Facebook Confirms New Cookie-Tracking Issue

An anonymous reader writes "Facebook is once again setting its datr cookie via the Like button and other social plugins on third-party websites. The datr cookie can be used for tracking users whether you are logged in or logged out of the service. Facebook has confirmed this is indeed a bug, but says that it is limited in scope and that it will be fixed today. Talk about damage control."

And of course "today"

[bwintx]

has already passed, since TFA (3rd link) was from yesterday.

Re:

[interval1066]

Blunt, yet apropos. I've fixed all Facebook bugs for ever in my case by simply not using the service.

Re:

[RocketRabbit]

They can still set cookies unless you have explicitly blocked them. Or sites you visit may affiliate with Facebook, so you could well be tracked by Facebook without ever actually using it.

Re:

[interval1066]

Well, I guess its Zuckerberg's world and we just surf in it.

Bullshit...

[Aeros]

This is a bug. Right!!

Re:Bullshit...

[Jeremiah Cornelius]

This IS a bug. As in "I think this phone is bugged".

Re:

[rvw]

This IS a bug. As in "I think this phone is bugged".

This is a bug as in "it's bugging us that we were caught".

Re:Bullshit...

[ArhcAngel]

It is a bug to Facebook as in oops they can still tell we are doing it.

good to disabled 3rd party cookies anyway

[Anonymous Coward]

The web generally works fine if you only accept 1st party cookies, not 3rd party cookies. There's pretty much zero reason to accept cookies from other than the main site you are visiting, and firefox has long had an easy preference setting to do just that. It's one of the basic "setting up a new machine" tasks that people should be used to doing by now. Don't run 3rd party javascript, don't allow 3rd party cookies - that alone increases your privacy and safety by a huge amount. I've almost never seen an

Re:

[anomaly256]

And I disabled it anyway because I didn't like how Disqus tries to post my comments directly to my facebook wall without asking me for confirmation first. Disqus is complicit with the facebook privacy problem, and may even facilitate it.

Re:

[RocketRabbit]

I blocked disqus in my hosts file because it is sometimes very slow and adds 5-10 seconds to the load time of a page.

Same with all the ad networks.

Re:

[Synerg1y]

Priceless advice I would mod +1 if you weren't an anonymous coward :)

Then again I've been doing that since about the time firefox came out, your right there is just no reason, I'm surprised it's still checked as on by default in new browser installs, it doesn't nearly break as much as IE8 being installed w/o compatibility view on by default.

Re:

[yahwotqa]

Mod +1 regardless. You're modding posts, not people.

Re:

[Runaway1956]

True. I avoid looking at names on posts when I mod. I read the post, and respond to the post. Afterwards, I sometimes realize I modded up someone with whom I almost always disagree. And, the opposite happens as well. Just don't look at names, and the moderation gets a lot more fair!

Re:

[yahwotqa]

Or allow all of facebook's cookies only for duration of current session. Combined with a browser restart every now and then (or mere switch to and back from privacy mode in FF), it just gives them new meaningless data to choke on every time.

Adblock

[Nursie]

Block facebook.com and fbcdn.com, then add exceptions for the two sites when visting facebook.com. Problem solved, no more fb tracking.

Re:Adblock

[_0xd0ad]

Here's my list.

||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net
||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net
||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net
||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com

A few more domain exceptions on my home FF installation to permit certain Facebook Apps to work correctly.

Re:

[Runaway1956]

You actually use the apps? I don't have a single one. All that I use Facebook for, is to look at "important" people's walls. I've friended the "most important", so most of the time, I don't even need to look at their walls. But, I sure as hell don't enable any apps, so that the "developer" can browse through my information!

Re:

[_0xd0ad]

You actually use the apps?

Not very many.

Re:

[rvw]

You actually use the apps?

Not very many.

One is enough for them!

Re:

[contrapunctus]

i though that if your friends enable apps, then your data is already accessible to the developers

Re:

[Runaway1956]

You thought, but I don't think so. There have been a number of articles detailing how to stop app developers from accessing your data. I read, visit Facebook, check the settings, then halfways forget what I read, LOL

You can google for articles, if you like, to compare your own settings. As far as I remember, I've disabled friend's ability to share my information.

Re:

[coolmadsi]

i though that if your friends enable apps, then your data is already accessible to the developers

I think, if you disable all apps (not just remove them all, but disable the platform alltogether), then your friends can't accidentally be leaking your information to other developers. This may or may not have been the case a year or so ago, so I don't know the situation now.

Re:

[StripedCow]

But apparently, this is still not possible in Chrome.

WHHHYYYY??!!!

Re:

[Anonymous Coward]

ghostery... google it.

Re:

[zugaldia]

I don't know if they want you to block Google Analytics, but they give you a browser add-on [google.com] to opt-out from it. It works in Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera.

Re:

[Runaway1956]

Hosts file . . . google that too. When you're finished, you might want to google for instructions on your router, to block unwanted sites. It's not that hard, it only takes a bit of reading in most cases. If you really want to fine tune your blocked sites list, install something like Tomato on your router - or buy a router on which you can install Tomato, or DD-WRT, or Open-WRT. Of course, if you're not a poor working chump, you could always opt for a commercial grade router, and save the bother of fl

Re:

[vinayg18]

Yes, it is. There are several extensions, one of which is Facebook Disconnect. [google.com]

So they requested a patent on a "bug"?

[Kenja]

Not sure I trust em [slashdot.org]. Not that I ever did. If a company has income, but does not charge their users anything. Then their users are their products, and are being sold to someone else.

Re:

[surmak]

Maybe, they requested the patent on the bug to insure that nobody else can invade users' privacy. (Yeah right, I don't believe that either.)

If only there were a competitor

[grasshoppa]

If only there were a competitor to facebook that addressed these issues. I'm sure they'd be able to take a large portion of facebook's sub base about as quickly as facebook did to myspace.

And if only said competitor could somehow make such a service work with it's other internal services that paying customers are currently locked out of.

Talk about a market ripe for take over, if only someone could get their act together.

Re:

[Lunix Nutcase]

Yeah cause google is all about not tracking you and your Web usage. I mean it's not like that is the basis of their revenue stream. Oh wait, it is.

Re:

[grasshoppa]

You'll note that's addressed in my post. Which I have a feeling you only read the words you wanted, and interpreted them however you wanted to arrive at the results you wanted.

Re:

[Lunix Nutcase]

Except you didn't. Google's entire revenue stream is based on tracking users and using that data to sell ads. To act like they won't use Google+ to further that is laughably naive. The only way Google could "address that" is to.kill off their own revenue stream.

Re:

[PopeRatzo]

There's an AdSense ad at the top of this page right now for PayPal (see the blue arrow in the corner that says AdChoices... that's Google)

Actually, I don't see it. That's how laughably easy it is to avoid being part of Google's "revenue stream".

Re:

[Runaway1956]

What the pope already said. I don't see any AdChoices - or any other adverts. And, I have never used the opt-out here at slashdot to hide advertisements. All blocking is done on my router, or my computer, or in my browser. I don't see ads, unless and until I do a search for a product. I don't see it on Gmail, G+, iGoogle, or anywhere else. You gotta get with the times - every tool that I use to block ads has been discussed many times right here on slashdot.

Re:

[mccrew]

Increased competition benefits the customers.

Remember that you are not Facebook's customer. You are the product. Therefore, you should not expect to see any benefit with increased competition.

Re:

[Oswald McWeany]

It is more complicated than that you are actually BOTH the customer and the product.

Think of it like a flower. Facebook is the flower- you (the bee) goes to the flower to consume their nectar. They don't get benefit from you eating their nectar (communicating mundane comments with your friends) - but their way of continuing on is that they attach a packet of pollen to you (sell your data) so that you can propagate the species (pay the employees and Suckerborg's wallet).

If another flower offers more and sw

Re:

[StripedCow]

Problem is, Facebook has got their users locked in, like nobody has been locked in ever before.

I would rephrase your question as: if only there were some regulations on social website lock-in, and data-harvesting.

(Somehow, these regulations exist for telcos but are not applicable to social websites; or are they?)

Re:

[Oswald McWeany]

You can leave Facebook any time you like. Nothing locks you in. Leave- go somewhere else and ask your friends to follow. Some will, some won't- even with half the amount of friends on a rival network such as Google+, you still will have the ability to waste more time than you should.

Re:

[Algae_94]

There's no lock in. Throwing your pictures and slips of paper you've written on down a well doesn't lock you into that well. You can go away anytime you like, but you're gonna have to expend some real effort to take all that crap you threw in that hole with you.

Those F-ing cookies show up no matter what!

[david.emery]

I run Facebook in a totally separate browser than I use for -everything else-. So why is it I still get Facebook cookies in a browser that has never logged onto Facebook? I remove those cookies about 2-3 times/week. I haven't figured out where they're coming from (i.e. what site puts them there) yet. This is not new behavior, I've seen this for months.

Re:

[ArhcAngel]

Do any of the other sites you visit have the Facebook "Like" button?

I bet they do neighbor.

Re:

[Pope]

Because of the Facebook Social Plug-in, which runs on third party sites that have comment boxes and/or like buttons. There'll still be FB cookies, they just won't have your FB-linked info.

possible solution

[Mister Fright]

Sharemenot [washington.edu]

Not having an account with them and blocking everything from their domains is what I chose to do.

Re:

[Oswald McWeany]

Actually, it is more like if you visited Walmart and they told Best Buy that you went into their store at 6:30pm last Saturday.

Best Buy is not actually following you around- and there is nothing illegal about two companies sharing data about you. I don't like it- you don't like it- but it is not actually illegal.

Third Party Cookies

[Tepar]

Isn't this defeated by simply disabling third party cookies in your browser?

Re:

[maxume]

No.

Visit facebook.com, Log out, Facebook sets cookie at log out. Visit other page, other page includes link to resource on facebook.com, browser sends that cookie with the request to facebook.com.

It isn't news that it is happening, but apparently there are a bunch of people that had no idea at all about how browsers function. I guess that is a little bit snide, but the tone of some of the articles about it has been pretty funny, like it was some sort of big bust to catch them doing it (the last time it was

Re:

[allo]

its only sent, if you do not disable thirdparty cookies.

Re:

[maxume]

I think you are mistaken.

I have Cookie Monster installed, so I would have to mess around to test the default configuration of Firefox, but if I use developer tools to inspect the requests such and such a page is making, I can see that some of the requests to other domains have cookies associated with them, cookies that are not from such and such a page's domain.

My understanding of the cookie features in Firefox are that the options only control what cookies can be set, they don't have any impact on what coo

disconnect...

[IANAAC]

The disconnect addon for Firefox seems to be working well for me.

Just download another browser.

[InterGuru]

Devote it exclusively to Facebook. I downloaded Opera.

Fake it out

[EkriirkE]

Write a greasemonkey script to write the cookie over with, say, Zuckerberg's profile ID? So everywhere you go tracks to his profile (but not tied to you)

It is beginning to look like...

[QuietLagoon]

... Facebook's development is out of control, that Facebook does not even know what its developers are doing. Or maybe the developers are doing exactly what Facebook wants, and Facebook thinks the public is too stupid to figure it out.

Re:

[game kid]

They could just be Schrödinger's corporation: simultaneously responsible, and not.

It will be fixed

[Yvan256]

Facebook has confirmed this is indeed a bug, but says that it is limited in scope and that it will be fixed today.

Once it's fixed, it won't be limited in scope anymore.

alternatives

[Onymous Coward]

What I'd like to see is a protocol for handling all the social interactions that Facebook provides. Then folks could write apps and servers to implement it. Technically-minded nerds could run their own servers. Other folks could just choose whichever provider they pleased, much like selecting mail or web hosting.

Decentralize.

Re:

[KernyKat]

http://diasporafoundation.org/ [diasporafoundation.org] and http://noserub.com/ [noserub.com] ...but don't kid yourself that these things will take ever over the mainstream without widescale support from a leading corporation.

Re:

[allo]

and you do not get, how a passport can identify you.

Said it before....

[Eric Freyhart]

Did I not in fact tell everyone this a few days ago? See! No one believes me! :) :) :)

Unity?

[Autie]

Does this mean both distros adobted Unity? I don't like that on my desktop computer. Only good idea for use with laptops or smaller.

Re:

[Autie]

Sorry, wrong threat :)

Facebook knows all

[marperl]

How about the latest Facebook tracking option. It's called ALLforALL: 10:50:09: Breathed in. 10:50:14: Breathed out. 10:50:24: Noticed cat sleeping on chair. 10:50:32: Wind stirring leaves outside house. Temp 71 degrees. 10:51:02: Sun came out from behind cloud. 10:51:12: Had dalliance with Greek heiress 10:51:34: Cleared throat. 10:51:49: Rear section of Upper Atmosphere Research Satellite (UARS) just crashed through house. 10:52:59: Cat now awake. 10:53:17: Thirsty. --from Thinking Out Loud, http://mar [blogspot.com]