Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Facebook EU Privacy Social Networks

European Internet Users Urged To Protect Themselves Against Facebook Tracking 147

An anonymous reader writes: Belgium's Privacy Protection Commission says that Facebook tramples on European privacy laws by tracking people online without their consent and dodges questions from national regulators. They have issued a set of recommendations for both Facebook, website owners and end users. Net-Security reports: "The recommendations are based on the results of an extensive analysis of Facebook's revised policies and terms (rolled out on January 30, 2015) conducted by the inter-university research center EMSOC/SPION, which concluded that the company is acting in violation of European law. According to them Facebook places too much burden on its users to protect their privacy, and then doesn't offer simple tools and settings to do so, and sets up some problematic default settings. They also don't provide adequate information for users to make informed choices."
This discussion has been archived. No new comments can be posted.

European Internet Users Urged To Protect Themselves Against Facebook Tracking

Comments Filter:
  • Your data is a form of payment and you submit to authorizing facebook to use it when you sign up. Why shouldn't Europeans abide by the contract they willfully sign? Facebook is not a public utility, you are not forced to consume it.
    • by AmiMoJo ( 196126 ) on Tuesday May 19, 2015 @04:44AM (#49724385) Homepage Journal

      Even if you don't sign up or consent they collect data on you. Those like "like" buttons on every page are spying on you, tracking you.

      Install uBlock and Privacy Badger to opt out.

      • Perhaps Privacy Badger is great but there are a few issues : knowing the extension du jour, possible browser slowdown (well, I think Mozilla Lightbeam did it), danger of launching an unprotected secondary browser or profile.

        You can do something like this at the hosts file : perhaps this one has unnecessary duplicate entries but it works (in particular "connect", "login" and cdn" are blocked out)

        127.0.0.1 www.facebook.com
        127.0.0.1 facebook.com
        127.0.0.1 static.ak.fbcdn.net
        127.0.0.1 www.static.ak.fbcdn.net
        127.

        • by fisted ( 2295862 )

          If you think you're even close to enumerating the facebook DNS zone(s) there...well nevermind. I'm selling bridges, interested?

          • I should have left facebook.[your country tld] and www.facebook.[your country tld] in there and sure, all the other ones are missing, then there's stuff I don't know about. It's not that easy to find a list.
            I would block the IP ranges as they're given in a post here, but investigating about how to do it on a linux desktop is boring.

        • Re: (Score:2, Offtopic)

          by Pentium100 ( 1240090 )

          A bit better:

          ssh your-router-ip

          iptables -F FB
          iptables -X FB
          iptables -N FB
          for ip in `whois -h whois.radb.net '!gAS32934' | grep /`
          do
          iptables -A FB -o eth0 -d $ip -j REJECT
          done
          iptables -I FORWARD -o eth0 -j FB

        • Unhelpful people will point out that such a list isn't and can't be perfectly complete. That's true, but so what, this list blocks a ton of tracking. If I'm missing important domains, please tell me which ones. I've merged in the domains from Blaskowicz's list which weren't already in mine. (I've also heard conflicting opinions on using 127.0.0.1 vs 0.0.0.0. I don't know which is better but I do know the difference is insignificant.)

          0.0.0.0 apps.facebook.com
          0.0.0.0 connect.facebook.net
          0.0.0.0 de-de.fac

          • by AmiMoJo ( 196126 )

            The advantage of using Privacy Badger is that it doesn't rely on a constantly maintained list. It looks at how domains are being used, if they are tracking you by pulling the same cookies on different sites, and if they offer anything useful. It then automatically blocks useless/invasive ones, all without any effort on your part.

            If you are too lazy to maintain a list or want your non technical friends and relatives to be safe, it's a good solution. Use both, they complement each other.

            • I use both, and AdblockPlus.

              What I like about Privacy Badger is that it comes from EFF and it's free software (gplv3).

              On the other hand, I don't know how good their algorithm is or how it distinguishes between good and bad content providers. For example, one massive privacy invasion is Google web services, but these are legitimately used by many websites, for images or javascript or fonts.

              I don't know how Privacy Badger views this type of service. They could have a hand-written rule for Google, but what a

      • by zmooc ( 33175 )

        Those like "like" buttons on every page are spying on you

        That's nonsense; they're not spying at all. In fact, they do nothing. It's you that explicitly requested that button from Facebook, which merely keeps track of what you (or your browser) explicitly sent them.

        It's a total miracle that we're all hating Facebook while we should be hating our browser manufacturers for failing to properly protect us from sending shit all over the place. Even MS Outlook does a better job when it asks me whether I really want to load images from some server. Browsers should do the

        • Those like "like" buttons on every page are spying on you

          That's nonsense; they're not spying at all. In fact, they do nothing.

          Amazing how people who are completely wrong can speak with such authority.

      • I use the "strangers on a train" plug in. It exchanges all your facebook cookies every 5 minutes with another random person. It doesn't hurt your facebook login itself since you still need your password for that. It just scrambles your identity when you press like. If everyone used this then the "likes" would still add up to being meaningful but the user profiles would be completely homogenized and have no tracking value.

    • by Anonymous Coward on Tuesday May 19, 2015 @04:45AM (#49724389)

      If you'd read TFA you'd notice that Facebook tracks the activity of non-users. Pages with Facebook widgets on them create a cookie with a UUID that allows them to follow your activity to all other pages that have those widges.

      • by Viol8 ( 599362 )

        Apparently you havent yet figured out how to delete cookies. Time to read your browsers help page perhaps.

        • by Sique ( 173459 ) on Tuesday May 19, 2015 @06:24AM (#49724639) Homepage
          To use a real world analogon: Burglary is still a crime, even if someone didn't lock his front door. Yes, you should lock the door. But it's still a crime to steal, even if you don't lock it. The Belgian Privacy Protection Commission now has listed some ways to lock your door - basicly they did already what you repeat now. Thus your remark could be rated "redundant".
          • by Viol8 ( 599362 )

            They're not stealing anything. Cookies always have been a tracking method so you can't complain when someone uses them to track you. Don't want to be tracked? Delete them.

            I'm really beginning to believe there should be the equivalent of a drivers license for using the internet. That way we'd keep all the whining idiots away from it.

            • Re: (Score:2, Informative)

              by Anonymous Coward

              They are accused of tracking people who never signed up to Facebook and who never agreed to be tracked through the use of the like buttons. They don't need nor use cookies to track you. With a script they can reveal a lot of information of your browser, add ons, ip, operating system, last visited page, etc... That information is almost like DNA and can identify you while you browse the internet. This is how Facebook tracks you without ever needing to place a cookie on your computer. They create a shadow pro

        • Apparently you havent yet figured out how to delete cookies. Time to read your browsers help page perhaps.

          So much more than deleting cookies, muchacho. Better be blocking scripts as well.

    • by Anonymous Coward

      The problem here is that they track you even if you have *not* signed that contract (i.e. don't have an account).

    • by Polyneikos ( 2026718 ) on Tuesday May 19, 2015 @04:57AM (#49724417)
      (1) Facebook is tracking people who didn't "sign a contract" (as others have said), and (2) FB can't contract with people to do something illegal. The EU has privacy laws, and any contractual clause(s) which violates them is void.
    • Your data is a form of payment and you submit to authorizing facebook to use it when you sign up. Why shouldn't Europeans abide by the contract they willfully sign? Facebook is not a public utility, you are not forced to consume it.

      Yes, what you write is correct, BUT:

      Facebook's tracking of users who do not own a Facebook account [...] the company tracks users who are logged-out from Facebook through the social plug-ins ("Like" and "Share" buttons), tracks opted-out Facebook users with a cookie for advertising purposes, tracks users who are not Facebook users but who have visited Facebook's pages, and so on.

      I don't own (never did) a Facebook account, but (and this is a fact) Facebook knows my name (with my foto connected to my name), people i know, other social/political/etc info about me.

      • It is because of the fact the Facebook knew who I was that I got an account. At least now I can poison the well.
        • This may be a way to deal with the problem, but i would prefer not to have the problem from the begining
          • I would prefer it didn't exist as well but it does so you can either attempt to mitigate by getting your real world friends to quit tagging you in shit and mentioning you in posts (not likely) or try to leave a mess in your wake. I don't tag anyone correctly and will often go out of my way to post complete bull shit. The most recent was the saga of moving to Havana now that US relations have thawed. I mean why not, it is just slightly less real than everyone's Facebook lives where they push stupid pictures
    • by Xest ( 935314 ) on Tuesday May 19, 2015 @06:00AM (#49724561)

      Because even if they were just tracking data of users who sign up, contrary to popular myth, peddled mostly by people who think they know the law but apparently don't, contracts are not magical legal instruments that overrule everything ever.

      In just about every jurisdiction in the world contracts have limits. They cannot overrule statutory rights, you cannot sign away your life in a contract, you cannot sign away your legal responsibility for a crime onto someone else poor and desperate enough to be willing to take it for money.

      Hence, it doesn't matter what is in a contract, if that contract doesn't adhere to the laws of the country in which the agreement is made then either the whole or that portion of the contract are meaningless and irrelevant.

      Facebook doesn't get to rewrite the law, so rather than blaming users for agreeing to a section of a contract that has no legal merit in the first place, you should be asking, "Why can't Facebook adhere to the laws of the countries in which it chooses to operate if it wishes to operate there?". That's the real question- you see, your question is meaningless; Europeans ARE abiding by the contract they wilfully sign because it's a meaningless contract with large portions that hold no legal merit in the first place. It's not their fault Facebook wrote a contract that tries to claim rights that it has no legal standing to claim - that's Facebook's fault, they should've drafted a contract that's wholly enforceable within the confines of the law.

      Most companies manage, but it seems a number of tech companies really struggle with it, because profit.

    • And why Should Facebook consider it a contract for life and have no facility for deleting an acount?

  • by Anonymous Coward on Tuesday May 19, 2015 @04:56AM (#49724413)

    The only way to win is not to play.

    K-line their links and widgets in your browsers. Don't feed the beast.

    • by Dunbal ( 464142 ) *
      I prefer to feed the beast garbage.
      • These are both good approaches. They're the first 2 on Schneier's list of the 4 ways to "protect yourself from digital surveillance". [huffingtonpost.com]

      • by ULTROS ( 2967739 )
        Elaborate please. Do you have some plugin that feeds it false data?
        • by Dunbal ( 464142 ) *

          No, I have an account with facebook. The only problem is that it's a dog. None of my personal information is there. Only a picture of my dog, and a few stories about my dog. So all the data collected by the account, browsing history, tracking, etc, is all well and good. How the plan to market this however... how old am I? Where do I work? Why do I have a penchant for liking doggy things? Heck, what sex am I? Sure they can probably extrapolate that through my history. But at the end of the day if they want t

  • by Anonymous Coward

    This is why "free" is never "free". The internet is mostly based on private enterprise supporting its own sites or advertisement providing the funding. Facebook is no different and relies heavily on finding ways to support all those "free" users. Its interesting, because I wonder how popular these sites like Facebook would be if the end user had to pay for everything in return for no ads, no unwanted loss of privacy? But everyone should know that when you visit a web site you may be providing more informati

  • by colfer ( 619105 ) on Tuesday May 19, 2015 @05:08AM (#49724439)

    The link to the actual report in TFA is broken, as it was on the Belgian commission's own site until a few moments ago. So here it is:
    http://www.privacycommission.b... [privacycommission.be]

    The recommendations for site owners is to enhance the cookie opt-in banner that you already see on European sites. A cookie for cookies! It's buried deep in the heavily enumerated document, so I'll quote it in full:

    To Website Owners
    Relating to website owners or webmasters who wish to use the social plug-ins offered by Facebook, the Privacy Commission refers to its own-initiative recommendation on the use of cookies, in which it stipulates that owners must properly inform visitors of their website and obtain the latter's specific consent for cookies and other meta files of which they may not control re-use. In this context, the Privacy Commission refers to social networks, among others, and recommends that social network buttons are not activated until users have given their specific consent. The current integration possibilities of social plug-ins offered by Facebook, however, do not meet these criteria yet. For the time being, the Privacy Commission therefore recommends to use tools such as "Social Share Privacy" ( http://panzi.github.io/SocialS... [github.io] ) as a way to obtain user consent. By using a tool such as "Social Share Privacy", third-party plug-ins do not connect to third-party servers (and consequently data are not sent to third parties) until users have clicked on the social plug-in.

  • I'm glad to see the EU handle Facebook as the disease that it is.

  • by Anonymous Coward

    Politicians are practically falling over themselves while rushing to give the people's privacy to Facebook, Google, etc. Everything else is just sweet-talk to placate the critics. Telling people to protect themselves is the height of insolence. Everybody wants to know what everybody else is doing, who they're talking to, and they make the laws to all but prevent privacy. You can't even get a SIM card without "papers please" in many European countries. They compel ISPs to record all sorts of metadata, even i

  • by NoNonAlphaCharsHere ( 2201864 ) on Tuesday May 19, 2015 @05:23AM (#49724465)
    The one (microscopically tiny) thing APK isn't batshit crazy about:

    127.0.0.1 www.facebook.com facebook.com
    127.0.0.1 www.static.ak.fbcdn.net static.ak.fbcdn.net
    127.0.0.1 www.login.facebook.com login.facebook.com
    127.0.0.1 www.fbcdn.net fbcdn.net
    127.0.0.1 www.fbcdn.com fbcdn.com
    127.0.0.1 www.static.ak.connect.facebook.com static.ak.connect.facebook.com
    127.0.0.1 www.static.ak.facebook.com static.ak.facebook.com
    • I think its better to use NoScript and just block the domains

  • I believe most companies nowadays are using opt-out, "bad user default settings" schemes and most of them simply won't move away from it, well, because it just works so well with their ad-based and big data business model. And you know what? I'm fine with that, it's so much better than a subscription. With that said, there There are only 2 reasons why people deserve the privacy violations they are put through:

    1. 1. It is fundamented payback for something morally wrong they have done, like a fair court order on suspicious activities
    2. 2. THEY ARE IGNORANT TO THE POINT THEY WILL DISREGARD ALL WARNING AND CIRCUMVENTION MEASURES AVAILABLE AGAINST SUCH VIOLATIONS

    So, to be totally honest, I know the harm I'm put through while using Facebook, I know ways to circumvent most of it, and the harm I can't avoid is my own damn fault for posting socially awkward information/comment/photo of myself.

    The bottom line is that Facebook-user relations aren't much different from a state-citizen one: when I go about my life in my country of "choice" (i.e. where I happened to be born or end up), I am also supposed to have some kind of omniscience of all types of law, such as fiscal (taxes), penal (crimes), environmental, etc, and even all my own damn rights. Either that or to have the income to hire "omniscient entities" in each of those fields. Only then I become a "perfect citizen" in the eyes of the state, as I abide to every form of policy my country, the EU, and the F'ing UN imposed on me. So the EU doesn't like Facebook for pretty much acting the way they do. That is a load of bull.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The problem is that FB also tracks non-fb-users. You can't opt-out from this.

      • The state also tracks non-citizens in a country, unemployed/inactive citizens, and even unemployed non-citizens abroad for whatever interests. Tracking is not just web 3.0, it's society/globalization 101. One learns to live with it. The EU wants to force a square peg on a round hole.
        • by Anonymous Brave Guy ( 457657 ) on Tuesday May 19, 2015 @09:12AM (#49725641)

          Tracking is not just web 3.0, it's society/globalization 101. One learns to live with it.

          Or, like civilised people, we decide that some behaviour is potentially damaging and/or socially unacceptable, we make it illegal, and we punish those who continue to do it.

          Also, your continued analogy between what governments do and what private businesses do is silly. Technology is not inherently evil. Storing data about someone is not inherently evil. How you use that technology and what you use that data for may be evil, or may not.

          • I do not disagree with you in your last 3 sentences. Other than that, I accept the fact that my social condition (that of a working, middle-class citizen, i.e. one vote) simply does not allow me to have that influence in communitary law-making. Democracy allows me this vote every now and then, on a political array of partisan packages I will never entirely agree with. I cope with it yet express my desire to have means to control it in web comments, petitions, but not much else. Civilized people cope. Activi
            • by Halo1 ( 136547 ) on Tuesday May 19, 2015 @10:56AM (#49726651)

              I do not disagree with you in your last 3 sentences. Other than that, I accept the fact that my social condition (that of a working, middle-class citizen, i.e. one vote) simply does not allow me to have that influence in communitary law-making.

              As a 25 year old PhD student, together with a bunch of like-minded people that had no political clout or connections (many of which were students or PhD students), I managed to help block the EU software patents directive back in 2009. This directive had the full support of the European Commission, and initially also of the majority of the largest groups in the European Parliament (the Christian Democrats and the Socialists). Big IT companies (IBM, Microsoft, Nokia, ...) spent over 4 million euro on lobbying. And yet in the end (after 7 years of procedure) they all decided to go for cancelling the directive rather than risking it might get amended do something we may like and they might not.

              For me, it started in a very silly way: I sent a mail [ffii.org] to all Belgian MEPs, explaining them my view on the directive and on software patents. A week later, I got a call from an assistant of a number of MEPs telling me it was the first mail on the topic that made any sense to her, and asking me (a random student that just mailed them) how they should vote on the report that was being tabled the next week. I kind of panicked, told her I'd get back to her, looked on the Internet who could help me with that, ended up at the FFII [ffii.org] and the rest is history.

              Seriously, politicians and their aides are also also just people, and if you say something that makes sense, many of them will pay attention. There are of course always those who have made up their mind and won't care, but in my experience of 5 years of talking with them, I did not come to the conclusion that it's the majority of them. Not even close. Especially at the European level, where they are often happy that finally someone from the home country actually cares about what they're doing (as long as you're not sending template mails).

              And yes, in the end it did cost lot of effort. But it is patently (hah!) false that there is nothing you can do influence or achieve at the EU level.

              Democracy allows me this vote every now and then

              That is just one part of democracy. It's an important one, but still just a part. A functional democracy requires way more effort than just voting every couple of years. And you can do it just as well as anyone else.

              • It's very nice to hear the system worked for you. But you have to accept that the whole environment lined up for a favorable conclusion. At quick glance I identify: you were not alone, as you ganged up a scientific group with relevant background on the matter at hand (even if students); you admittedly wasted a lot of effort for a single measure in your professional area; you are also Belgium-based, which does have an influence, be it by language barriers, or the simple fact that if a member of EU counsel ne

                • Erratum: In that last sentence, I meant "not one of the former", i.e. worth investing my time, as I deal with it easily with methods Facebook itself provides..
                • by Halo1 ( 136547 )

                  It's very nice to hear the system worked for you.

                  There is no external "system" system entity that works or does not work for us. We are all part of what I what would rather call "democratic society". It's true that there are entities with lots of money and influence, but "regular people" tend to severely underestimate their ability to achieve anything. We won for a large part because we were not cynical enough to "know" that we could not win anyway.

                  But you have to accept that the whole environment lined up for a favorable conclusion. At quick glance I identify: you were not alone, as you ganged up a scientific group with relevant background on the matter at hand (even if students);

                  You are never alone. Of course you have to find like-minded people. But as my simple email demonstrates, eve

    • by AmiMoJo ( 196126 )

      Other people can post photos of you and tag you in them. You can't easily stop them doing it... Their phone might even do it automatically. Even if you avoid doing anything embarrassing in public it's easy for photos to be taken out of context.

      • You can actually preempt those photos from being related to your account (tagged with your profile). Other than that, it's just someone posting photos in the public domain, which is not prohibited under any platform as long as they aren't offensive, abusive, with content in the likes of nude children and whatnot. A paper can just publish photos of individuals, be them famous or just part of an article piece, without any impediment, well, because that is freedom of expression business as usual. The fact you
    • by Anonymous Coward

      It's not the EU who is trying to stop Facebook but a Belgian Privacy Protection Commission. This commission is founded in popular demand to protect the privacy of Belgian citizens and to be a service point were citizens can report privacy issues. There were many complains about this issue with Facebook and the commission tries to defend the rights of those people. They have been successful to stop privacy invading ideas of the Belgian or local governments in the past (like the removal of public camera's) an

  • by Anonymous Coward

    Fuck those communists in Europe. Facebook is America and America is Freedom. It is their patriotic duty to allow themselves to be monitored and everyone owes a debt of patriotism to America, whether they're American or not!

  • by GeekWithAKnife ( 2717871 ) on Tuesday May 19, 2015 @06:46AM (#49724745)

    Just fill out false information, post pictures that are not you, tag things incorrectly, feed the bots dust til they choke.

    If you think about it's possible to loop their own ads back to them...just help spread the advertisement.

    They agreed to these conditions when they accept me as a user.
    • "Just fill out false information, post pictures that are not you, tag things incorrectly, feed the bots dust til they choke."

      This "camouflage" or "false positive" technique is way underutilized with cookie tracking and searches tracking.

      But it's far more difficult with facial recognition. If you are using someone else's face, it gets tricky, and is also probably fairly easy to sort out electronically.

      I've thought about using Photoshopping to slightly change the distance between my eyes, shrink or ex

    • I am not too sure about the "feed false data" approach. What if the false data happens to provide a much more negative image of you than your real data?
      At least with your real information you can kind of figure out how you are being cataloged by the spying, but what picture does false data paint? Could it potentially label you as a possible criminal/deviant/etc because of some unthinkable combination of false data? What if you stumble upon a combination that relates you to some hate group by accident?

      I thin

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...