Logged In or Out, Facebook Is Watching You

kaos07 links to this ZDNet story, according to which "Researchers at software vendor CA have discovered that social networking site Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial 'Beacon' tracking service. Responding to privacy concerns, Facebook has since moved to reassure users that it only tracks and publishes data about their purchases if they are both logged in to Facebook and have opted-in to having this information listed on their profile. But in 'extremely disconcerting' findings that directly contradict these assurances, researchers at CA's Security Advisory service have found that data about these transactions are sent to Facebook regardless of a user's actions."

Well

[by Anonymous Coward]

Only if you have a Facebook account.

This is insightful too

[philspear (1142299)]

They also can only track you if you use a computer!

Re:Well

[bartok (111886)]

If you use Firefox you can also block it:
http://www.ideashower.com/blog/block-facebook-beacon/ [ideashower.com]

Re:Well

[SMacD (1140995)]

facebook does use your email address as the login

Re:Well

[Vectronic (1221470)]

Facebook uses a e-mail address as the login.

Slight difference, and Facebook doesn't do any extensive verification either, so any e-mail address will do. Still amazes me that people don't have a dedicated "trash" e-mail for stuff like this.

That said, one of the most disconcerting things is when you first sign up, is that to a novice/n00b/idiot a lot of people would assume:

Email: _____
Password: _____
[+] Remember Me

"oh, it wants my e-mail address, oh and now it wants my password" as if they had to use their e-mail password as the login, like MS Passport, or Yahoo, or GMail, or even a legitimate one.

They have since (I signed up about a year ago) changed the sign-up though and added Create Password, as well as a "password strength" (Weak/Med/Strong) thing.

But yes, even when you are not signed in, I imagine they track the cookie (or possibly any number of Java "you need this to do this" crap on the site). PLUS, if you sign in without checking the [+] Remember Me, close the site, and go back to it, it signs you in automatically, and I'm not sure how long that takes to 'expire' if ever, it only removes it if you sign-out before leaving, otherwise you sign in automatically.

Re:Well What ROYALLY pissed me off earlier

[davidsyes (765062)]

What might have royally pissed off others was that when facebook asked for the new member's valid email address, it implied or outright expected them to provide to the f/b interface the VALID PASSWORD OF THE VALID EMAIL ACCOUNT.

This royally inFURIATED me. All they needed to say was Give us your valid email of choice, and reply within 5 minutes of receiving it and supply the code we give you, or you'll have to redo this and still try within 5 minutes to validate yourself.

They had NO f*cking business structuring it in such a way that MILLIONS of users would blindly or hopelessly supply their gmail, yahoo, msn, and/or other passwords through a facebook conduit.

Can you IMAGINE how much snooping could be done if facebook were compelled by law or court order to submit subscribtion/memberhship application logs to various agencies that don't want to actually leave traces of intel-snooping? All they have to do is notice whether or not the user is online or not, then log in as them, quickly look at non-viewable things, then log out. Only if friends and bots are somehow tracking friends login/logout activity can anyone be tipped off that something might be amiss.

Even without the conspiracy theory stuff, facebook should NEVER have culled or duped people into giving facebook their other account's passwords, nevermind the fact that there are other means by which other parties could steal or surreptitiously obtain a targeted user's password.

I cannot remember what I did to foil that frackin' attempt, but I think I did foil it.

Re:Well

[wattrlz (1162603)]

Facebook uses an email address as your login, but I'm guessing they probably have some sort of cookie thing set up as well.

Eratum

[wattrlz (1162603)]

TFA's source [ca.com] [corrected] indicates FB gives their affiliates javascript to include in the page that connects to a FB server for cookie exchange. Pretty sneaky. I wonder if google does something like that with google analytics.

Corrected Link! [ca.com] This is why one should not slashdot before one's midday coffee. Please mod parent down, or something. That's a very small server and it will die.

Re:What if it's an un-used email?

[wattrlz (1162603)]

They actually use your facebook cookie, which would contain your school email, to track you. So just delete your cookies and you should be OK.

Re:What if it's an un-used email?

[AndGodSed (968378)]

With Facebook's protection of minors... I wonder if them tracking the habits of minors could get them in trouble...

Shocked

[Romancer (19668)]

I'm shocked that you're shocked. Or even expect me to be mildly surprised that this is happening.

The only difference is that this is supposed to be a larger company and therefore better than the millions of smaller opt out pipe dreams out there?

Re:Shocked

[Yold (473518)]

I disabled my facebook account a few months ago because it occurred to me that someone is probably harvesting all the data that they can find off that site. Being someone who parties (too much ;-) ), I was constantly deleting tagged pictures of myself drinking off that website. I was damn glad that I did, because my BOSS at my uni went on looked at my facebook account before he hired me.

It would not suprise me if someone started offering money to purchase facebook accounts, just to harvest information, for say the price of $0.10 a friend w/ an account. I have a wild imagination, but with data mining being a really hot field, who knows what could be done with this information, it might even cost me a job in the future.

The future of privacy (or lack thereof), has me vigilant, even paranoid.

Re:Shocked

[ivan256 (17499)]

I'm constantly amazed about how people will post private information in a public place (thus making it public information), and then complain about how they are being robbed of their privacy.

Of course it also amazes me how popular these social networking sites are with adults. It's understandable that kids and teenagers want to climb a social ladder of sorts, since it is human nature to attempt to achieve more than your peers, and there is little available in the environments we provide to kids other than social hierarchy to climb... But when you grow up, generally people move on to trying to get ahead in other types of accomplishments. It seems things like MySpace and Facebook have extended High School into adulthood. When you place that much value on your social network, perhaps it shouldn't be too surprising that people are willing to give up their privacy to maintain it.

Re:

[D Ninja (825055)]

Ahhh...but, don't you know? High School Never Ends [sing365.com].

Re:Shocked

[brunes69 (86786)]

What amazes me is that peple think that your prospective employer actually gives a crap if you party on the weekends.

Has it ever occurred to you that maybe you don't want to work somewhere who cares about that anyway? If an employer cares what an employee is doing in their off time then they have already crossed the line IMO.

Re:Shocked

[Yold (473518)]

In a perfect world, yes. But the ideal picture of a programmer/math-dude isn't being at the end of a beer bong.

I think that once you are employed, it doesn't matter what you do on the weekends. But at a job interview, I'd rather not have someone know how I spend my Friday nights.

Re:Shocked

[deraj123 (1225722)]

There's a difference between "party on the weekends" and a photo history of you making a lot of poor decisions. Think, pictures of inappropriate jokes, pictures of you not just drunk, but completely obliterated, pictures of you breaking the law, etc.

If I'm hiring somebody, I don't care if they go out drinking on the weekends (in fact, I might be concerned if they didn't occasionally), but I would probably think twice if presented with evidence of them making repeated, poor, destructive decisions.

Decision making is a trait that translates over to work.

Re:Shocked

[by Anonymous Coward]

I once had an applicate who said "My life's goal is to be the laziest person on earth" in her myspace profile. We didn't hire her, things like that matter.

Re:Shocked

[philspear (1142299)]

Right, because that couldn't have possibly been humor.

Hell, the fact that she was applying for a job should have clued you off that it was a lie.

Not for nothing, but applying to jobs is annoying, and while we all must do it, that doesn't make it any easier. It's tedious paperwork, waiting, not getting paid, and half the time those of you who are hiring don't have the courtesy to let us know we're not getting the job. If you decided not to hire her based on something as trivial as that and that alone, you're an asshole.

Re:Shocked

[unformed (225214)]

A number of reasons:

1) I don't get spammed by email. I don't have to send everybody my new email when it gets changed.
2) It's far, far, far easier to get in touch with people you've long fallen out of touch with.
3) Adults are just as much social whores as kids are. We (as a race, excepting geeks) ARE a social creature, and we like talking and socializing with others, in whatever way possible.

Re:Shocked

[syousef (465911)]

Of course it also amazes me how popular these social networking sites are with adults.

It doesn't amaze me at all. When your work means you're out of the house 9-12 hrs/day 5-6 days a week (and that's considered good hours in IT), then you come home to chores etc. when do you find the time to catch up with old high school friends? My experience has been that I've become more and more isolated as I've gone from my mid teens to my mid 30s and my spare time has decreased. I have more acquaintances than close friends that i hang with. My social time's spent mostly with family. Still, if I do get spare time and it's not at the same time as my friends, I can write them an email. Sure I could keep track of everyone using simple email, but it's nice to see pictures of what people I haven't had time to catch up with in person for a long time are up to.

What I don't understand is all the crappy games on facebook. You've been bitten by a vampire? What swearword are you? Someone's given you a freaking virtual fish? Who cares? The novelty of that wore off in 5 minutes. THAT is the side I see as childish.

Re:Shocked

[Slashdot Suxxors (1207082)]

I have my cell phone on my Facebook. But it's not like anyone can pull up my profile and check. If they're not my "friend" then they can't see it. If I get random friend requests from people, they don't get accepted. It's simple.

Re:Shocked

[ivan256 (17499)]

I don't really agree that the video games extending into adulthood thing is part of the same trend. After all, adults have always had their games. The technology has simply advanced from dice and cards and balls and sticks to also include electronics. The existence of gaming as a source of entertainment throughout the duration of adult life, though, is nothing new.

It seems to me that video gaming is replacing pinochle and golf, more than it is turning adults into over-aged kids.

It is valuable throughout your life to learn how to relax and have a good time (as long as it's balanced with your responsibilities). That's completely different from basing your self worth on popularity instead of achievements.

Re:Shocked

[ivan256 (17499)]

Your first paragraph describes the dream, and the second describes the reality.

My comment simply offered a possible explanation as to why people see the dream instead of the reality.

What is so fulfilling to you about performing your correspondence out in public over one of the many, more private and less exploited methods? I have yet to hear anybody answer that question with something that doesn't boil down to "everybody else is doing it". Hence the high school comment.

Re:Shocked

[Firehed (942385)]

I was damn glad that I did, because my BOSS at my uni went on looked at my facebook account before he hired me

This, good sir, is why you set privacy controls.

You're right about their data-mining though; Facebook's ads are really starting to concern me. "Single geek age 20? Visit eHarmony today!" Obviously my relationship status and age are right there in my profile, but them dynamically generating personality keywords based off of my interests and then proving them to advertisers... yeah, I should probably leave Facebook too.

Re:Shocked

[SatanicPuppy (611928)]

All you whippersnappers, I swear...Look me up by my real name, and you get nothing, nada, nihil, zip, because I made a very conscious decision to separate my online identity from my regular identity. Keeps me from having to be too careful.

Make the decision, and separate yourself from your online identity. You can always claim it later if you want to, but you can disclaim it as well

Re:Shocked

[xaxa (988988)]

All you whippersnappers, I swear...Look me up by my real name, and you get nothing, nada, nihil, zip, because I made a very conscious decision to separate my online identity from my regular identity.

That won't help when someone else tags a photo (or whatever) with your real name.

Re:Shocked

[SleepyHappyDoc (813919)]

There's a way around that. Kill your entire family, move to a different country, and insist all your new friends call you by your internet name.

Re:Shocked

[Grimbleton (1034446)]

Better solution: Be boring as hell. Works for me!

Built-in

[von_rick (944421)]

The title has a built-in "In Soviet Russia joke.

Re:

[Ollabelle (980205)]

So in Soviet Russia, the government would simply contact Facebook to watch you for them, or they would contact the telephone company.... oh, wait....

Re:Built-in

[von_rick (944421)]

In_Soviet_Russia jokes are never so long.

In Soviet Russia...

[GameboyRMH (1153867)]

You track information on Facebook!

Hehehe I love the ones that make more sense in Soviet Russia mode :)

I should have guessed.

[Chris Burke (6130)]

"Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial 'Beacon' tracking service."

I should have known there was a problem when I was signing up and saw this:

[ ] Opt out of Beacon(tm) on-line tracking when logged into Facebook; opt in to Lighthouse(tm) on-line tracking when logged out of Facebook.

How Dare They

[jareth780 (176411)]

This is an outrage! How DARE they try and sell me things! This is almost as infuriating as Vons/Safeway and their "club card", tracking my purchases to try and "Better serve me". Horsefeathers! The fact that the products I want are in stock at any given point is PROOF that they've been using my spending habits to PREDICT MY NEEDS, which goes against everything I believe in.

When I say I want a free social networking site, it's not good enough that I not be billed directly for using it. The company hosting it must be desperately trying to sustain the bandwidth and CPU time for my constant page refreshes. At no point should they be even breaking even, let alone PROFITING from their service. Information wants to be free! Down with Big Brother! Doublethink! Free as in beer! ...What else... Oh! And my cell phone bill is too high!

Re:How Dare They

[plasmacutter (901737)]

Way to one-sidedly misrepresent wholesale privacy violation as innocent altruism.

Apparently the telecom domestic spying scandal has not reached your part of the world?

In these times, companies have as much or more assets and power available to them than many of the world's nations, and allowing the wholesale gathering of information on individuals by private firms under the red herring of "private property" will lead to the exact same kind of oppression as allowing the government to do it under the red herring of "national security".

There are other ways to better serve me without having to identify me personally. Inventory tracking has been done successfully at the branch level for a century in its current form, and if they don't carry something, speaking to a manager will often get results.

There is a difference between profiting from advertising, and profiteering from spying on me and selling that data to telemarketers, government agencies, and other shady organizations.

Re:How Dare They

[Chris Burke (6130)]

This is almost as infuriating as Vons/Safeway and their "club card", tracking my purchases to try and "Better serve me". Horsefeathers! The fact that the products I want are in stock at any given point is PROOF that they've been using my spending habits to PREDICT MY NEEDS, which goes against everything I believe in.

That's clearly not true, because I've been to Safeway plenty of times and not ONCE have they offered me a blowjob.

Re:How Dare They

[LandDolphin (1202876)]

Seems you've been shopping at the wrong Safeway

Re:How Dare They

[novakyu (636495)]

This is almost as infuriating as Vons/Safeway and their "club card", tracking my purchases to try and "Better serve me".

Well, turning the sarcasm detector off, change that to "Vons/Safeway and their 'club card' tracking my purchases and all other purchases with the credit card that has ever been used with the club card through special deals with the credit card company ...." and you will be closer.

Facebook is welcome to track you on their own website (practically every website owner does this with log analysis) and even track your outgoing clicks with redirects, hidden or bare (even Google does this, and they are really tricky about it too, if you've noticed it on their search results). What they are not welcome to do is track you when you are not on their website through "special deals" with other websites. Such aggregation of data on you is a disaster waiting to happen.

Unsubscribe

[kellyb9 (954229)]

I just wish I could delete my facebook account. It's actually close to impossible, first you have to delete all your information (wall posts, friends, etc.), and then they'll delete your account. Very, very time consuming. But I doubt any of that info is REALLY gone.

Re:Unsubscribe

[gclef (96311)]

Change your profile picture to goatse...they should take card of the rest.

Re:Unsubscribe

[by Anonymous Coward]

How to permanently delete your facebook account.
http://www.facebook.com/group.php?gid=16929680703

Go to this page:
http://www.facebook.com/help/contact.php?show_form=delete_account

Select the checkbox and click "Submit".

Dupe!

[Thelasko (1196535)]

The CA article [ca.com] is the same one from 2007. Read the date at the bottom.

Published Nov 29 2007, 11:39 PM by Stefan Berteau

It was already posted on Slashdot. http://yro.slashdot.org/article.pl?sid=07/12/03/0656205 [slashdot.org] That's two dupes in a row guys! Care to go for three?

Re:

[Thelasko (1196535)]

correction: The Mac story [slashdot.org] isn't a dupe. The one before it is. [slashdot.org] Regardless, that's two dupes today. Start paying attention.

What shall we call this

[sjames (1099)]

Let's see, what do we call it when someone follows someone around to see where they go, their tastes, who they know, etc, etc.

Yeah, that's right, it's STALKING!

When you restrict those activities to the internet, it's cyber-stalking.

Why is stalking suddenly OK if you're trying to sell stuff? It certainly doesn't feel any less creepy to the person being stalked.

The fact that these things are done in secret and too often in spite of public denials tells me that they know at some level what they're doing is unwelcome and wrong.

If they want to cyber-stalk in exchange for a free service, then it's not REALLY free, it just happens to have a non-monetary price. Let them be honest about the price and then the users can decide for themselves how acceptable the deal is.

Mark Zuckerberg

[NoPantsJim (1149003)]

I've often thought about the various people who have made a fortune or are about to make a fortune from online properties.

Jason Calacanis, Kevin Rose, the Flickr people, etc.

Usually I think to myself, that's awesome that these people were able to work hard and see their vision to the end and make a living from it.

When I think of Zuckerberg, I think the exact opposite. Fuck that guy. I've always felt like he sleezed his way to where he is, and stories like this only reinforce that opinion.

(prepared to be modded troll...)

Re:

[wattrlz (1162603)]

Hey, the moment /. starts getting flooded with eye-candy coeds ( and helping track down long-lost non-geeky friends, but it's 99% the coeds) I'm sure facebook will go out of business, but until then, they're pretty much the big dog of social networking.

Here's the list:

[GameboyRMH (1153867)]

Facebook is currently affiliated with the following sites:

        * Art.com
        * Blockbuster
        * Bluefly
        * CBS Interactive
        * eBay
        * ExpoTV
        * Fandango
        * Gamefly.com
        * Kiva, Kongregate
        * LiveNation
        * Mercantila
        * NY Times
        * Overstock.com
        * Redlight Mgmt
        * Seamless Web
        * Six Apart
        * STA Travel
        * TheKnot
        * Travelocity
        * Viagogo

http://www.facebook.com/help.php?page=57 [facebook.com]

The first bloody Google result |: |

http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=facebook-affiliated+sites&spell=1 [google.com]

Re:Clear your cookies

[Debased Manc (1313649)]

Not quite, your email address also gets used as a foreign key between Facebook and it's affiliates.

Fry all your cookies, but if you share an email address between your Facebook account and someone else, say Amazon, they can connect the dots that way.

Thankfully I didn't register my Facebook account with my Hotmail only-for-the-porn account. That could've made for some interesting advertising though...

Re:

[nimbius (983462)]

I've found its easier to reject all cookies and establish a list of trusted sites (banks, etc...) for whom you accept cookies. as an added level of protection in firefox, you can force these cookies to be "session only."