Facebook Sued For Violating Wiretap Laws

An anonymous reader writes "Facebook is being sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws. The most recent lawsuit, filed by a Mississippi woman, says: 'Leading up to September 23, 2011, Facebook tracked, collected, and stored its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook. Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook.'"

sorry no

[Osgeld]

There is no way we can let go of this invaluable resource over a few lawsuits. Clearly the wiretap laws need to be changed or we will not have our greatest resource ... worthless information for dumb fuck advertising!

Re:sorry no

[MacGyver2210]

With one free plugin it becomes worthless information with no advertising.

Or if you're in the entertainment or media business, it can become useful information with no advertising.

http://www.adblockplus.com/ [adblockplus.com]

Re:

[jamesh]

ablockplus ftw!

I regularly visit youtube and nearly every music video on there has comments like 'vevo sucks' and I never figured out why all the fuss for an almost invisible watermark in the corner of the video... until I used it in IE one day.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[webnut77]

How does adblockplus compare to ghostery?

After I installed Ghostery, I was amazed at how many trackers some sites use. One site I went to had 32 trackers. After disabling most of them, guess what. No ads, which was really not my goal. I don't mind the ads since I figure that helps a site pay for itself, but I'm not a Facebook user and I don't want FB tracking me.

And another thought, all that tracking is sure going to eat into any bandwidth cap.

Re:

[DarwinSurvivor]

If you don't mind adds but don't want to be tracked, e-mail the website admins and tell them so. They may not be aware their adds are tracking and switch to non-tracking ones. It's a long shot, but even if they don't change, at least you've regained your peace of mind knowing the website owners don't care if you see their adds.

Re:

[bryan1945]

A few weeks ago someone here suggested Ghostery to me. Wow, so many trackers. I spent the next few days deleting a how bunch of them as I progressed through my usual sites.
AFAIK, AdBlock just keeps the ads from showing, but by doing so it may also block the tracker.
To be safer, I use both.

Re:

[msevior]

With one free plugin it becomes worthless information with no advertising.

Or if you're in the entertainment or media business, it can become useful information with no advertising.

http://www.adblockplus.com/ [adblockplus.com]

Mod parent up! No more ads to remove stomach fat :-)

Re:

[Pope]

Block all teeth whitening ads with this one weird tip discovered by a Slashdot poster!

Re:

[bryan1945]

I had forgotten about how bad ads have become since I started using AdBlock. On one site with a forum, I would occasionally here a complaint about the person confusing the ad with the content (um, really?). On one of my favorite sites, the guy runs it as a hobby, so he depends on ad revenue. He offhandedly mentioned something about money, so I disabled AdBlock- wow, what a difference. But I like the site enough to deal with it.

and BetterPrivacy

[Hyperhaplo]

When mentioning adblockplus you should also mention BetterPrivacy [mozilla.org]

ABP rocks for preventing most ads and cookies.. but BetterPrivacy controls flashcookies - LSO [wikimedia.org]s.

Ghostery [mozilla.org] is also a must.

Re:

[Cryacin]

Wonder how many FacePalms there were at FaceBook after this little verdict?

Re:

[ScrewMaster]

Wonder how many FacePalms there were at FaceBook after this little verdict?

There should not have been any. This is not rocket science, from a legal perspective. Either Zuckerberg ignored the advice of his attorneys ... or never bothered to consult them in the first place.

Facebook more than deserves any fallout from this because there was no need for it.

Re:

[FooAtWFU]

Or, more probably, he consulted with the attorneys and business teams and decided they'd go see exactly how much tracking they could get away with.

A legal team isn't supposed to tell you "you can't do something" - not when you're in charge of them, anyway (everyday employees are another mater). You're supposed to tell them what you want to do, and they try to help you accomplish it legally (or how you're most likely to get away with it, depending on how ethical you are).

Re:

[ScrewMaster]

Or, more probably, he consulted with the attorneys and business teams and decided they'd go see exactly how much tracking they could get away with.

A legal team isn't supposed to tell you "you can't do something" - not when you're in charge of them, anyway (everyday employees are another mater). You're supposed to tell them what you want to do, and they try to help you accomplish it legally (or how you're most likely to get away with it, depending on how ethical you are).

True ... and part of due diligence is that you tell the client when his proposed activities are likely to land him in court. It's also possible that said attorneys did not perform due diligence.

Oh well. Couldn't have happened to a nicer bunch.

Ironically

[AliasMarlowe]

Ghostery says that TFA site is infested with Facebook Social Plugins (which Ghostery blocked).

Ghostery and NoScript are strongly recommended for avoiding this sort of crap. Disabling third-party cookies is another method. If you're not a user of Facebook, then yet another technique is to add a bunch of Facebook's sites to the blocked list in your router, or redirect them to 127.0.0.1 in your hosts file. The sad thing is, we should not have to do these things; tracking without explicit authorization per s

Re:sorry no

[rtb61]

The best way to crack down on advertising is perhaps not to block it but to force total truth in advertising. No lies, no exaggerations, no false associations, no people recommending who do not provide proof on continued use of the product and required warnings for any known problems with the product to be included in the adds.

Adds should be restricted to informing people about a product, not about manipulating people especially children, not about false product qualities, not about people lying about using the product and, in fact not about anything that company can not prove to be true about the product.

Re:

[quadrox]

Wow, I have been saying the same exact thing for a while, nice to see someone else agreeing with me :)

Re:

[Internetuser1248]

Me too, this would actually result in advertising being a good thing. I also add to the suggestion my idea of moving all television advertising to a dedicated channel, where ads are scheduled into half hourly slots for different product categories. That way if you wanted to buy a new fridge for example you could turn on the the tv at the fridge/whiteware timeslot and get all the pertinent information about all the possible purchases you could make. Some people say no one would ever watch this channel but if

Re:

[hjf]

I'm going to play devil's advocate here. Filter bubbles and all their implications aside, and ignoring the fact that one can go with the torrent way...

I would LIKE my TV provider to "track" me in some way. I would LOVE to have ads tailored to ME and MY needs. I hate so much, really, so much, the damn soap ads they play all day (at least in my country). REALLY, I DON'T want to see any more soap commercials, or Oral-B, or Colgate Whitening. MAN the colgate ads are so annoying, and soap ads are just sexist. I

Dumb Question

[Anonymous Coward]

Dumb-question guy here: how can a web site gather users' "internet browsing history even when the users were not logged-in to Facebook"?

Re:Dumb Question

[Beryllium Sphere(tm)]

Put a "Like" button on every page they visit and store the Referrer field when the button gets downloaded.

Re:

[sortadan]

Wouldn't that be tracking the communication that the person's browser initiates with Facebook? If there is a law that say logging out of a website has to delete all cookies cookies and wipe any record or what IP you're using, I call dibs on Google.

Re:Dumb Question

[Jane Q. Public]

That is correct as far as it goes. But the problem there is that you have no way to know, ahead of time, what sites might have Like buttons and what sites not. By the time the page is downloaded, and you see the Like button there, it already has you tracked.

Currently, the only way to prevent that is to use a script blocker to block Facebook's javascript from running. Which I do. But it's not a satisfactory solution... they should only be able to track you if you give your explicit permission. What they are doing now is sneaky and unethical, given that most people don't even know they're doing it.

Re:

[Jane Q. Public]

You are correct about the other software solutions, but I disagree with you about that being "the only reasonable solution". I disagree very much. I don't believe it is ethical at all for someone to compile personal data about my communications without my knowledge or consent, much less peddle that data to others.

Re:

[sjames]

It's a bit like stalking. Yes, a person can be seen and incidentally photographed when they're in public places, but dispatching an army of photographers around town to make sure you get photos wherever they go is quite another matter.

Re:

[TeamSPAM]

There is also the cookie stored in your browser, You may not be logged in to facebook, but the cookie will still tell them who you are.

Re:

[AngryNick]

so....what's the name of the facebook-blocking add-in for Chrome and Firefox?

Re:Dumb Question

[Jane Q. Public]

Probably the most popular one for Firefox is NoScript. I don't know about Chrome.

Re:

[Zontar The Mindless]

TL;DR

Sincerely,

Joe User.

Re:Dumb Question

[tomhudson]

"when the button gets downloaded"

Which you *do not have to do*.

It happens automatically. See the "Like" button? It's because it's already been downloaded - even if you NEVER dealt with facebook. Facebook even tracks users vi IP+browser fingerprinting who they can't tie to an existing account so that if/when you DO sign up, they can match that history with you. Totally illegal.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Who they REALLY need to sue.

[tomhudson]

Hopefully they'll get a clue and sue the web site owners as well. There's no need for such detailed information.

Or eventually, we'll come up with "Consumer DRM" - where WE manage our own digital rights. After all, if it's good enough for Sony, it's good enough for you and me :-)

Re:

[psiclops]

i could wear a suit of armour to prevent injury from someone stabbing me.

that does not mean that someone should not be charged for stabbing me.

Re:

[tomhudson]

Sure, whatever. So now sites sending you data that YOUR OWN BROWSER requests is illegal? Would you care to stop knee jerking and think a little bit?

I have a right to assume that the web site will act within the law, same as if I invite you into my home I have a right to expect that you would do the same. The web sites enabling such tracking are violating the law, as simple as that, so instead of YOUR knee-jerk reaction, why not think why people are cheesed off?

Web sites simply don't have permission to

Re:

[sodul]

Whose law? The internet is worldwide.

You might have noticed that here it is about US persons (citizens, or residents), on US soil, dealing with US companies, on US soil. The traffic never leaves US soil.

Being on the Internet does not magically make you a Sealand citizen where you would not have to comply with any laws from any country.

Sure Facebook could apply the same tax evasion tricks to avoid to comply with governments laws, but then they would have to move all their employees to some tiny island nation, as well as all their servers.

Good l

Re:Dumb Question

[icebraining]

See those Facebook "Like" buttons everywhere? They have Javascript loaded from Facebook's website. Even if you're not logged in, it creates a cookie with a random ID, which is then read when you access other sites with the button.

It's easy to reproduce, if they haven't changed it from a month ago: log off from FB, delete all cookies from their domains (fbcdn*, facebook*) and then load some pages with their button.
It worked for me even though I didn't even have an account.

Re:

[mattventura]

I think this lawsuit is related to how the Facebook "like" buttons that are scattered throughout the internet allow FB to track you. Presumably, when you are not logged in, they still track you by cookie/IP/whatever.

Re:

[the eric conspiracy]

By loading a page with a embedded link to Facebook. Like buttons, transparent 1 pixel gifs, etc.

Re:

[ogl_codemonkey]

Logging out doesn't remove the cookie that tells them who you are when you visit a page with the FB 'like' button or similar on it; it just makes it invalid for the purpose of actually being logged in.

Re:

[cyclomedia]

Does anybody else here think that the Like button shouldn't track you even if you ARE logged in?

Re:

[icebraining]

Actually, they create an ID even if you don't even have an account. Or at least they did until recently.

Re:

[AK Marc]

I agree (that there's plenty of blame to go around and other ways to address this without lawsuits), and I don't see how you can defend the practice. I don't go to Facebook. I go to CNN (or whatever) and CNN serves up a "Like" button because they want people to like it and generate more traffic to that page. CNN is trading advertising with Facebook. It's CNN that's loading 3rd party content without "permission" of the user. Facebook is just serving and logging that content. Of course Facebook is loggin

Re:

[AK Marc]

"no practical choice" and "extraordinary effort" are pretty strong language.

And quite accurate for the average person. You must tell your TV what channel you want to watch for it to work. People don't expect that their TV tracks them every time they put in a channel number. The same general principle applies with web sites and the average person's expectations. You are arguing from the position of "I know how it works, and I know how to address the issue, so the steps to "fix" the problem are small." But the reasonable person would not understand the root cause of the issue an

Re:

[AK Marc]

They also track if you have never had an account or logged in.

Re:

[Jane Q. Public]

"But don't sue people servers for your clients behavior."

Sorry, but that's W3C standard behavior, it has nothing to do with the browsers themselves. Although browsers could be changed to block 3rd-party cookies and images, all they are doing is complying with the standard.

Further, this is an overt act on the part of others. It isn't as though those things get there accidentally. So it's not a matter of me dancing naked in front of an open window; morally and ethically it is a hell of a lot more like somebody coming up and peeping in my window. They are not the

Cookies cannot "unlawfully intercept" anything

[Anonymous Coward]

The thing is that this tracking depends on cookies, which are actually sent by the browsers themselves (as per the HTTP spec). Of course I haven't analyzed all the Javascript so I'm not sure, but Javascript does not have the capability to perform any time of interception of network traffic. Of course, I don't know what Flash, etc. could do.

I highly doubt that there is any "unlawful interception" going on here and this is likely just more waste of taxpayer money because we, the technically apt, have to liv

Re:

[Anonymous Coward]

Yeah! They shouldn't use computers, either.

If you don't want bad shit to happen to your computer, then stop using computers. This is your fault. Your fault!

The only recourse is to throw your arms up in the air like a Fraggle, bend over, and take it. Not taking it is consent.

Re:

[EdIII]

The only recourse is to throw your arms up in the air like a Fraggle, bend over, and take it

Dude.... I don't think we were watching the same TV show as kids.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

That's not true. Unless you avoid websites that have those obnoxious like buttons on them there's no way of avoiding them without blocking those domains and the related cookies. Which most people wouldn't do as they have no idea that they're being tracked by them.

Worse is that historically they track people who are logged out of FB or don't have an account to begin with.

Re:

[hedwards]

Nice trolling. The computer doesn't have the means to decide what is and is not acceptable to download from a website, I do. However, I don't have the option of making that decision until such a time as it is downloaded. And sites never disclose to me what sites they're using for what purposes, I can of course block sites, but I have no way of knowing what ramifications there might be.

It isn't a matter of human beings being chimps so much as it is the complete lack of information available. I've looked up s

Re:

[hedwards]

Because most websites tend to be broken if you start disabling random javascript. Which is really the problem, you don't have a basis for making informed consent as they don't tell you what the sites are they're pulling code from and why. If you do start disabling random javascript then you have no actual knowledge of which ones are and aren't necessary or worse aren't even intended by the site.

Now, if you can propose someway of knowing what to actually load, then you're way beyond damn near every single we

Re:

[martin-boundary]

No, it's Facebook's fault. If some guy sells you stolen goods, you still have to give them back. Same principle.

Facebook are taking information from the browser, knowing full well that the person running the browser is unknowingly being deprived of privacy by his browser.

Re:

[agm]

This is not like receiving stolen goods. The user (via software they choose to use) is willingly handing Facebook this information. It's a bit odd to willingly hand someone something and then complain later about it. The best option is to stop handing them that information in the first place.

Re:

[hedwards]

It's not willful if you've logged out in the meantime. Just because I have an account with Google for say email or YouTube, does not mean that I consent to have them tracking me when I'm making posts here, or possibly downloading porn.

Re:

[agm]

And yet you use software that you know sends this information. Being logged in or not isn't relevant. You've configured your software to send tracking information to any web server you browse to.

Re:

[Score Whore]

If you don't want google to know you're downloading porn (and exactly what porn you are downloading) (and any warez, etc.) then you'll need to make very sure that you never use a site that uses recapcha. Fucking google.

Re:

[hedwards]

The browser doesn't have legal standing to consent, and a lack of opt out is not the same thing as granting consent. One does not have the ability to prescreen sites before loading them.

Re:

[cffrost]

It's a bit odd to willingly hand someone something and then complain later about it.

Sure, just like those people that willingly handed $65 gigabucks to Bernard Madoff and then complained about it later... Say, what ever became of Mr. Madoff?

Re:

[agm]

I understand your point, but how does that relate to this law suit? At the end of the day this is not about Facebook taking your private information, it's about you *giving* that information. From a legal point of view that quite a big difference, regardless of how impractical it is to configure your software to stop handing this info to Facebook. There are a few Firefox add-ons that prevent this from happening without disabling cookies altogether.

Re:

[martin-boundary]

At the end of the day this is not about Facebook taking your private information, it's about you *giving* that information.

No it's not. *You* (aka the average user) aren't giving the information. You have no idea the information is being given, and in all likelihood you would object to giving the information if you knew it was being given (*). So there's no consent (by you) when your *browser* is communicating with a facebook server through an unrelated website. Your argument therefore is inapplicable

Re:

[agm]

So there's no consent (by you) when your *browser* is communicating with a facebook server through an unrelated website.

You are responsible for the software (in this case a browser) - it's yours, installed on your computer that you are using. You have it configured to send out tracking information. If you don't want it to send out such information, then don't leave it configured to. You choose to use it with those options enabled.

Re:

[martin-boundary]

You are responsible for the software (in this case a browser) - it's yours, installed on your computer that you are using. You have it configured to send out tracking information. If you don't want it to send out such information, then don't leave it configured to. You choose to use it with those options enabled.

Nope, most people never configure their browser at all. It's got a default configuration that came with the computer (ie it was actually configured by some technician prior to delivery o

Re:

[cheater512]

That isn't what the law says though. The law only applies in wiretapping cases.

You can try and change the law to include tracking cookies, but you cannot apply the wiretapping law to this case.

Re:

[ScrewMaster]

That isn't what the law says though. The law only applies in wiretapping cases.

You can try and change the law to include tracking cookies, but you cannot apply the wiretapping law to this case.

I'll bet they can. "Wiretapping" doesn't necessarily have to involve wire. I'm not a lawyer, and I haven't read the statute in question, but if these States Attorneys didn't feel they had a case I doubt they'd have filed suit. Furthermore, even if the law doesn't sound to applicable to the technical types that populate Slashdot, odds are it can be made to sound that way in court. Just takes a friendly or misinformed judge to allow a twisted interpretation to stand. You just have to look at thirty-odd thousa

Re:Cookies cannot "unlawfully intercept" anything

[Jane Q. Public]

"The user is intentionally using software that sends tracking information (cookies) to Facebook"

No, that is not the case at all. If it were, this would be a different story.

We're talking here about third-party cookies. These are images that come from servers OTHER THAN the one you are visiting. But when that image is downloaded from that foreign server, it gets a record of your ip and what the referring domain is.

The issue here is that while you can control what websites you visit, you have no control over what image bugs or javascript they install on their site, nor is there any way to tell in advance what they are. So you aren't voluntarily doing anything at all; in fact most of the time you probably don't even know it is happening. That does not fit the definition of "intentional". On the contrary; it is downright sneaky.

Tracking bugs like that are completely unethical, and if they are not in fact illegal they should be.

Re:

[agm]

That does not fit the definition of "intentional"

Configuring your browser so it sends cookies is intentional. You can change it so it doesn't. Being aware of this, and doing nothing shows that you consent (if you didn't consent, you wouldn't let your software send tracking information).

Re:

[Jane Q. Public]

"Configuring your browser so it sends cookies is intentional. You can change it so it doesn't. Being aware of this, and doing nothing shows that you consent (if you didn't consent, you wouldn't let your software send tracking information)."

Absolute rubbish. The fact is that it is not practical these days to browse regularly with your cookies turned off. Too many sites require logins, or some other kind of verification. So you are asking me to go far out of my way, and suffer a LOT of daily inconvenience, in order to prevent someone from doing something that is unethical in the first place.

And further yet, I DO NOT CONSENT... it is actually impossible for me to consent... to something that I do not even know is there ahead of time! Consent

Re:

[N1AK]

Bollocks. Your browser, which you control, sends the information automatically when asked because you told it to. You could set it to ask and haven't. There is no way you can argue that you aren't consenting with any credibility. The thing is that isn't the point. Just like EULAs no one reads, crazy TOS etc we are constantly 'agreeing' to things that we don't want to agree to because the time taken to even consider it makes it effectively impossible to do so.

If the major browser manufacturers implemented

Re:

[OneMadMuppet]

How is this even slightly different to the banner adverts we've had since the 90's? Remember doubleclick? How is a Like button different to a Digg button, or SU, or even a Slashdot button? It's not.
If I got to a website that has adverts or articles I EXPECT it to have tracking for either advertising or social buttons (as well as it's own metrics). Clean your browser and see how many cookies are set by slashdot, or CNET (shudder) or MSN.
You know, I don't mind cookies - and here's why: They're going to show m

Re:

[julesh]

No, that is not the case at all. If it were, this would be a different story.

We're talking here about third-party cookies.

Every browser I've used since some time around 2005 or so can be configured not to send third party cookies. Most come preconfigured not to do so; I know that some time around 2006 I had to rewrite some of my sites that used third party cookies (to track users across a single site that operated on multiple domains) because it simply didn't work for the majority of my visitors. Preventing yourself from being tracked by third party cookies is *trivially easy*.

If we're just talking about the referer[sic] hea

First Facebook, then ...

[PPH]

... everyone else.

What FB is doing has already been done via banner ads provided from a few major ad sites for years (instead of 'Like' buttons). Its possible that Facebook is legally in a different position then the advertisers, since they (FB) can identify their users. But other then that, tracking is tracking.

Re:

[MacGyver2210]

Everyone else? Good.

This is invasive and illegal if you correctly read the laws and don't 'interpret' them to suit your donors and benefactors.

Misuse of wiretapping law.

[BitterOak]

As much as I dislike Facebook's rampant disregard for users' privacy, this is simply not what the wiretapping law is about. The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties. What Facebook did is entirely different. With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites. Facebook is not intercepting and recording any communications.

Many of us might not like Facebook, and may see this lawsuit as a victory, but misapplication of federal computer and communication laws sets a dangerous precedent for anyone who uses the Internet. Do something that pisses someone off? The Feds will find a law and twist it to make it fit your actions. If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

Re:

[frosty_tsm]

This is sort of like the "wire fraud" laws used against businesses. They never did anything related to wire fraud, but it's kind of a catch-all for "you did business in a shady way to get money from people." In this case, it's "you tracked people in a shady way."

What we really need is our laws to be updated to reflect technology rather than using laws created back when telegraph lines were high-tech.

Re:Misuse of wiretapping law.

[Nidi62]

If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

But how can you know if a new law is required to cover a new technology without a judicial test of the existing laws? That is what the courts are designed to do: test and apply the laws to a given situation. Let this go to trial. If the courts shoot down the lawsuit due to these laws not applying, then you can go ahead and get new legislation passed.

Re:

[ILongForDarkness]

Agreed let it go to trial. I hope people don't get bribed into a settlement and Facebook get off "without accepting any guilt". I think being able to settle without accepting guilt in general is silly. You settle to save the cost of court and the risk of losing more money then the settlement is going to cost you. You shouldn't be able to get away without admitting that you did something wrong that is why you needed to pay. Somehow only individuals are expected to apologize when wrong and corporations are su

Re:

[CastrTroy]

All good and fine when it's facebook, a multi billion dollar company facing the charges. They will probably get off. But I don't think people would have the same attitude if it was a much smaller entity getting charged, without so much means to defend itself.

Re:

[syousef]

If new laws are needed to cover emerging technologies, they should be considered by appropriate legislative and regulatory bodies. Then people can comply with the law or face the consequences. But if laws can be twisted to cover any behavior we don't like, it makes it difficult for anyone to be sure they are in compliance with the law.

But how can you know if a new law is required to cover a new technology without a judicial test of the existing laws? That is what the courts are designed to do: test and apply the laws to a given situation. Let this go to trial. If the courts shoot down the lawsuit due to these laws not applying, then you can go ahead and get new legislation passed.

That is why I wholeheartedly disagree. As far as possible the law should be based on the intent of the offender and consequences to victims, not on which technology de jour was used to commit it. Then we wouldn't need judges with degrees in IT as well as law to make a sound judgement. In general tech is just the enabler. The issue here is privacy, not whether HTTP cookies, like buttons, FTP, gopher or carrier pidgeon was used to transfer the information.

Re:

[DoofusOfDeath]

If a law is written such that people don't know how it applies until a judge rules on it, isn't that an ex post facto law, for all intents and purposes?

Re:Misuse of wiretapping law.

[Bill Dimm]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked? The tech-savvy ones might have realized that that was a possibility, but I would guess that a lot of website operators put the button on their pages to allow their users to "like" a page, not for the purpose of allowing Facebook to track them. Car analogy: If I give my car keys to a mechanic to change the car's oil, that doesn't mean I've consented to having him install a GPS tracker so he can monitor me.

Re:

[fatphil]

Your analogy has nothing in common with the situation in question at all.

The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade: the first google hit points to 1999, http://news.cnet.com/2100-1017-243077.html , but they go back a while before that.

Re:

[Bill Dimm]

Your analogy has nothing in common with the situation in question at all.

Nothing at all? Facebook is given access to another website's users for one reason (to supply a "like" button), and it uses the opportunity to do something else (tracks the user). Likewise, the mechanic is given access to my car for one purpose (change oil) and uses the opportunity to do something else (install GPS tracker).

The situation is basically no different from the old 1x1px transparent web bugs of old. The tech savvy have known the implications of those for over a decade...

Please re-read the post by BitterOak that I was replying to, and you'll see that it is different. BitterOak claimed that it isn't wirefraud because wirefraud involves interception by

Re:

[BitterOak]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked?

Well, in that situation, the person clicking the Like button is communicating with Facebook, not the hosting website, so wiretapping laws are even less applicable. How can Facebook be wiretapping a communication between a user and Facebook?

Re:

[Bill Dimm]

With the consent of certain websites, the cookie mechanism is used to inform Facebook when users visit these sites.

Is that true? Did the website operators displaying a Facebook "like" button actually know that it allowed their site users to be tracked by Facebook even if the button was not clicked?

Well, in that situation, the person clicking the Like button is communicating with Facebook, not the hosting website, so wiretapping laws are even less applicable. How can Facebook be wiretapping a communication between a user and Facebook?

This isn't about tracking someone that clicks the "like" button (note that I said "was not clicked" in my previous post); it is about them tracking someone when the "like" button is displayed on some webpage. So, a website operator embeds a "like" button thinking that it does nothing but allow the user to like the page by clicking it, the user does nothing but load the page into the browser, and Facebook gets tracking info. How did the website user consent to tracking when he/she did nothing but load a we

This

[cyclomedia]

I have no problem with the Like button being there. But EVEN IF I AM LOGGED INTO FACEBOOK it should not record my page hit unless I click that button.

Re:

[Bill Dimm]

Is it facebook's fault that when given a piece of embeddable, executable javascript, they were too lazy and inept to see what a technically savvy person could have in 15 seconds?

If it intentionally does something significantly different than what Facebook tells the user it does, yes it is Facebook's fault. Is it the mechanic's fault if he plants a GPS tracker in your car during an oil change when you could find it with a 15 second inspection? It's ridiculous to expect everyone (including bloggers and other non-technical people) that posts something on the Internet to audit the tools provided by others to verify that they do what they claim. Furthermore, all a code inspection woul

Re:Misuse of wiretapping law.

[Jane Q. Public]

"Facebook is not intercepting and recording any communications."

Yes, it is, at least in a sense.

Facebook is recording your IP, What sites you visit, and when. While it isn't recording any other communications, it doesn't need to in order to violate privacy.

What Facebook is doing is equivalent to a Pen Register used on telephones. The Pen Registers record what calls are being made, when, and to what number. But they don't record any actual conversations.

But even Pen Registers are illegal, and can only be used by Law Enforcement under strict conditions. The standard of evidence for allowing use of a Pen Register is lower than for actually tapping a phone line and listening to the conversations, but it is still legal only for law enforcement and it still requires due process, meaning they have to petition a judge for permission, and explain their evidence.

Re:

[Jane Q. Public]

"That's legal under wiretapping laws."

Not in my state. Here, unless ALL involved parties agree, it is illegal as hell.

Re:

[Aighearach]

The wiretapping law is meant to cover interception by a third party of communications between two other non-consenting parties.

No, it is often intended to cover cases where any of the parties are non-consenting.

Re:

[BitterOak]

No, it is often intended to cover cases where any of the parties are non-consenting.

Not the federal wire-tapping laws. Some states require two party consent for recording conversations (and then the law generally only covers audio recording, which is not the case here), but I think Facebook is being sued under a federal wiretap law.

Re:

[Burning1]

Actually, it's my understanding that wiretap laws are being used to model laws against GPS and other tracking devices, and it's totally possible that illegal tracking of people can fall into the realm of wiretap law.

Beyond that, it's not difficult to argue that the facebook bug is being used to intercept and record communication between two parties without concent of both parties. After all, my requests and responses are private communication, and I would not be surprised to find that the facebook bug is be

Figures they went to that Bilderberger meeting....

[sgt_doom]

....attended by the Usual Suspects, David Rockefeller, Henry Kissinger, top banksters on the planet (and the hedge funds which are owned by the banksters which own the banksters --- interlocking stock ownership up the wazoo!). Once Marky Zuckerberg (Facebook) and Bezos begin attending with the rest of the global banking cartel -- it figures that they are the forward army of societal information systems engineering --- and I'm being quite serious.

http://disinfo.s3.amazonaws.com/wp-content/uploads/2010/11/Screen-shot-2010-11-17-at-10.30.55-AM.png [amazonaws.com]

http://farm7.static.flickr.com/6231/6238828974_5389387b60_b.jpg [flickr.com]

Wouldn't this apply to other tracking mechanisms?

[Virtucon]

I guess unless you explicitly "opt-in" this could be extended to all tracking mechanisms such as fine grained or coarse grained GPS tracking, Ad-Aware cookies which track which websites you've been on etc. It seems Facebook is being singled out here but I can't honestly think that they're doing much of anything different than what has been happening on the web for years.

Disabling Cookies has been mentioned here so I guess like disabling Adoobe Flash Cookies (Storage) and disabling cookies in General, you'l

Re:

[Virtucon]

Well owning vs. interest is one thing but I guess it goes to salesmanship. It just seems funny as in the rest of the Internet, that they don't forget and think that I'm a potential purchaser of products from 15 years past. It just still seems funny because by that logic, my ex-wife would think that I should still pay for her credit cards because I did it 15 years ago.

Been happening for ages...

[craznar]

I've had this issue with Facebook for ages (i've cleared my Facebook account over a year ago, and logged out) - I visit a site I've never been to before and it goes "Welcome " ... where the name is the name I have on my Facebook account.

Irony

[Zemran]

Did anyone else notice the Facebook like button at the bottom of the page? They now know you know they are watching you ....

Re:

[RazorSharp]

If I wanted to see Facebook crap, I would join Facebook.

I've used multiple extensions that claim to block Facebook stuff and they only work half the time. I still haven't found one to stop getting Facebook cookies. I have to delete them all the time even though I've never gone to Facebook's website. I can't go to any commercial website these days (except Google) without getting their crap on my computer.

Re:

[Kaenneth]

No, it dosn't, I've run Windows Media Player (Version 11) with a packet sniffer running dozens of times, and every single connection is easily accounted for.

Care to be more specific?

Re:

[cheros]

SSL (https) requires extra computing power, and you'd be wasting that to read something that is already in cleartext and public. I won't even hide your browsing habits, because that would require URL obfuscation, not SSL.