Facebook Sued For Violating Wiretap Laws

An anonymous reader writes "Facebook is being sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws. The most recent lawsuit, filed by a Mississippi woman, says: 'Leading up to September 23, 2011, Facebook tracked, collected, and stored its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook. Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook.'"

Re:Dumb Question

[icebraining]

See those Facebook "Like" buttons everywhere? They have Javascript loaded from Facebook's website. Even if you're not logged in, it creates a cookie with a random ID, which is then read when you access other sites with the button.

It's easy to reproduce, if they haven't changed it from a month ago: log off from FB, delete all cookies from their domains (fbcdn*, facebook*) and then load some pages with their button.
It worked for me even though I didn't even have an account.

Re:Dumb Question

[tomhudson]

"when the button gets downloaded"

Which you *do not have to do*.

It happens automatically. See the "Like" button? It's because it's already been downloaded - even if you NEVER dealt with facebook. Facebook even tracks users vi IP+browser fingerprinting who they can't tie to an existing account so that if/when you DO sign up, they can match that history with you. Totally illegal.

Re:Cookies cannot "unlawfully intercept" anything

[hedwards]

That's not true. Unless you avoid websites that have those obnoxious like buttons on them there's no way of avoiding them without blocking those domains and the related cookies. Which most people wouldn't do as they have no idea that they're being tracked by them.

Worse is that historically they track people who are logged out of FB or don't have an account to begin with.

Re:Dumb Question

[Jane Q. Public]

Probably the most popular one for Firefox is NoScript. I don't know about Chrome.

Re:sorry no

[MacGyver2210]

With one free plugin it becomes worthless information with no advertising.

Or if you're in the entertainment or media business, it can become useful information with no advertising.

http://www.adblockplus.com/ [adblockplus.com]

Re:Cookies cannot "unlawfully intercept" anything

[Jane Q. Public]

"The user is intentionally using software that sends tracking information (cookies) to Facebook"

No, that is not the case at all. If it were, this would be a different story.

We're talking here about third-party cookies. These are images that come from servers OTHER THAN the one you are visiting. But when that image is downloaded from that foreign server, it gets a record of your ip and what the referring domain is.

The issue here is that while you can control what websites you visit, you have no control over what image bugs or javascript they install on their site, nor is there any way to tell in advance what they are. So you aren't voluntarily doing anything at all; in fact most of the time you probably don't even know it is happening. That does not fit the definition of "intentional". On the contrary; it is downright sneaky.

Tracking bugs like that are completely unethical, and if they are not in fact illegal they should be.

Re:Misuse of wiretapping law.

[Jane Q. Public]

"Facebook is not intercepting and recording any communications."

Yes, it is, at least in a sense.

Facebook is recording your IP, What sites you visit, and when. While it isn't recording any other communications, it doesn't need to in order to violate privacy.

What Facebook is doing is equivalent to a Pen Register used on telephones. The Pen Registers record what calls are being made, when, and to what number. But they don't record any actual conversations.

But even Pen Registers are illegal, and can only be used by Law Enforcement under strict conditions. The standard of evidence for allowing use of a Pen Register is lower than for actually tapping a phone line and listening to the conversations, but it is still legal only for law enforcement and it still requires due process, meaning they have to petition a judge for permission, and explain their evidence.

Re:Dumb Question

[houghi]

In your hosts file:
# Block Facebook
127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 www.static.ak.fbcdn.net
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 www.static.ak.connect.facebook.com

This is an opt-out and should never be happening.