Facebook is scaring me

[Magda Hassan]

Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It

Over the weekend, Dave Winer wrote an article at Scripting.com explaining how Facebook keeps track of where you are on the web after logging in, without your consent. Nik Cubrilovic dug a little deeper, and discovered that Facebook can still track where you are, even if you log out. Facebook, for its part, has denied the claims. Regardless of who you believe, here's how to protect yourself, and keep your browsing habits to yourself.
The whole issue has stirred up a lot of debate in privacy circles over the past few days. Here's what the fuss is about, and what you can do to protect your privacy if you're worried.

The Issue: Facebook's Social Apps are Always Watching

For quite some time now, Facebook's user tracking hasn't been limited to your time on the site: any third-party web site or service that's connected to Facebook or that uses a Like button is sending over your information, without your explicit permission. However, Winer noticed something mostly overlooked in last week's Facebook changes: Facebook's new Open Graph-enabled social web apps all send information to Facebook and can post to your profile or share with your friends whether you want them to or not.
Essentially, by using these apps, just reading an article, listening to a song, or watching a video, you're sending information to Facebook which can then be automatically shared with your friends or added to your profile, and Facebook doesn't ask for your permission to do it. Winer's solution is to simply log out of Facebook when you're not using it, and avoid clicking Like buttons and tying other services on the web to your Facebook account if you can help it, and he urges Facebook to make its cookies expire, which they currently do not.

Digging Deeper: Logging Out Isn't Enough

Nik Cubrilovic looked over Winer's piece, and discovered that logging out of Facebook, as Winer suggests, may deauthorize your browser from Facebook and its web applications, but it doesn't stop Facebook's cookies from sending information to Facebook about where you are and what you're doing there.
Writing at AppSpot, he discovered that Facebook's tracking cookies-which never expire, are only altered instead of deleted when a user logs out. This means that the tracking cookies still have your account number embedded in them and still know which user you are after you've logged out.
That also means that when you visit another site with Facebook-enabled social applications, from Like buttons to Open Graph apps, even though you're a logged out user, Facebook still knows you're there, and by "you," we mean specifically your account, not an anonymous Facebook user. Cubrilovic notes that the only way to really stop Facebook from knowing every site you visit and social application you use is to log out and summarily delete all Facebook cookies from your system.

Why You Should Care

If you're the type of person who doesn't really use Facebook for anything you wouldn't normally consider public anyway, you should take note: everything you do on the web is fair game. If what Cubrilovic and Winer are saying is true, Facebook considers visiting a web site or service that's connected to Facebook the same thing as broadcasting it to your friends at worst, and permission for them to know you're there at best.
Facebook says that this has nothing to do with tracking movements, and that they have no desire to collect information about where you are on the web and what you're doing. They want to make sure that you can seamlessly log in at any time to Facebook and to sites and services that connect with it and share what you're doing.
In fact, a number of Facebook engineers have posted comments to Winer's original post and Cubrilovic's analysis pointing this out. There's also some excellent discussion in this comment thread at Hacker News about the issue as well. Essentially, they say this is a feature, not a problem, so if you have an issue with it, it's up to you to do something about it.

What Can I Do About It?

Whether or not Facebook is tracking your browsing even when you're logged out, if you don't want third-party sites to send data to Facebook, you have some options. You could scrub your system clean of all Facebook.com cookies every time you use Facebook, but a number of developers have already stepped up with browser extensions to block Facebook services on third-party sites. Here are a few:

• Facebook Privacy List for Adblock Plus is perfect for those of you who already have AdBlock Plus installed (get ABP for Chrome or Firefox). Just download the subscription and add it to AdBlock Plus to specifically block Facebook plugins and scripts all over the webincluding the Like button-whenever you're not visiting Facebook directly.
  
• Facebook Disconnect for Chrome keeps Facebook from dropping those tracking cookies on your system in the first place, and disables them when you're finished using Facebook-enabled services. It's essentially an on/off switch for third-party access to Facebook servers, meaning you'll still be able to log in to Facebook and use the site normally, but when you're visiting another site or using another application, that site or service won't be able to use your information to communicate with Facebook.
  
• Full size
  
  Disconnect for Chrome and Firefox is a new plugin from the developer behind Facebook Disconnect, but it doesn't stop with Facebook. Disconnect takes protection to a another level and blocks tracking cookies from Facebook, Google, Twitter, Digg, and Yahoo, and prevents all of those services from obtaining your browsing or search history from third party sites that you may visit. The app doesn't stop any of those services from working when you're visiting the specific sites, for you can still search at Google and use Google+, but Google's +1 button likely won't work on third party sites, for example. The extension also lets you see how many requests are blocked, in real time as they come in, and unblock select services if, for example, you really want to Like or +1 an article you read, or share it with friends.
  

Ultimately, the goal of all of these tools is to give you control over what you share with Facebook or any other social service, and what you post to your profile, as opposed to taking a backseat and allowing the service you're using to govern it for you. What's really at issue is exactly how deep Facebook has its fingers into your data, and how difficult they-and other social services-make it to opt out or control what's sent or transmitted. That's where extensions like these come in.
However you feel about it, Facebook likely won't change it in the near future. If you're concerned, you should to take steps to protect your privacy. As a number of commenters at Hacker News point out, it's not that there's anything inherently "good" or "evil" about what Facebook is doing-that would be oversimplifying an already complex topic. It's really an opt-in/opt-out issue.
What do you think of the assertions? Do you think Facebook has a vested interest in knowing as much about you and your browsing habits as possible, or is this much ado about nothing? Share your thoughts in the comments below.
Update: Nic Cubrilovic has posted an update to his story after discussing the matter with Facebook engineers. They have agreed to make changes to the way their cookies are stored and handled so your account information is not present when you log out of Facebook.
However, while Facebook has changed its cookie-handling process, the cookies are still retained and not deleted after logout, and do not expire. They remove your account information when you log out, but they still contain some non-personal data about your browser and the system you're using. Nic still recommends you clear your Facebook cookies after every session, and we still suggest that if you're concerned, that you do the same, and try one of the extensions above, or Priv3 or Firefox to protect yourself.

http://lifehacker.com/5843969/facebook-i...to-stop-it

[Magda Hassan]

http://news.ycombinator.com/item?id=3035153

[TABLE="width: 0"]
[TR]
[TD="bgcolor: #ff6600"][TABLE]
[TR]
[TD][/TD]
[TD]Hacker Newsnew | comments | ask | jobs | submit[/TD]
[TD]login[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD="class: title"]Facebook Disconnect (google.com)[/TD]
[/TR]
[TR]
[TD="colspan: 1"][/TD]
[TD="class: subtext"]301 points by jmonegro 139 days ago | comments[/TD]
[/TR]
[/TABLE]


[TABLE]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]mdasen 139 days ago | link

The author of Facebook Disconnect (Brian Kennish) has written another Chrome Extension called "Disconnect" (https://chrome.google.com/webstore/detail/jeoacafpbcihiomhla...). Disconnect not only deals with Facebook, but also Google, Yahoo, Twitter, and Digg tracking.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]conradev 139 days ago | link

Also, he gave a great talk at DEFCON about his current project, attempting to document what websites do with your browsing data.http://disconnect.me/db/
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]Havoc 139 days ago | link

Kinda weird that this extension requires more access to your data (e.g. history) than the previous one. Surely they do the same thing? Note that I'm not questioning the authors motives/integrity...it just strikes me as somewhat random & ironic.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]budwin 139 days ago | link

Just as an FYI, disconnect causes a number of login problems on a few of said sites rendering them unusable.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]drivebyacct2 139 days ago | link

What? I've been running Disconnect for probably over a year now and experienced zero side-effects and I use all of those services (minus Yahoo).-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]Urgo 139 days ago | link

Yeah I just installed the firefox version, saw it blocked even google charts, and uninstalled it. If it had adblock like control to whitelist domains it might be ok but as it is, cool idea, but no thanks.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]abraham 139 days ago | link

Have you reported the issues to the extension author?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]karlzt 136 days ago | link

https://blogs.windowsclient.net/wyvern/archive/2011/03/07/di...http://www.reddit.com/r/software/comments/epzhu/disconnect_o...
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]muyuu 138 days ago | link

Sweet.Another thing you can do is opening an incognito window for all your facebook/google sessions. Obviously, one must be sure to have deleted all cookies/etc after the last time one logged in to Google/facebook (that includes youtube).
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]orijing 139 days ago | link

"This extension can access: Your data on all websites"This part made me chuckle a bit. We are so afraid of Google and Facebook tracking our searches/web pages, yet we freely install plugins from 3rd party developers that can easily gather everything that Google and Facebook can get, and more. In theory, I could make a Facebook Disconnect 2, which secretly sends data back home about what pages have been visited, and nobody except the most vigilant (enough to read the source of the plugin) would know.
Why do we not trust large corporations who have billions of dollars at stake, but trust independent developers who have little skin in the game? Is it because we are those developers, so there's some form of camaraderie?
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]archgoon 139 days ago | link

My first thought when I saw this was: "I should check out the source first and see what it does". Here is the source:
const DOMAINS = ['facebook.com', 'facebook.net', 'fbcdn.net']; /* Determines whether any of a bucket of domains is part of a URL, regex free. */ function isMatching(url, domains) { const DOMAIN_COUNT = domains.length; for (var i = 0; i < DOMAIN_COUNT; i++) if (url.toLowerCase().indexOf(domains[i], 7) >= 7) return true; // A valid URL has seven-plus characters ("http://"), then the domain. } /* Traps and selectively cancels a request. */ if (!isMatching(location.href, DOMAINS)) { document.addEventListener("beforeload", function(event) { if (isMatching(event.url, DOMAINS)) event.preventDefault(); }, true); } I am not concerned with this plugin. It may break websites, but it does nothing malicious. It is no more dangerous than any other chrome plugin.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]Murkin 139 days ago | link

Yup, until the author uploads a new, more 'clever' version and chrome auto-updates your browser, without you knowing it (since permissions didn't change).-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]kiiski 139 days ago | link

You can copy the source code and make your own plugin from it -----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]ams6110 139 days ago | link

If you want to shut down facebook on your computer without a plugin just put those domains in your /etc/hosts:
127.0.0.1 facebook.com 127.0.0.1 facebook.net 127.0.0.1 fbcdn.net-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]orijing 139 days ago | link

I thought the goal of this plugin is to neutralize Facebook Connect (i.e. facebook on 3rd party websites), not to disable Facebook altogether?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]ams6110 139 days ago | link

Indeed, but my view is that if you don't trust Facebook, you don't trust Facebook.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]eli 139 days ago | link

Not quite. That won't block http://www.facebook.com or static.ak.fbcdn.com-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]ams6110 139 days ago | link

Yeah, [unfortunately?] wildcards don't work here, so you can't do something like *.facebook.com.You could either list out all the domains or use something like dnsmasq or another DNS proxy that lets you define more sophisticated rules.
Edit: the advantages of the /etc/hosts approach are it's simple, and it works without additional software.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]baddox 138 days ago | link

If you want to avoid facebook completely, why not just deactivate your account, or completely log out and clear all cookies, then never log back in on your machine? I thought that point of this plugin was to let you use facebook normally without worrying that another site would post on your wall.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]alexro 139 days ago | link

It looks like we need another plugin which will track the source changes of other plugings and report them.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]sjs 139 days ago | link

Who will watch the watchmen?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]MostAwesomeDude 139 days ago | link

You already trust Google to not do bad things inside Chrome; why not trust this guy, as well?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]e40 139 days ago | link

Because if google doesn't something that people find out about, there will be a firestorm. If this guy does... will it rise in the headlines anywhere? I doubt it.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]orijing 139 days ago | link

Thumbs up. That's exactly what I did. It seems innocuous enough, I thought, but it's still interesting that we trust fellow developers so much. I just wanted to point that out, in case people missed it.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]alexgartrell 139 days ago | link

People don't trust Facebook because they don't know what we (fellow Facebook Engineer[0]) know about what it's like on the inside. They don't believe that people are just legitimately interested in making stuff that people will like and use, that we obsess over the stats to make sure that we're making stuff that people and use (they think it's tracking them), and that ultimately, we just want to give people ads that they don't hate (for some reason this is called "selling data to advertisers").Ultimately though, the opinions of Hacker Newsers (a group with which I've proudly associated for ~3 years now) are only a hint at how much we're helping (or hurting) the world, and while we should always keep it in mind, we need to recognize that this is a group which is accustomed to the IRC style of social networking.
I don't blame anyone at Hacker News for thinking "we" are evil, because we do a shitty job at communicating what we're actually doing and why[1] (and we can't really communicate everything anyway). Instead, we've just gotta try to address the problems that are legitimate and be as transparent as possible.
Shortly, if you call tin foil hat theories tin foil hat theories (even with sound logic as to why they are tin foil hat theories), all you're going to do is convince the tin foil hat theorists that it's yet another elaborate step in manipulating them into believing The Corporate Directive.
And, everyone else, for what it's worth, I'd much prefer it if we could just go back to hacker news on here. I'm a C Hacker first (before being assimilated, I contributed to open source projects like Chromium and Mongrel2, because I loved the problems (coincidentally the same reason I allowed myself to become assimilated into facebook -- I work on code that's hit my millions of users billions of times a day[2])
[0] Cache Infra in 1050 B2
[1] We've enabled applications to write to our network as they wish without introducing much friction or overhead (a single approval), but we've managed to communicate that in such a way that instead of leading people to believe that we've put the onus on developers (and users, as they must ultimately know which apps to trust), we've instead "put our tentacles" into yet another area and are again sharing without reason.
[2] memcache protocol stack stuff, we issue lots (and lots and lots) of requests per page load
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]grovulent 139 days ago | link

And I believe that you believe that argument. I believe even that Zuckerberg believes it. Very rarely is there a Gargamoyle sitting in a tower plotting the downfall of the smurfs. Most times it's just someone with the best of intentions.In this case your argument is that you just want the information so as to provide people what they want.
Okay - fair enough. But there is a very obvious counter-argument - which has already been mentioned many times. It's that you don't make it easy for people to choose not to allow you to track this information if they don't want you to. And you KNOW that most people wouldn't opt-in to let you track them this way. So at best you make it opt-out - if you let people opt out at all. So - assuming that people know what they are doing and are making a rational decision about their choices, then you aren't ACTUALLY serving their desires at all.
And next comes the only real reply that's available to you. Either people are irrational for wanting to block information gathering that would help you satisfy their first order desires, or that facts like people keep using the service without trying to figure out how to opt-out, shows that they really don't have a problem with privacy issues - even if they state they do. And therein lies the paternalist rub of Facebook's decisions.
Now - you don't state anything directly paternalistic in your reply. To be honest - it's not that consistently thought through. But the germ of it is there when you state to the effect that - people can't understand what we do or why we do it. And thus you relegate them as other - as less informed, or less capable of choosing than the mighty facebook crew.
Sorry you need to try harder to see this from the other point of view. That's not going to be easy for you - because working at facebook must be an incredible experience. Who wouldn't want it to be a ethical easy zone. But you exhibit the clearest signs of someone who has too much of a vested interest to be able to critical engage with this ethical conundrum.
The first of these signs is the fact that you don't address the very obvious counter argument I just laid out. No one at Facebook ever seems to. It's such an obvious reply, and is mentioned so often - it appears disingenuous to continue to ignore it. I don't believe that Facebook consciously avoid replying to it. But the fact that they don't - while keeping the assumption that they mean well - suggests to me that their vested interest has clouded their judgement.
The second such sign of critical impairment is the fact that you are marginalising your opponents as "tin foil hat" people - or as ignorants who couldn't possibly understand. When you do this to a group of people who represent a particular point of view opposed to your own - you've ceased to engage with them - you've ceased to listen.
And that's exactly why people have their backs up. And if you can't see the intuitive force behind that - then people are going to start treating you in kind and start marginalising you in return. And of those who do subscribe to the tin foil hat view - that's exactly why they do.
It's a shame because Facebook probably has a lot to contribute. But if your PR folks (including yourself since you've just spoken for the company on HN) can't recognise the degree to which the discourse is becoming poisoned in this way - then things aren't going to go to well for you in the longer term.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]nknight 139 days ago | link

> People don't trust Facebook because they don't know what we (fellow Facebook Engineer[0]) know about what it's like on the inside.Bull. We don't trust Facebook because of its actions. Beacon, account deletion, random modification of privacy settings and policies. Facebook has done virtually nothing to earn trust, and taken several clear, conscious actions that violate trust.
Your perception of Facebook's intent does nothing to change what Facebook has actually done to its users.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]pclark 139 days ago | link

I bet - as someone that respects what Facebook has crafted but really has no vested interest in their long term success - that Facebook internally feels that it has done a ton at demonstrating it's awareness and empathy towards users and their privacy and has concluded that actually, users as a meaningful percentage, do not give a crap about what Facebook does or doesn't do wit their data.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]presty 139 days ago | link

Also, it's not just what Facebook is currently doing or has done, but also what it _can_ do with my data.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]hello_moto 139 days ago | link

Many of my friends trust Facebook.I'm starting to think that those smug bloggers are in it for the traffic.
It all depends on your perspective I suppose.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]curiouskat 139 days ago | link

A few weeks ago a close friend sent me a message on Facebook asking what I've been up to, and I told him about the startup I am working on.As soon as I hit send I was hit with the impulse that I shouldn't have sent those kind of details over FB messaging -- thinking back to warnings such as (http://www.youtube.com/watch?v=2cdrCYrZIvI).
And sure enough a day and half later I received an email from a Facebook recruiter wanting to talk to me about a job.
Normally that would be fine, but the timing is so suspect. I asked around if anyone had heard of FB mining/reading users messages, and no was certain but reminded me that the FB privacy policy states that they own your data and an ex-FB employee said that many engineers have access to the DB.
Does FB mine or read user messages, and why doesn't it do more to prevent so many engineers from having access to the DB?
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]nbm 139 days ago | link

There's no chance that the recruiter contacting you had anything to do with the message you sent.I have some insight into the safeguards in place to prevent any abuse of any access that an individual might have due to the nature of their work, and the character of the people who maintain them, and if I had any issues with either of them, I would not still be working at Facebook.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]curiouskat 139 days ago | link

What type of safeguards? And are you saying Facebook messages are off limits from data mining?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]nbm 139 days ago | link

Unfortunately, I don't feel I'm qualified to represent Facebook on this beyond what I've said (don't want a tech news article/blog post misconstruing something I said into something bad about the company).-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]comice 139 days ago | link

You simplify a complex situation into "good" and "evil" and characterise those suspicious of you as tin foil hat wearers.Way to win our trust.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]gurkendoktor 139 days ago | link

> people are just legitimately interested in making stuff that people will like and useEven the best intentions won't help when FB is hacked, sold out to idiots or forced to hand out data to your gov't.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]damoncali 139 days ago | link

People don't trust facebook because they (you) try to tell everyone what we are doing without our permission. It's really that simple. Stop it, please.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]DanBC 139 days ago | link

> and that ultimately, we just want to give people ads that they don't hate (for some reason this is called "selling data to advertisers").As an aside: I'm happy with ad supported stuff. I never run any ad-blocking extensions or hide my data. But still many ads are lousy.
Any chance of a HN karma style thing to vote up / down ads? ("I hate this ad, it makes me want to leave the page -1", vs "I don't hate this ad, whether I click it or not +/- 0" vs "I like this ad whether or not I click it +1")
And I always like websites that allow paying members to turn off ads.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]ArchD 138 days ago | link

I'm guessing a -1 button would be only as attractive to FB as a dislike button.With a -1 and dislike button comes a visible downside to being present on FB, especially for organizations, the potential to be unpopular in a tangible, measurable, way. Organizations would then think twice about being on FB when before it's might have been a no-brainer. Even if the number of dislikes is not publicly visible, it may be to the owner of whatever it is being unliked, or owners may request for it, and when an owner sees that number, may decide that it's bad to have a FB presence.
Considering the downsides of a -1/dislike button, why would FB want it from a revenue and growth point of view?
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]nextparadigms 139 days ago | link

Yeah, Google doesn't really get it how to set permissions properly. They do this on Android, too, and freak people out when they see permissions that at least seem so general - like giving a SMS app "full Internet access" or "full SD card access" and so on.The problem with naming them like that is that showing the permissions becomes pointless, because people will install them anyway seeing how 95% of the apps have that permission, so they might miss the malicious one that has that, too.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]eli 139 days ago | link

In order to block Facebook, this extension is injecting javascript into every page you load. It absolutely should come with a large warning.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]brown9-2 139 days ago | link

I believe this is a problem with the extension API, where the extension needs to request "your data on all websites" in order to be able to run JS code in the context of the page/tab.Technically if it's able to do this, then it is able to access the data on that page as well, whether or not the extension is doing so.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]goblin89 139 days ago | link

We freely install these plugins, yet we can't force ourselves to simply log out of Facebook[0], can we.How ambivalent is that.
[0] http://news.ycombinator.com/item?id=3033385
Upd: They say now logging out is not enough (http://news.ycombinator.com/item?id=3035418), which partly invalidates my point.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]power78 139 days ago | link

He actually is doing this. Take a look at the source code. He has tracking javascript right at the bottom. Its sort of ironic...-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]archgoon 139 days ago | link

I'm looking at the source code, and I'm not seeing what you're talking about. The code is only in content.js, and nothing is being talked to as far as I see. How is he sending out tracking data?-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]power78 138 days ago | link

Edit: I'm sorry guys, I guess the file that the install button links to is not the addon itself like the Firefox addon site does, so saving it does not give you the addon. I'm retarded. He does not have tracking cookies, I apologize.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]jonknee 139 days ago | link

Where? The source is exceedingly simple and there is no tracking JS:http://code.google.com/p/byoogle/source/browse/trunk/google/...
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]Luyt 139 days ago | link

Also see http://www.ghostery.com/ if you don't want to be tracked by web beacons in a more general way, i.e. not only by Facebook.-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD="class: default"]exit 139 days ago | link

when i want to log in to fb i open an incognito window. i haven't looked into this myself but the assumption is that cookies from incognito will not leak into my normal session.it would be great if chrome allowed users to create a separate "sandboxed" browser session in each window. i'd like to maintain just one session for each service i log into, including google/gmail.
hmm, maybe that's why they haven't implemented this.
-----
[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[TR]
[/TR]
[TR]
[TD="class: title"]More[/TD]
[/TR]
[/TABLE]
[/TD]
[/TR]
[/TABLE]

[Peter Lemkin]

Facebook Has 25 Employees to Handle Requests for User Information from Law Enforcement
February 25th, 2012


Via: Forbes:

If Facebook were a country, it would be the third largest in the world and Joe Sullivan would be head of Homeland Security.

…

The dirt Facebook holds on its users makes it as attractive to cops as to criminals. Among Sullivan's responsibilities are daily decisions about how much user information to give to law enforcement when it comes calling. And, as a digital nation's DHS, Sullivan and his team actively police the site for user data worth volunteering to the authorities. Still, he says, "we err on the side of not sharing and have picked quite a few fights over the years."

…

Most of his security team is based at headquarters in Menlo Park, Calif. and sits at clusters of desks close enough to take dead aim at one another with Nerf darts. Broken roughly into five parts, the team has 10 people review new features being launched, 8 monitor the site for bugs and privacy flaws, 25 handle requests for user information from law enforcement, and a few build criminal and civil cases against those who misbehave on the network; the rest are handling security situations as they arise and acting as digital bodyguards protecting Facebook staffers ("We have someone trying to hack an employee's account every day," says Sullivan). If you include the physical security guards who patrol Facebook headquarters, Sullivan's team numbers 70 people.

[Greg Burnham]

Because Facebook and other forms of social media are the rage of the next generation (and some of the current gen, too) refusing to participate can be devastating for a business.
My wife and I own a real estate firm. I am of the mind that the service and expertise we offer is absolutely independent of our participation or lack thereof in social media. I've had
my real estate license since 1982 and have demonstrated my abilities since long before there was even an internet! So, our suitability to represent clients in real estate transactions
is unaffected by our company's "social media" status.

Having said that, social media is now one of the most essential means of advertising one's business because, for one thing, without a "powerful social media presence" a business isn't
even ON THE MAP as far as "Generation Text" is concerned. It makes no difference to them that such a presence is irrelevant to their actual needs because their perception runs contrary
to that fact in any event.

It is also true that at least 90% of home buyers begin their search on the internet these days. Unless these potential clients already have an agent, they will gravitate to the company and/or
specific agent that has an easy to find "cyber-presence". Social media greatly drives search engine optimization whether we like it or not. And that equates to exposure.

Bottom line: Social media is here to stay. Get on board if you're in business or your business may very well languish. However, take as many precautionary measures as are available to
protect your privacy and other personal interests. Because business involves risk by definition, one needs to be wise enough to manage it vigilantly and with great vigor.

So, why did I start various business social media accounts? In a word: Survival.

Check us out: www.BurnhamResidential.com

[Dawn Meredith]

Greg I got a message that the page could not be opened. For your limk I mean.

Dawn

[Greg Burnham]

Greg I got a message that the page could not be opened. For your link I mean.

Dawn

Interesting. It works fine for me.

It will not open in internet explorer but then I clicked further and it opened fine. Nice site. I hear it's lovely there. But pricy.

How did Dawn edit my post?

I'm not really alarmed, just curious.

[Keith Millea]

It worked for me when first posted,but doesn't work now.

[Phil Dragoo]

http://burnham.harcourtsusa.com/

Sensational. A total upbeat vs. the standard (tired) sell.

An added plus. The tie & scarf is the tennis electricity, something tabloids fail at faking.

Facebook is the Ronco Salad Shooter of social media.

Privacy? Security? Start with sanity--oops! 404 Not Found @ Facebook

A simple redirect to your site, rather than deal with the buggy cumbersome cascade of Spambook.

GM would kill for your brand attraction.

[Keith Millea]

http://burnham.harcourtsusa.com/

That's It......

[Greg Burnham]

http://burnham.harcourtsusa.com/

Sensational. A total upbeat vs. the standard (tired) sell.

An added plus. The tie & scarf is the tennis electricity, something tabloids fail at faking.

Facebook is the Ronco Salad Shooter of social media.

Privacy? Security? Start with sanity--oops! 404 Not Found @ Facebook

A simple redirect to your site, rather than deal with the buggy cumbersome cascade of Spambook.

GM would kill for your brand attraction.

Many thanks, Phil.