Heise's 'Two Clicks For More Privacy' vs. Facebook 206
First time accepted submitter FlameWise writes "Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)." As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."
Comment removed (Score:5, Informative)
Re:don't people already do this? (Score:4, Informative)
Re:I don't get it... (Score:2, Informative)
The act of loading the like button is what allows Facebook to track users. This site defeats this by deferring the loading of the button until after a user asks for it. The AJAX call is to Facebook to load the button (and track the user).
Simple do-it-yourself (partial) solution (Score:4, Informative)
When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.
Re:Social media AdBlock list (Score:4, Informative)
Re:Would this not make social targeting work bette (Score:5, Informative)
Re:Simple do-it-yourself (partial) solution (Score:2, Informative)
When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.
How naive of you. Your IP is still the same, and so is your user-agent/fonts/etc. They don't need you to be logged in order to track you.
This is apparently required by law in Germany (Score:5, Informative)
Some missing context: http://www.kreativ-ackern.de/2011/08/20/gefaellt-mir-facebook-dienste-illegal/ [kreativ-ackern.de] (In German).
Basically, a German authority for privacy rights has recently claimed that embedding a Facebook "Like" button on your web site is a violation of german privacy rights, because it allows tracking of all users of the web site by a third party. According to the article, having a "Like" button on your site can yield in fines up to EUR 50k. This is probably technically and legally correct, I doubt that anyone would actually be sued any time soon, though. But the headline has made a big splash on the german internet in the last weeks, and I'd assume that heise's move is a direct reaction to this (which is mentioned in the document as a possibly legal way to have a Like button on your web site).
Re:I don't get it... (Score:4, Informative)
The greyed-out dummy button (that's what the markup calls it in the HTML class description) has the function of showing users that the option still exists, but requires them to enable it. It also is loaded from the Heise site itself, thereby requiring users to explicitly opt in before their browser sends any request to Facebook.
Consequently, instead of automatically sending data about all visitors (including those who don't even have Facebook accounts and have no use for the Like button) to Facebook, only those visitors who want to give information to Facebook anyway (by clicking the Like button) will be tracked.
Re:Can facebook see any website I go to... (Score:4, Informative)
Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button.
Regardless of whether you are logged in or not. Even if you don't have a Facebook account. The difference being logged in makes is just that they can associate the visit with an identity you built, instead of building one from all the visits to various websites you make with the same IP address.
Small correction (Score:3, Informative)