to do things that I do not accept, I will not trust it, and I would not visit it regularly. Who knows what they will next come up with?

Re:

[Opportunist]

Yes. Why not? We do it all the time. I can't be bothered to fix my own car, I hire a mechanic for it. I can't be bothered to clean up my mess, I hire a cleaning lady to do that for me. I can't be bothered to pick up my new TV and haul it home, I get a delivery service to do that.

Why shouldn't it be possible to hire a privacy protection service? Considering that it's mostly a "one size fits all" problem and delivery is cheap, with the volume it should be possible to offer that service at a nominal fee and st

Re:

[asdf7890]

"Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

Not that easily, at least not for basic users. I can control everything on my main PC and netbook and know what needs to be controlled to sort out privacy issues I care about, but most people don't have that level of knowledge and there are many circumstances where the level of control is not present. You can't install privacy protecti

Re:

[smellotron]

A computer is a lot like a woman - they'll both do whatever the hell they want until you train 'em and tell 'em what to do and how to behave.

You may have better luck using root privileges [xkcd.com].

Re:

[Opportunist]

No, because "my computer obeys me" is not a statement, it's a core feature requirement.

I don't get it...

[FormOfActionBanana]

They embed a Facebook "like" button on their website... And then they decide it's creepy so they grey it out???

When I think something is creepy I just remove it....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

The act of loading the like button is what allows Facebook to track users. This site defeats this by deferring the loading of the button until after a user asks for it. The AJAX call is to Facebook to load the button (and track the user).

Re:

[zach_the_lizard]

You are wrong:

AJAX: Asynchronous JavaScript And XML

Asynchronous because the js call happens after the page has already beeen loaded and XML (ie XHTML) is what is returned from the call. Or rather, returned and inserted, if you want to be pedantic (which you obviously do.)

Loading it after the page does does not make it asynchronous. Clicking on their brand new like button could trigger a fully synchronous web request, blocking the UI until it returns. That's likely not what they did (no one wants a blocked UI), but there's no law of nature saying that loading something later has to be asynchronous.

Re:

[gl4ss]

if you could do it as a browser extension and it doesn't need the server side for anything after the initial page load, it's not AJAX.

Re:

[Fjandr]

JavaScript (which is definitely NOT Ajax)

Nope, you have to add HTML and CSS to arrive at AJAX. ;)

Re:

[Serious Callers Only]

Nope, you have to add HTML and CSS to arrive at AJAX. ;)

I wonder why so many people who have no idea what they are talking about seem to think AJAX is required for this?

AJAX has nothing to do with CSS. AJAX is the use of javascript to make remote calls to a server and use the data returned (usually json, xml or html fragments) to populate the parts of the page without reloading the entire page. It does not require HTML and CSS, though it usually goes with an HTML page.

Hiding a facebook like button until clicked does not require AJAX.

Re:

[Fjandr]

It was a joke.

Re:

[Sique]

JavaScript (which is definitely NOT Ajax)

I wonder why AJAX is an abbreviation for Asynchronous JavaScript and XML then.

Re:

[zach_the_lizard]

JavaScript is a part of the AJAX pattern. It isn't AJAX. In either case, the JavaScript here doesn't have to make any web request; it just switches out an iframe, and can be fully synchronous.

Re:I don't get it...

[Arancaytar]

The greyed-out dummy button (that's what the markup calls it in the HTML class description) has the function of showing users that the option still exists, but requires them to enable it. It also is loaded from the Heise site itself, thereby requiring users to explicitly opt in before their browser sends any request to Facebook.

Consequently, instead of automatically sending data about all visitors (including those who don't even have Facebook accounts and have no use for the Like button) to Facebook, only those visitors who want to give information to Facebook anyway (by clicking the Like button) will be tracked.

Re:

[netsharc]

Indeed it is! And it's a clever solution to prevent data-leakage which German websites (and hopefully others) will probably now copy, which is why Facebook is panicking about it. "Oh shit, they figured out a solution to prevent us from monitoring users* on the web! We're fucked!".

* Seriously, even a non-FB-account-owning user probably has a tracking cookie from facebook.com to uniquely identify him/her across all sites that have the Like button, and that information is still very useful for marketers, which

Nice to see this.

[ArchKaine]

I have to say that I'm impressed with Heise doing this. This puts the choice of being tracked into the user's hands.

Re:Nice to see this.

[Anthony Mouse]

I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.

Re:

[Commontwist]

Yea. I didn't know that and I am most certainly displeased by that little trick. It's like 'put this like button on your webpage so Facebook can track everyone who looks at your webpage for free even if they don't use the button'.

That kind of accurate info like how many people are visiting certain websites and which pages could be sold to competing websites by Facebook. I'm not surprised the site did that if they realized the implications of the buttton.

Re:

[vlueboy]

It's only because Germany very recently started pushing an anti-facebook stance. I doubt they would have implemented this so easily without a government breathing down their necks --they're the largest German web news provider IIRC.

Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments a-la CNN, New York Times or Yahoo (too lazy to translate and confirm whether they have a official off-site forum that is obligatory of sites looking for

Re:

[Arancaytar]

they're the largest German web news provider IIRC.

Note that they're also the foremost German tech news publisher. Their articles are aimed at precisely the section of readers that are more likely to care about their online privacy and to recognize when something violates it.

Re:

[silanea]

Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments [...]

It would have been sufficient to RTFA to see that you are wrong. Underneath the text even the Google translation shows quite prominently "Read comments (162 posts)". Let us visit the largest German news websites that I can name off the top of my head and click on an exemplary story to see who has per-story comments:

• Süddeutsche Zeitung [sueddeutsche.de]: check
• Frankfurter Allgemeine Zeitung [faz.net]: check
• Die Welt [www.welt.de]: check
• Der Spiegel [spiegel.de]: check
• Focus [focus.de]: check
• Stern [stern.de]: no
• TAZ [www.taz.de]: check
• Tagesschau online [tagesschau.de]: check

7 out of 8 have per-story co

Re:

[xaxa]

It's only because Germany very recently started pushing an anti-facebook stance.

No, the whole EU has, pretty much since the start, had a pro-privacy stance. More recently, attention has turned to website privacy matters -- e.g. cookies.

I work for the British government, and a few months ago had to confirm exactly what cookies were used on our websites. In my case, only session cookies to track "shopping basket" type things, which are fine, but the main website uses Google Analytics. It's likely that at some point in the next 12 months we'll have to remove Google Analytics. (Or, perh

Re:

[yacc143]

Well, technically what many US companies have been doing has been strictly illegal in the EU. Germany traditionally has a tendency to be strict on privacy protection, but technically the law is just a local reenactment of the EU data protection directive. Worse, for US lobbies and politicians, the "Datenschutzbeauftragte" is position that is hard to pressure. Basically if you do a business with person X, you are by law required to do it with the minimal data collection possible. Or you let the user opt-in i

Re:

[Opportunist]

Germany, and large parts of the EU. If you read the "Datenschutzgesetz" (data protection law) of Germany, and if you consider just what lengths you have to go to to protect the privacy of your users, you wonder whether you should store ANY kind of information AT ALL.

I.e. how it should be.

Re:

[nosferatu1001]

It is also a requirement of new directives that force EXPLICIT consent from users.

the like button is a webbug

[way2trivial]

and this fact? this surprises you? really?

Re:

[geekmux]

I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.

Facebook should be irritated, but certainly not shocked about peoples (or content providers) reactions to discovering what they've been doing with tracking.

Of course, we should also not be shocked when a month from now, not a damn thing has changed with regards to people being concerned about their privacy and tracking online.

Re:

[vlueboy]

The name sounded familiar and some digging shows that these are the same guys that did an IPv6 trial [h-online.com] in the past year. So they've already one-upped slashdot with something.

Maybe I'll start learning German to be packed up for the not-so-far day when slashdot implements their Like button: thousands of us per day already acquiesced with Geeknet adding 3 different links to "follow us on $SOCIAL_NETWORK" on the front page. The next logical step to ???? PROFIT! is just to wait for a juicy FB/FBI deal to track non

Re:

[V for Vendetta]

Heise is famous (or "infamous" to certain parties) for "Doing the right thing(tm)!". They've done so in the past and I truely hope they continue to do so in the future.

Something else /. won't bother with

[Burz]

Privacy is just something to gossip about.

Re:

[Johann Lau]

good point... is there something like a "fuck facebook" plugin? you know, block all resources hosted on facebook domains, unless you're actually browsing facebook... if something like that doesn't exist, it kinda should, and surely google and others could use being included in that, too....

Social media AdBlock list

[xororand]

This filter list for the Firefox addon "AdBlock Plus" is exactly what you're asking for. It blocks social networking elements everywhere except on the sites themselves.

http://www.camp-firefox.de/forum/viewtopic.php?f=4&t=82797 [camp-firefox.de]

Re:

[Johann Lau]

thanks! :)

that still leaves chrome, opera and safari :D (yeah I know I'm greedy, but it's for a good cause ^^)

Re:Social media AdBlock list

[brim4brim]

Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome): http://www.ghostery.com/download [ghostery.com]

Re:

[Johann Lau]

wow, that's perfect :D

Re:

[Jah-Wren Ryel]

Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome)

Not really for Chrome. It works sporadically. As in you can load a page and a random subset of trackers will be blocked, hit reload on the same page and a different random subset of trackers gets blocked.

The Ghostery developers blame Google for having a crappy API. They may be right, I don't know. Whatever the reason though it means I only use Chrome for exactly one website, "they" can track me all they want on that one website.

Re:

[KiloByte]

Since you can't exactly accuse Google of being technically inept, it's obvious the inability to block tracking, lack of sane cookie handling, etc, in Chrome is done on purpose. It's not a hard thing to implement, too -- heck, even Netscape (2.0?) did cookies better, by giving you choice to allow/allow for session/reject them, and to save your choice per-domain. As far as I know, in Chrome there's currently no way to have cookies limited to a session by default but allow permanent ones on a whitelist basis

Re:

[coolmadsi]

Check again. "Allow local data to be set for the current session only" and then hit the "Manage Exceptions" button to enable whitelisting domains for permanent cookie storage.

I will have to check my settings, I have all cookies turned off, apart from a Whitelist, but this seems like an improvement (and will mean I don't have to add things to the whitelist when I want to use them once). Thanks!

Re:

[cvtan]

I suspect Ghostery will have the same problem as RequestPolicy. That is, some sites have 50 or so suspicious trackers etc. There is no way to navigate the web if you have to fret over 50 3rd party redirects and tracking widgets on a page. The concept is welcome, but I don't see how anyone can use it efficiently.

Re:

[Call Me Black Cloud]

Thanks for that...that's exactly what I was looking for too.

Re:

[Arancaytar]

AdBlock Plus exists for Chrome.

Re:

[wgoodman]

Actually, the disconnect plugin is there to specifically remove tracking from FB and other sites by default. you can enable it on specific sites if desired, but the default is block all their bs tracking. This blocks things that adblock does not (though adblock is a must either way)

Re:

[Johann Lau]

thanks!

Re:

[Johann Lau]

oh, I don't mind having to whitelist personally, I do that with cookies too and wouldn't want it any other way. thanks for the suggestion!

Simple do-it-yourself (partial) solution

[93 Escort Wagon]

When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

Re:

[Anonymous Coward]

When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

How naive of you. Your IP is still the same, and so is your user-agent/fonts/etc. They don't need you to be logged in order to track you.

Re:

[93 Escort Wagon]

Hence the word "partial" in the subject. They can still track that an individual goes to those particular Facebook-affiliated sites. But, if you're logged in, you're handing them your name on a silver platter.

Re:

[Baloroth]

Yeah, I remember getting a nasty shock a few days ago when I didn't do that (I normally am very obsessive about it), and I noticed my name appearing in other pages. Seriously, Facebook, stop stalking me. Well, that is why browser extensions were made (Ghostery, I hope you work as advertised.)

Re:

[jo_ham]

Why do you think I have Facebook sandboxed in its own browser, separate from all of my other browsing?

I do not trust them as far as I can throw them.

Re:

[jo_ham]

Yeah, people like... my immediate family, and coworkers...

Not everyone just plays farmville on it all day.

Re:

[theCoder]

Logging out is not necessarily good enough. Facebook also tracks IP addresses that aren't currently logged in. Better to add adblock rules like:

||facebook.net^$domain=~facebook.com
||fbcdn.net^$domain=~facebook.com
||facebook.com^$domain=~facebook.com
||fbcdn.com^$domain=~facebook.com

I don't think the last one is necessary -- it has zero hits in my Adblock right now. The others have quite a few hits.

This does mean you won't see any "like" buttons, but if you don't use them, you won't miss anything.

Does an

Re:

[antdude]

Also, clear cookies or use another computer/web browser that don't use Facebook.

GameBoyRMH's sig

[Onymous Coward]

I had just learned about what Facebook had been doing by reading GameBoyRMH [slashdot.org]'s sig:

Facebook's pure HTML tracking system [tinyurl.com] - How long has this been going on?

Re:

[poena.dare]

Can someone explain to me some GOOD things you can do with iframes?

I guess it is a silly question... ?

They just seem like a bad idea to me.

Re:

[Johann Lau]

Can someone explain to me some GOOD things you can do with iframes?

Well, I'm very much a total javascript newbie still, and recently I decided to implement popup windows for my custom CMS thingy. Using iframes for that, I could simply re-use everything as is, and the submit button of pages "embedded" in a popup still works. For example the comment form pops up, you enter your comment and hit submit, the popup says thank you for your comment, you close the popup. Or you go to the "comment on X" page directly

Re:

[poena.dare]

Thanks.

So what if iframes were limited to loading content only from the same domain as the parent page?

Would that be a burdensome limitation?

This is apparently required by law in Germany

[slart42]

Some missing context: http://www.kreativ-ackern.de/2011/08/20/gefaellt-mir-facebook-dienste-illegal/ [kreativ-ackern.de] (In German).

Basically, a German authority for privacy rights has recently claimed that embedding a Facebook "Like" button on your web site is a violation of german privacy rights, because it allows tracking of all users of the web site by a third party. According to the article, having a "Like" button on your site can yield in fines up to EUR 50k. This is probably technically and legally correct, I doubt that anyone would actually be sued any time soon, though. But the headline has made a big splash on the german internet in the last weeks, and I'd assume that heise's move is a direct reaction to this (which is mentioned in the document as a possibly legal way to have a Like button on your web site).

Small correction

[Affenkopf]

Heise didn't change their social 'like' buttons. They introduced them. Heise never had these buttons before because of the privacy issues.

/etc/hosts?

[Pelekophori]

127.0.1.1 www.facebook.com

/ just saying

Re:

[GeekDork]

127.0.1.1 www.facebook.com

I'm blacklisting *.facebook.com, their CDN (fbcdn.net), and connect.facebook.net in ABP (the connect rule is older since it used to break a bunch of sites when the service started and was even more unreliable than it is today). The other solution would be to just make my home DNS auth for those zones, which I've done for a bunch of other crap like doubleclick, making that stuff NXDOMAIN.

Why does it require two clicks?

[kasperd]

It is quite obvious how getting this icon from facebook every time a page is loaded will allow facebook to track it. But why does that mean you have to click twice after this change? Couldn't they just host the icon locally and still let the link do what it used to do on the first click?

Re:

[ais523]

That'd be a CSRF attack against Facebook if it worked. Imagine if sites could simulate a "Like" on themselves from users who had no intention of clicking the button, but had actually clicked something entirely different. It's a good thing that it's impossible.

Sounds reasonable

[DrXym]

I wonder if someone shouldn't produce a script which does this so lots of sites can implement similar behaviour. Not just Facebook but also Google+, Digg etc.

fantastic solution

[Tom]

This is actually a fantastic solution to a good part of the social-network-tracking-you problem - namely that Facebook et. al. are not only tracking what you do on their site, but also a lot of your other activities.

The best part is that Heise has promised to release the source code next week, so other sites can use the same approach. I definitely want to see this everywhere.

So, here's one interpretation of "Why"

[geekmux]

If I'm understanding this correctly, Facebook, using their "Like" button, has basically been allowed to receive two distinct types of tracking information. One is the information they should be allowed to see (who actually clicks on the "Like" button), and the other is information on whomever loaded the page that contained a "Like" button.

And now, someone has come up with a rather ingenious way to separate those two data streams, and if they're smart about it, sell the latter data back to Facebook rather than allowing them to get it for free.

And Facebook is trying to strongarm them by blacklisting. Now, the question is when another 1000 sites do this same thing, in an attempt to generate an additional revenue stream(selling hit data to FB), will Facebook continue to try and strongarm them by blacklisting?

Why am I having flashbacks and cold sweats over who will win that strongarm war? The words "too big to fail" flashed in my mind for some reason...

Re:

[Josef Meixner]

Sorry, but I very much doubt that Heise would sell that information. First they would probably get into trouble with German privacy laws and their users would be furious if that would become known, I certainly would be. Isn't it possible, that someone just does the right thing once and doesn't see any reason, why some other party (it isn't only facebook, also google+ and twitter are handled the same way) should receive nearly complete information what its users are doing on site?

Re:

[hey]

I hope somebody packages this code as a simple to download and install widget.

Re:

[w4rl5ck]

First thing, Heise will not sell this information, they are basically the good guys, protected by several laws and priviledges they would loose by such action, plus widely financed - they dont need to do so.

Their main interest is to expose something bad going on, which is just living up to their journalist role. Good stuff.

Facebook is already retreating, they know they can only loose, and Heise is - in Germany - very, very big (I think every techy guy/girl in Germany at least pays minimum attention to their

Chrome

[Joe Jay Bee]

Those who don't want this bullshit can install the lovely Facebook Disconnect [google.com] extension for Chrome, which removes any and all Facebook tracking from any non-Facebook pages.

Pain in the arse to have to install an extension because of one company's idiocy, but there we go.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[geekmux]

Um, what? They're purely losing data. Instead of having both (1) the list of users / IPs / whatever who view a page and (2) the list of users who "Like" that page, they now only get (2) and their IP info, rather than everyone's. There is no advantage.

So, a page hit by (1) that merely contains Facebook content (the "like" button) automatically means Facebook needs that (1) tracking information and NOT the site hosting the other 99.999% of the site content? If the original site isn't interested in their own page hit statistics, surely they must recognize the value of that data. Why the hell don't they sell it themselves? Or perhaps they should sell (1) to Facebook instead of giving it to them for free. (sorry, Facebook, but you don't own the patent on

Re:

[netsharc]

Actually (1) is interesting to Facebook because that data of a single user (unique cookie) from a lot of sites means a marketing profile of a unique person ("this person reads foxnews.com, likes to visit gaming websites, shops at target.com", etc, etc) that Facebook can sell to ad-sellers.

Re:Would this not make social targeting work bette

[Riceballsan]

Not really, with the like button the way it is, lets say 2 people went to the page, a skate boarder and a teacher, skateboarder likes the page, teacher glances over it. With that information facebook knows that the teacher looked at the page, but wasn't inclined enough to like it, but if they noticed 75 teachers looking at it without liking it, they'd know something interests teachers in that page enough to look at it, The skate boarder likes it. For the skate boarder side the information is the same, but the information of who is looking at it, but not liking it, is still valuble data.

Re:

[Johann Lau]

and for what purpose? what would I gain by reporting inflated numbers to webite? not that I would ever even come close to a like button, much less employing it, but still, I wonder? I don't doubt the data can be manipulated, but for what ends?

Re:

[Opportunist]

Free ad time by proxy, perhaps?

Don't tell me your country doesn't have one of those "best 10 YouTube Videos" shows on TV yet. If so, please tell me where I have to move to regain some of my sanity. How long do you think 'til we get the same with the "hottest 10 Web Trends according to Facebook-Likes"?

Re:

[0123456]

I guess only firefox / chrome plugins will save us here.

Google Analytics seems to be trivial to block in /etc/hosts. Facebook tracking isn't so easy.

Re:

[Riceballsan]

For google I believe they have a cookie specifically for opt out http://www.google.com/privacy/ads/ [google.com] , I agree it would be nice for an opt in but for the real world, at least an opt out option is nice.

Re:Can facebook see any website I go to...

[Arancaytar]

Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button.

Regardless of whether you are logged in or not. Even if you don't have a Facebook account. The difference being logged in makes is just that they can associate the visit with an identity you built, instead of building one from all the visits to various websites you make with the same IP address.

Re:

[Johann Lau]

heise rules! but that isn't news ^^

Re:

[cvtan]

Ponies? Who has a pony? In fact, I hate anyone that ever had a pony when they were growing up.