Facebook's 'Like This' Button Is Tracking You 273
Stoobalou submitted a story about some of the most obvious research I've seen in a while ... "A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move. Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not. Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect."
No surprises here (Score:5, Insightful)
Re: (Score:2)
Re:No surprises here (Score:4, Insightful)
Re: (Score:3, Insightful)
[...] they only know as much about you as you submit to them. [...]
To me there are two problems: First and foremost, it is increasingly hard to find out who is included in that latter "them". So many external resources are linked in websites, from JS libraries to advertising to tracking cookies from collecting societies to Flattr to Facebook to Amazon to what the hell else there is, that even with Adblock Plus and NoScript I am sometimes overwhelmed with what to block and what to allow. And it is only getting worse.
The second problem is that basically legitimate features a
Re:No surprises here (Score:5, Interesting)
It's trivial to block this -- just add a batch file nofb.bat that replaces your host file with the one that has facebook redirected to 127.0.0.1. If you use fb and wish to actually go there, you can have another bat file, gofb.bat which changes host file back to the one with facebook entry commented out (the bat file may call a little executable that flushes local DNS cache on your machine by resolving the affected domain name). In general case, if you wish to do this selectively for n tracking sites, with n>1, you will need one bat file that blocks all of them and one for each site that has just one site site unblocked, hence you need n+1 bat files. Also, going to any of the tracking sites to use their services will also cost you an extra click for in and out.
Note that google, digg and many others are doing the same kind of tracking, whether you subscribe to their site or not. You get ID on their servers attached to your cookies, tracking your visits anywhere where their bug is placed. That way they can sell to some site A which you are visiting now the fact that you have also visited sites B, C, D, ... earlier (when and how many times each, what kind of content you used there, etc). Of course, if the tracking servers know who you are, they can also sell that info to sites A, B, C..., at a higher price.
Re: (Score:2)
Re: (Score:2, Interesting)
Simpler way:
Block www.facebook.com and facebook.com (which serve the offsite like buttons and such).
Allow m.facebook.com (which doesn't serve like buttons or any scripts).
The result is an ad-free light-weight facebook page without app spam in the feeds, faster page loads off-site, and no Flash cookies or other persistence, without batch file hackage.
Re: (Score:2, Funny)
It's trivial to block this --
I'll give you $100 if you can somehow explain this process to my barely-computer-literate-but-facebook-loving relatives.
Re: (Score:3)
Re: (Score:3, Informative)
Well, many home routers use 127.0.0.1 as the Info/Config page. I think mine uses 127.0.0.2, but still...
I hate to be negative, I really do. However, this post merely illustrates that you have absolutely no idea of what you are talking about.
Unless your router has a monitor and keyboard attached to it, it is impossible for any machine to talk to any other machine using any address that starts with 127. These are "localhost" addresses that always, always equate to the same machine the request originates from. In other words, your workstation.
I'm pretty sure your router actually uses something more like 192.168.
Re: (Score:2)
If you load their images, they can still track you, including setting HTTP cookies.
Re:No surprises here (Score:5, Insightful)
Because the out-of-the-box default behavior for every popular browser is to download everything referenced, pass whatever cookie it happens to have whenever it does that, execute every such downloaded script, and so on.
Facebook isn't really the problem here. Our browsers are.
Re: (Score:3, Insightful)
Yep. I've been aware of this long before Facebook even added that feature. After all, this is the reason that most email programs/sites don't display images by default because spammers use it to verify/track email addresses.
The stupid thing is that the websites just give Facebook the free space without getting anything in return. FaceBook has a free ad on every single page that sites display the Like button on, and all the site gets is the chance that the user will add it to their list of liked things, and
Re:No surprises here (Score:4, Funny)
I'm tired of Facebook, but there really is no good alternative.
There is being social in person...but that's a little strange for us I admit
Re: (Score:2)
The stupid thing is that the websites just give Facebook the free space without getting anything in return. FaceBook has a free ad on every single page that sites display the Like button on, and all the site gets is the chance that the user will add it to their list of liked things, and maybe--if the stars align--their addition will be reflected in someone else's feed and make it go viral.
This is mutual advertising. I understand why sites add the like and share this buttons.
I know people see the stuff I mark liked because I have lost "friends" over it :)
Re: (Score:2)
Yeah, that's what I use it for: advertising. Not to make money from it, either, but rather just to get the word out.
If someone is not a Facebook member I wonder exactly what they're so worried about, though. As mentioned, Google and DoubleClick and other analytic services do the same thing with your anonymized data, and in return you get statistics about the people visiting your site. That's what companies who base their revenues on advertising do. They all want to track you and aggregate your data so they
Re:No surprises here (Score:5, Interesting)
Meh, facebook is just connective tissue; grey matter. I don't really use it all that differently from twitter... actually most of my FB posts come from twitter.
The real content gets posted to Slashdot, LiveJournal, Blogspot, Flickr, Picasa, Youtube, etc., sometimes even Buzz. Twitter / FB are just open / closed syndication engines for that content, sort of like a consolidated form of RSS with some extra integration features.
Relevant to the actual subject, StumbleUpon has always provided a much better "Like" button... since it includes a "don't like" button and actually does something useful with the information you provide by giving you more random links that you would probably like based on what you have in common with the other people who liked that link.
Strangely, I have no desire to share this StumbleUpon "like" information with the rest of my IRL friends on FB / twitter, partly because our pr0n tastes can be quite different, but in general I just don't care to share links as a feed. If there's an article someone should read, I send them a directed email. If I find something funny, I might go so far as to post it to our IRC channel.
Come to think of it, I think FB / Twitter might just be some sort of gap filler for people who don't lurk on IRC.
Re: (Score:3, Interesting)
I'm tired of Facebook, but there really is no good alternative.
I'm tired of Facebook because it needs no alternatives. Narcissists may need an outlet but they always have, but I dont need to be part of their constant need for attention. The one thing I thank Facebook for, is teaching me that my 'friends' have boring lives, and they have as little real interest in my life as I do in theirs. I find myself encouraged to go DO things that are worth posting, and having DONE something really worthwhile the reward has nothing to do with posting it on Facebook.
Re: (Score:2)
Exactly. Can we get a !news tag on this?
Re:No surprises here (Score:4, Funny)
Re: (Score:2)
Why is parent flamebait? If a service is free, then you are the product.
Naw, really? (Score:5, Insightful)
I'm not a doctoral candidate, and I could have told you that.
Facebook's primary objective is data collection and selling it to marketers. It's kind of what they do.
Re: (Score:2)
Re: (Score:2)
...or in the bleeding obvious that has already been told to everyone that didn't work it out.
Re: (Score:2)
Not so different from Google...
Wait so... (Score:5, Funny)
Who would have thought that an innocent company like Facebook, with no privacy issues ever - would stoop to that?
I am shocked! This internet thing is so new to me.
Are you kidding? (Score:2)
If you even have a facebook session going - and the controls for a "Like this" button are on the page, I wouldn't be surprised if that information gets stored.
"Hey you're logged in! Hey this control knows you're logged in, so it'll work instead of redirecting you to login. Hey, why don't we just send information back to facebook that you visitted this page, even if you didn't hit the like button!"
Would this shock anyone? I haven't proven it but its not far off nor technically impossible. In fact it's pretty
Re: (Score:2)
This effectively lets Facebook track the surfing habits of non-users as well.
Take this moment to make sure you have your browser's cookie acceptance set to "Only from sites I visit."
... Doesn't pretty much every site do that? Any of Google's Doubeclick ads are notorious for going through your cookies and finding the best product to put in front of your eyes. So wouldn't any site that serves up Doubleclick ads essentially have access to that information?
It Happened Late at Night (Score:5, Funny)
Facebook's 'Like This' Button Is Tracking You
I now feel I have the courage to speak out about what happened one month ago.
I was walking home from a late night shift and noticed a glassy aero blue vehicle drive by me slowly. I couldn't see inside through the blue glass reflection but the vehicle moved at an ominous pace. I quickened my pace and made hast for my house now only five blocks away. I broke into a run at four blocks, I was so close to home and safety. But I heard the squeal of tires on pavement behind me and my pulse spiked. I covered the next two blocks as fast as the wind but the blue vehicle was faster. It pulled up onto my lawn in front of me and the doors opened as I ran by it. I didn't look, I couldn't look at them but I heard pixelated fingers running through the grass as I scrambled to find the key to open my front door.
I opened the door and turned around to slam it shut but there was a blocky thumb that caused it to bounce back. My wife came in to see what the commotion was about and screamed as the first hand with its blue cuff and erect them grabbed my ankle and tripped me. "Get the children to the panic room" I screamed. And in ten seconds my family was safe but I still grappled with the blue shaded hand holding me down mercilessly as three more hands with blue cuffs came in through the open door. Another held down my other ankle as the third raised his cuff to expose his fully erect thumb. The fourth pulled my pants down and I screamed in agony as I was viciously sodomized in my own living room while my family watched from the panic room camera. For hours it went on while the fourth Facebook 'Like' hand sat their smoking a cigar, laughing and rubbing his thumb and forefinger together when I asked why they were doing this to me. Why? Again, they rubbed their thumbs together with their fingers signifying money.
The police said I was powerless, I had given up my right when I had clicked through the Terms of Service to join Facebook. Zuckface could do whatever he wanted to do to me and I was powerless. The policemen told me to go back to my Farmville and watch my crops and just be happy the 'like' hands had left me alive, at least the Zuck had shown some mercy. Then they excused themselves and cautiously walked out to their squad car, hands ready on their sidearms, alert for any remaining 'like' hands.
It happened to me and it could happen to you.
Re: (Score:2)
Funny? Troll?
Head explodes
Re: (Score:2)
Thanks for the story. Now I won't be able to sleep tonight.
Help for Those That Need It (Score:5, Funny)
Thanks for the story. Now I won't be able to sleep tonight.
There, there, fellow victim, I have a method to help you with this problem. Lay on your bed, look at your hand, now back to me, now back at your hand, now back to me. Sadly, your hand cannot stop the 'Like This' button, but if you stopped using Facebook and switched to Diaspora, you could avoid the blue terror like me. Look down, back up, where are you? You’re on a cloud with only about five hundred other users. What’s in your hand, back at me. I have it, it’s your mouse connected to your computer where you just need to enter your password one final time to leave Facebook. Look again, the mouse is now diamonds. Anything is possible when you're not promoting Facebook. I’m on a butterfly.
Re: (Score:2)
This post is exactly why Slashdot needs to implement a Like button for comments.
Re: (Score:3, Insightful)
Re: (Score:2)
The police said I was powerless, I had given up my right when I had clicked through the Terms of Service to join Facebook.
The like hands are chasing me too. But I have not joined facebook, and I have not clicked through their terms of service.
ABP (Score:5, Insightful)
And that is why we like Add Block Plus. Not only does it protect some of your privacy, it also speeds up your page loading.
Re: (Score:2, Funny)
Unfortunately it makes your CPU slower, because it has to translate all the blocked ADD instructions into a NEG SUB pair.
Not that hard to kill facebook's tracking (Score:5, Informative)
Re: (Score:2, Informative)
Even easier, I just keep Facebook sandboxed in a totally separate browser that never visits any other website. This browser is also equipped with adblocking, script blocking and so on.
They can't track you if you don't go anywhere. I also never click on links in facebook posts or on the facebook page - I copy and paste them into a text file and strip off any added facebook nonsense to get to the actual URL.
Re: (Score:2, Informative)
Except the article is about facebook tracking everyone on sites other than facebook, such as when you go to some stores website and they have a 'Like It' button for all their products ... facebook is tracking you and that you've viewed that item, regardless of wether you have a facebook account or not.
But don't bother reading the article or even the summary or anything.
Re: (Score:2)
I have an adblocker that keeps that crap off the page in my primary browser - I don't see those facebook "like" boxes.
Since the "clean" browser also has no idea about my facebook information, any tracking they are doing is totally unconnected to me.
Re: (Score:2)
That isn't going to help you. If you had read TFA you would know that this is about the Facebook Connect 'Like' buttons that have been showing up on many of the popular websites and how it tracks you behaviour even if you aren't signed up with Facebook. Essentially Facebook has become another cross-site marketing tracker which given their abysmal outlook on privacy shouldn't be a surprise but is still worth noting because of their prevalence.
Re: (Score:2)
+1. Best place to keep FB is on its own Web browser separated from everything else using SandboxIE or a VM. Then on the other Web browsers used for general browsing, have their cookies auto-blocked. If you want to "like" something on FB, cut and paste the link into the FB browser.
Re: (Score:2)
Just Ghostery gets rid of 390 trackers for me.
Re: (Score:2)
Plugins (Score:5, Informative)
This is why I use plugins like Defacer [babelstudios.se], which hides the iframes for Facebook and (coming soon) the other Share buttons.
Re:Plugins (Score:5, Informative)
Thanks (Score:2)
Re: (Score:2)
Re: (Score:2)
There's also a filter subscription for Adblock Plus to block social annoyances: Fanboy Annoyances List [makeuseof.com] (I found it thanks to this article [makeuseof.com]).
Re: (Score:2)
Defacer is great, and it automatically removes (part of the) button clutter. For some added Google protection, there's also this: http://www.orbicule.com/incognito/ [orbicule.com]
I'm not sure if Top Sites in Safari load all scripts, but at the very least it loads images, which are also used for tracking, therefore Defacer is probably not enough.
I Like This article (Score:2)
Obfuscation (Score:2)
How about writing a browser extention that, in the background, visits all known sites that have the 'like' button (intelligently upgraded? That way, they won't know which sites you visited legitimately, thus the data they collect on you is worthless?
in other news (Score:2)
every time you shower you're in danger of getting wet, and supporting socialist water works
Re: (Score:2)
every time you shower you're in danger of getting wet, and supporting socialist water works
This is about getting splashed from outside of the shower.
It's a TRAP! (Score:2)
Beacon (Score:3, Insightful)
Hardly news (Score:2)
I've been noticing this some weeks ago when, on cnn.com, a widget informed what my friends like.
I basically developed the habit of logging out of FB every time, it's not that hard.
As for the Adblock/Noscript solution, I refuse to use it. I wore the hat of a webmaster and I know how important advertising is.
Re: (Score:2)
Re: (Score:2)
I honestly doubt that this is how it works. When I'm not logged in, that data does not appear. Also for the sake of clarity I must bring to light the fact that I have several FB accounts. This might screw their profiling (the profiles have wildly divergent interests and behaviors).
Again, this is only my personal account, so take it with a grain of salt.
Re: (Score:2)
As for the Adblock/Noscript solution, I refuse to use it. I wore the hat of a webmaster and I know how important advertising is.
How important it is to sites that depend on polluting your mind, you mean.
Re: (Score:2)
I'm not going to argue with you on this topic. It is a personal choice, which I made based on my personal experience. You are free to have your own opinion, just don't judge others who choose to think otherwise.
Re: (Score:2)
You are free to have your own opinion, just don't judge others who choose to think otherwise.
That is a load of dingo's kidneys. The brain is one big meat-based discrimination machine. It lets you make yes/no decisions in an analog world. You felt free to share your opinion, and have clearly already made your own related judgments, but you don't want to hear anyone else's. You do not have the right to not be offended.
Re: (Score:2)
Well, I wasn't going to click on the ads anyway, so I'm sure as hell not going to use my bandwidth to view them. Just because you signed a contract with someone who sells ads, doesn't mean you signed one with me -- I don't ow any advertiser my time, my eyeballs, or my bandwidth.
If your site folds because I didn't allow ads, well, your site would have folded anyway, and someone els
Re: (Score:2)
Ok, I'll bite. How do you know that you won't click the ads, if you don't even visualize them?
As for the "owing" part, you have no argument from me, I only see it as a gesture of politeness
Re: (Score:3, Insightful)
I'm not missing it at all, I'm just not seeing it. There is a difference.
*laugh* I am old enough, and curmudgeonly enough, that there are certain parts of the zeitgeist I just don't give a damn about.
Heck, I still don't get this whole showing your underpants thing that sta
Re: (Score:2)
I don't use adblock because I use some basic settings (no flash, block unrequested popups, block images from certain servers) that filter the real crap well enough most of the time. But that's not the point:
I don't mind well-targeted ads *that don't slow things down*, but we hardly ever see those anymore. I was astonished the other day when I was at some tech site and was served simple, fast-loading ads directly relevant to the site topic itself -- and I'm like, hey, get a load of these ads that I *don't* w
I was wondering when someone would.. (Score:2)
I put put 127.0.0.1 in my hosts file for facebook after my gf dumped me and I noticed almost every website calls the facebook like.ph url when you click on a link. Very annoying when trying to navigate with the back button
Not if you... (Score:5, Informative)
Add this to your Adblock Plus filter:
||facebook.*$domain=~facebook.com|~127.0.0.1
What like button?
You can still use facebook, but they're blocked from any page that isn't facebook.com.
Re:Not if you... (Score:5, Informative)
||fbcdn.com/*$domain=~facebook.com
||fbcdn.net/*$domain=~facebook.com
||facebook.com/*$domain=~facebook.com
||facebook.net/*$domain=~facebook.com
I never see Facebook content on any site other than Facebook, and their social plugin can't track me.
Can we establish one thing (Score:2)
Slip (Score:2)
Roosendaal says that Facebook's tentacles
Anyone else read that as Facebooks testicles.
hmmm (Score:2, Funny)
I can 100% guarantee... (Score:2)
Seriously, I couldn't be safer from Facebook's privacy issues...don't even have an account.
Definition of irony: (Score:3, Insightful)
I never browse without these extensions (Score:2)
I call them my four horsemen of the adpocalypse:
Adblock Plus [mozilla.org]
NoScript [mozilla.org]
RequestPolicy [mozilla.org]
RefControl [mozilla.org]
Other than my Facebook-specific Firefox profile, it's as if Facebook doesn't exist.
Nothing new (Score:2)
Blocking third party cookies solves this, no? (Score:2)
Since TFA was rather short on details, I get the impression that blocking/disabling third party cookies solves this, since the cookie is from facebook and I'm looking at $SITEXYZ.
Facebook knows me... (Score:4, Funny)
Re: (Score:2)
Re:Perspective, kthxbai (Score:5, Informative)
Re: (Score:2)
Unless you're running noscript, and have set your browser to ask you before you set cookies. At which point, Facebook can go pound sand.
Seriously, "ask before setting cookies" is one of the best features ever added to Mozilla (after tabbed browsing). However, this doesn't help Joe Sixpack, which is unfortunate.
Re: (Score:3)
Noscript and "no cookies" are a start, but there's been plenty of evidence that the marketers are starting to dig even deeper than that. For example, linking all of the pages you visit (on their ad network) via IP address and Flash cookies.
And so many sites are using Javascript for the simplest things (like displaying images) and benefit from logons (Slashdot included) that it's really hard to just surf anonymously like we did 15 years ago.
I can only imagine that this is going to get much, much worse before
Speak for yourself (Score:5, Insightful)
You have a website that has pictures of you, your current whereabouts, mood, who you like, where you live, work, sleep, and every interaction with anyone else has just as much information pulled out and sorted. And you're bothered by the Like this button?!
You seem to be a Facebook user; I am not. If Facebook is tracking me anyway, then yes, I am bothered.
Re: (Score:2)
If you are in the habit of accepting and keeping every cookie ever offered to you, you were being "tracked" before Facebook got involved.
Re:Speak for yourself (Score:5, Insightful)
If you are in the habit of accepting and keeping every cookie ever offered to you, you were being "tracked" before Facebook got involved.
For my part I *really* don't care if the website I'm visiting is tracking my movements on its own site.
I -only- get irate when that tracking starts to follow me around after I leave.
I don't use facebook, and that near ubiquitous facbook icon on pages used to merely annoy me for being a waste of space and an eyesore. But I wasn't specifcially aware that it was actively tracking me if I ignored it. Perhaps if I had thought about it, I'd have realized that it was likely wired back to facebook and tracking me, but until now I hadn't.
So I do find this interesting. Not that I needed another reason to despise facebook.
And yes, other widespread tracking systems also do bother me; I've regularly criticized google's reach between its advertising and analytics numerous times here on slashdot.
Re:Speak for yourself (Score:5, Informative)
I only recently discovered facebook's instant personalization "feature". I went to rottentomatoes and it showed movies that my facebook friends liked. This seems very inappropriate to me because how did rottentomatoes know who I am in facebook, without logging in or doing any kind of verification. Apparently rottentomatoes uses thirdparty cookies to fetch your facebook info and display it. This seems to mean that potentially any website can check who you are in facebook (if you are currently logged in). I was able to turn off this feature by disabling thirdparty cookies [mozilla.com] in Firefox.
More than anything this seems like a big privacy leak and is the fault of the browsers. This should be off by default [mozilla.org] in firefox and other browsers. If I go to rottentomatoes.com, I would expect that by Firefox would only send cookies back to rottentomatoes and should not even allow read access to other cookies while I'm on that page. The same goes for flash plugins and other scripts, etc. that read cookies, they should only have read access to the cookies for the current page.
Re: (Score:2)
Correct. There is no good solution. Privacy regulation may help somewhat to curb abuse by large corporations, but that's about the best we can realistically hope for.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
oh chrome: wrench->options->under the hood->privacy->content settings->cookies->exceptions->add([*.]facebook.com,block). thumb defeated
Alternatively, block all facebook domains in your hosts file.
Re: (Score:2)
There is also Facebook Disconnect [google.com] plugin for chrome.
Re: (Score:2)
You seem to be a Facebook user; I am not. If Facebook is tracking me anyway, then yes, I am bothered.
Every advertisement you see is tracking you. Every HTTP request tells people things about you by default. Facebook "like" buttons are just more advertisements. If you don't want to be tracked by facebook, install some sort of ad blocker and block facebook and their CDN. It's unfortunate that we have to do this sort of thing, but it's the nature of the internet and always has been. At least it's not a secret tracking pixel, which is way more worth getting annoyed about than any like button.
Re: (Score:2)
Exactly -- I've never visited Facebook (on my computer -- I've seen it on others'), but this article made me curious so I checked out my cookies. Surprise surprise, I have cookies from Facebook, a website I've never directed my browser to.
I accept all cookies b/c browsing the internet without doing so is just a hassle. But it should be reasonable to expect a company to keep their data off my computer when I've never visited their site. Fuck Facebook. And Fuck CNN for putting a Facebook cookie on my computer
Re: (Score:3, Interesting)
The problem is that it is tracking ME. Someone who has NEVER had and NEVER WILL HAVE a facebook account, because I visit some random companies website and they have that retarded Like It button.
This has nothing to do with tracking facebook users, it has to do with tracking EVERYONE regardless of their facebook account, or lack of one.
In reality though, its no different than any other web tracker, except now instead of using 1 pixel sized transparent GIFs, they put a visible button on the page.
Re: (Score:2)
The problem is that it is tracking ME. Someone who has NEVER had and NEVER WILL HAVE a facebook account, because I visit some random companies website and they have that retarded Like It button.
How exactly are they tracking you? They don't know anything about you, since you don't have a facebook account.
Re: (Score:2)
They're tracking him because his user-agent downloads stuff from facebook every time it sees an iframe or script or img tag that points to flickr. Thus, it can do anything a doubleclick "tracking pixel" or "web bug" can do. And while that may be limited, it certainly isn't particularly limited by the fact that he doesn't have a facebook account.
People didn't (as far as they knew ;-) have doubleclick "accounts" either, but there was still widespread loathing, until eventually everyone (and by "everyone" I
Re: (Score:2)
Yes. Perspective. What you choose to share with Facebook may be very different than what Facebook gets to know about you due to the proliferation of their "Like this" widget. And as others point out, not everyone chooses to share anything with Facebook.
Re: (Score:2)
Re: (Score:2)
While it isn't surprising, it is important to keep noting the ongoing invasion of privacy that occurs online. Analytics is pretty upfront about the fact that it is going to be collecting data while Facebook Connect is not and adding it to a site is likely to be a choice made by less savvy marketing types rather than the technically inclined who would automatically assume anything that can track will be tracking.
It is also worthwhile from the fact that it covers how it tracks non-facebook users and how if t