Logged In or Out, Facebook Is Watching You

kaos07 links to this ZDNet story, according to which "Researchers at software vendor CA have discovered that social networking site Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial 'Beacon' tracking service. Responding to privacy concerns, Facebook has since moved to reassure users that it only tracks and publishes data about their purchases if they are both logged in to Facebook and have opted-in to having this information listed on their profile. But in 'extremely disconcerting' findings that directly contradict these assurances, researchers at CA's Security Advisory service have found that data about these transactions are sent to Facebook regardless of a user's actions."

Re:Well

[SMacD]

facebook does use your email address as the login

Here's the list:

[GameboyRMH]

Facebook is currently affiliated with the following sites:

        * Art.com
        * Blockbuster
        * Bluefly
        * CBS Interactive
        * eBay
        * ExpoTV
        * Fandango
        * Gamefly.com
        * Kiva, Kongregate
        * LiveNation
        * Mercantila
        * NY Times
        * Overstock.com
        * Redlight Mgmt
        * Seamless Web
        * Six Apart
        * STA Travel
        * TheKnot
        * Travelocity
        * Viagogo

http://www.facebook.com/help.php?page=57 [facebook.com]

The first bloody Google result |: |

http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=facebook-affiliated+sites&spell=1 [google.com]

Unsubscribe

[kellyb9]

I just wish I could delete my facebook account. It's actually close to impossible, first you have to delete all your information (wall posts, friends, etc.), and then they'll delete your account. Very, very time consuming. But I doubt any of that info is REALLY gone.

Eratum

[wattrlz]

TFA's source [ca.com] [corrected] indicates FB gives their affiliates javascript to include in the page that connects to a FB server for cookie exchange. Pretty sneaky. I wonder if google does something like that with google analytics.

Corrected Link! [ca.com] This is why one should not slashdot before one's midday coffee. Please mod parent down, or something. That's a very small server and it will die.

Dupe!

[Thelasko]

The CA article [ca.com] is the same one from 2007. Read the date at the bottom.

Published Nov 29 2007, 11:39 PM by Stefan Berteau

It was already posted on Slashdot. http://yro.slashdot.org/article.pl?sid=07/12/03/0656205 [slashdot.org] That's two dupes in a row guys! Care to go for three?

What shall we call this

[sjames]

Let's see, what do we call it when someone follows someone around to see where they go, their tastes, who they know, etc, etc.

Yeah, that's right, it's STALKING!

When you restrict those activities to the internet, it's cyber-stalking.

Why is stalking suddenly OK if you're trying to sell stuff? It certainly doesn't feel any less creepy to the person being stalked.

The fact that these things are done in secret and too often in spite of public denials tells me that they know at some level what they're doing is unwelcome and wrong.

If they want to cyber-stalk in exchange for a free service, then it's not REALLY free, it just happens to have a non-monetary price. Let them be honest about the price and then the users can decide for themselves how acceptable the deal is.

Re:What if it's an un-used email?

[wattrlz]

They actually use your facebook cookie, which would contain your school email, to track you. So just delete your cookies and you should be OK.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Dupe!

[Thelasko]

correction: The Mac story [slashdot.org] isn't a dupe. The one before it is. [slashdot.org] Regardless, that's two dupes today. Start paying attention.

In Soviet Russia...

[GameboyRMH]

You track information on Facebook!

Hehehe I love the ones that make more sense in Soviet Russia mode :)

Re:Unsubscribe

[Anonymous Coward]

How to permanently delete your facebook account.
http://www.facebook.com/group.php?gid=16929680703

Go to this page:
http://www.facebook.com/help/contact.php?show_form=delete_account

Select the checkbox and click "Submit".

Re:Well

[Vectronic]

Facebook uses a e-mail address as the login.

Slight difference, and Facebook doesn't do any extensive verification either, so any e-mail address will do. Still amazes me that people don't have a dedicated "trash" e-mail for stuff like this.

That said, one of the most disconcerting things is when you first sign up, is that to a novice/n00b/idiot a lot of people would assume:

Email: _____
Password: _____
[+] Remember Me

"oh, it wants my e-mail address, oh and now it wants my password" as if they had to use their e-mail password as the login, like MS Passport, or Yahoo, or GMail, or even a legitimate one.

They have since (I signed up about a year ago) changed the sign-up though and added Create Password, as well as a "password strength" (Weak/Med/Strong) thing.

But yes, even when you are not signed in, I imagine they track the cookie (or possibly any number of Java "you need this to do this" crap on the site). PLUS, if you sign in without checking the [+] Remember Me, close the site, and go back to it, it signs you in automatically, and I'm not sure how long that takes to 'expire' if ever, it only removes it if you sign-out before leaving, otherwise you sign in automatically.

Re:Well

[bartok]

If you use Firefox you can also block it:
http://www.ideashower.com/blog/block-facebook-beacon/ [ideashower.com]

Re:What if it's an un-used email?

[Anonymous Coward]

They don't store the data in the cookie. The next time you log in, you may get a new cookie, but it'll start adding to the existing data. You'd have to delete FB cookies constantly for this approach to work right.

Re:Shocked

[Abcd1234]

No, they're not. I'm not sure what your definition is, but occasionally drinking too much on a weekend is not the definition of alcoholic. This is [step12.com].

Now, assuming you have, say, the reading comprehension of a high-school student (doubtful given the military service, but...), you might note that one who occasionally has a few too many drinks on the weekend does not, in fact, fit the definition. Perhaps in your own, distorted, prudish mind it does. But to the world of clinical psychology, it doesn't.

Re:Shocked

[Abcd1234]

No, I'm referring to people who intentionally drink to excess.

That's still not sufficient to fit the AMA definition. Did you even read the excerpts I provided??

Assuming you did, I guess you're saying you're just smarter than the AMA, now? Alright, if that's what you think... but I think I've made my point. Your definition of "alcoholic" is clearly completely ridiculous, and at odds with the rest of the educated world.

And no, I don't care if you disagree with me.

Umm... the American Medical Associate does, too. But I'm betting you don't care about that, either.

I already know I have more experience than you in this matter

And the rest of the medical establishment? Wow, arrogant *and* ignorant!

The fact that you keep replying to me is more evidence of you denial than anything.

Actually, that's just evidence that I like arguing...

Re:Shocked

[zuperduperman]

Unless you've specifically configured it only to be visible to direct friends you may be surprised at who can see it. By default anybody in any networks you are in will be able to see it.

That means if you were foolish to say "Why yes, I do live in the state of New York!" (or where ever) at signup or any later time you may well have exposed your number to anybody in that state. Similar traps exist throughout Facebook - it's basically a minefield of privacy violation traps.

Re:Well

[CodeBuster]

they need a real address, creditcard, etc in which to bill you and send you your goods. So you can't really lie there, even if you wanted to.

The real address can be either a mail drop or an address controlled by a private trust [wikipedia.org]. It is the same thing with the credit card, it is in the name of the trust which is managed by the private trustee who remains legally anonymous behind the trust. IANAL, but it is common knowledge that trusts are used by politically well connected and other high profile people so that they may conduct business publicly without revealing their true interests or identities (or at least without making them blatantly obvious to any casual observers, advertisers, or information brokers). It all depends upon how much you value your privacy and how much you are able and willing to spend to protect it, but there are ways.

Lieing to facebook about your idenity is against the facebook eula and terms of service

Well cry me a river, why should people give a crap about their terms of service? The worst they can do is ban your throwaway account. People care about terms of service when and if someone finally serves them with a lawsuit or they care about losing work that they have put into something.

In my opinion if you do not wish to agree to and submit to facebooks terms of service, you should not use facebooks services. It really is that simple.

In general, I do what I please until somebody pushes back because that is how the real world works. Some people and certain relationships are important to and others are not and I treat them accordingly.