Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Facebook Privacy The Courts The Internet Your Rights Online

Facebook Can Track Your Browsing Even After You've Logged Out, Judge Says (theguardian.com) 124

A U.S. judge has dismissed nationwide litigation accusing Facebook of tracking users' internet activity even after they logged out of the social media website. From a report: The plaintiffs alleged that Facebook used the "like" buttons found on other websites to track which sites they visited, meaning that the Menlo Park, California-headquartered company could build up detailed records of their browsing history. The plaintiffs argued that this violated federal and state privacy and wiretapping laws. US district judge Edward Davila in San Jose, California, dismissed the case because he said that the plaintiffs failed to show that they had a reasonable expectation of privacy or suffered any realistic economic harm or loss. Davila said that plaintiffs could have taken steps to keep their browsing histories private, for example by using the Digital Advertising Alliance's opt-out tool or using "incognito mode", and failed to show that Facebook illegally "intercepted" or eavesdropped on their communications.
This discussion has been archived. No new comments can be posted.

Facebook Can Track Your Browsing Even After You've Logged Out, Judge Says

Comments Filter:
  • This is news how?
    • Evidently you can sue people for making a working link.

      • Re:Obviously. (Score:5, Insightful)

        by rjstanford ( 69735 ) on Monday July 03, 2017 @04:34PM (#54738135) Homepage Journal

        It shouldn't be unreasonable to expect that logging out of Facebook caused them to stop treating that browser window as being "you" for their purposes as well as yours.

        • The only safe bet is to not click on any of their buttons. The metadata will get you every time. If you let the NSA do it, then everything is fair game.

          • Re: (Score:2, Informative)

            by Anonymous Coward

            You don't need to actually click on them to be counted, though if you do they can also update your psych profile based on what you are Like'n.

          • Comment removed (Score:5, Interesting)

            by account_deleted ( 4530225 ) on Monday July 03, 2017 @05:17PM (#54738363)
            Comment removed based on user account deletion
            • Re:Obviously. (Score:5, Insightful)

              by jenningsthecat ( 1525947 ) on Monday July 03, 2017 @06:06PM (#54738657)

              The only winning move is not to play. Seriously, I've never had a Facebook account and I pity those millions who do.

              You're probably playing to some extent, whether you realize it or not [theverge.com]. I run No Script and an ad blocker, and I also don't have a Facebook account, so I'm probably better off than Joe Average when it comes to being tracked. I also do my best to make sure that friends and acquaintances don't post my name or picture. Even at that, I wouldn't be surprised to learn that FB knows a lot about me. If you think your abstinence from social media means you're not being tracked and commoditized, you're being naive.

            • The only person without facebook is the easiest person in the world to track.
        • It shouldn't be unreasonable to expect that logging out of Facebook caused them to stop treating that browser window as being "you" for their purposes as well as yours.

          I agree; however, EVERY SINGLE browser enables this behavior by default. Firefox claims it has your privacy and security in mind and then writes cookie handling code that allows you to be tracked regardless of your wishes.

          For myself, I do not blame Facebook for acting like an amoral and fiendish criminal, I blame the browser creators for enabling that behavior. Almost every business that is successful is only successful because they grabbed every resource they could regardless of legality. No moral business

      • Re:Obviously. (Score:4, Interesting)

        by Luthair ( 847766 ) on Monday July 03, 2017 @05:13PM (#54738331)
        Its not the link, its the fact that sites embed Facebook scripts that your browser requests and Facebook uses to track people browsing the web. When the user isn't logged in they still track them and attempt to associate it with an account later. Its pretty sleazy and why you should have Adblock block Facebook (and Twitter, and Google) domains on third party sites.
        • Sleazy yes, but it's just something to be aware of and block. We don't need the frivolous lawsuits.

          • by thsths ( 31372 )

            We do need lawsuits, because this is illegal. It is no doubt sensitive data, it is not just personalisable data, Facebook is actually working hard on making it personalised data. And there is no consent given. So Facebook does not have any right to do this.

          • by Luthair ( 847766 )
            Think about the near future - retail stores will be using facial recognition to build profiles on people who enter their stores and will attempt to associate those profiles with names & addresses.
  • by Anonymous Coward

    If you use "incognito mode" (Private Window) many websites stop working.

    • by ewhac ( 5844 ) on Monday July 03, 2017 @04:29PM (#54738099) Homepage Journal
      Not that I disbelieve you, but could you furnish a couple of examples? I can't recall seeing a Web site that refused to work when accessed via Incognito mode.
      • ...I can't recall seeing a Web site that refused to work when accessed via Incognito mode.

        I can't either, and moreover, I don't understand why they wouldn't work; how could the website even know you're in incognito mode?

        I was under the impression incognition* happens after the fact. I.e. the incognito window behaves as normal, but then once the window is closed / program exited, it then deletes a bunch of stuff (that it normally would not, and unbeknownst to all the websites you visited in that incog session). That's why you can even use, e.g., gmail, with all its myriad cookies flying all

        • how could the website even know you're in incognito mode?

          Some browser behavior, such as visited-link highlighting and FileSystem API access, changes in incognito mode. JavaScript can be used to query whether these features work. If they're expected to work (browser version is high enough and HTML5 is supported, etc.) but they don't work, the website assumes you're using incognito mode.

      • by DarkOx ( 621550 )

        netflix.

        I often use the incognito mode to login to my stuff on other peoples computers. So that I know some cookie won't be left behind and it won't log them out if they use the same site and have a persistent session they likely want to retain. I realize this still isnt very safe for me or them but these are people like my father and my fiance, I would mostly trust with my accounts anyway.

        Recently I wanted to show dad something on netflix I could not remember the title too, so I thought i'd just look at

    • by Anonymous Coward

      Incognito mode is worthless for this. Facebook will still be able to see your IP on any site that uses their resources unless you explicitly block them or use a proxy. This Edward Davila character needs to stop pretending that he knows what he's talking about.

      • by hawguy ( 1600213 )

        Incognito mode is worthless for this. Facebook will still be able to see your IP on any site that uses their resources unless you explicitly block them or use a proxy. This Edward Davila character needs to stop pretending that he knows what he's talking about.

        I doubt they use IP address to track users -- too many people share the same IP (for example, everyone in a family or office), and they don't want to reduce the accuracy of their user profiles by tracking the wrong user. They can track 99.9% of their users with tracking cookies, no need to resort to much less effective IP tracking.

        • by SirSlud ( 67381 )

          They use IP addresses (and other fingerprint stuff like browser agent, etc) - even if it's not always accurate, it's better than nothing. The worst thing they do is serve you an incorrectly targeted ad. You don't notice it, and those kinds of things just somewhat lower the effectiveness of targeted ad buys. There's an accepted, if difficult to accurately measure, margin of error in targeting that advertisers and ad publishers accept in media buys.

  • by nitehawk214 ( 222219 ) on Monday July 03, 2017 @03:44PM (#54737755)

    Block all ads, all 3rd party scripts. All the time, with no exceptions.

    If the site won't load without ads and 3rd party scripts enabled, then you don't need to see that content.

    • by adturner ( 6453 ) on Monday July 03, 2017 @03:54PM (#54737815) Homepage

      It's amazing how many anti-ad-blocking tools that websites use don't work and let you read the content unmolested if you disable JavaScript.

      • Re: (Score:3, Interesting)

        by AmiMoJo ( 196126 )

        We have Google to thank for that. The Googlebot doesn't like having to run Javascript just to see content and down-ranks sites heavily because of it. In order to be found sites have to offer content to Javascript-free clients, including you.

        It's kinda scary how much power Google wields, even when it does work in our favour.

    • by Anonymous Coward

      It's also easy to isolate your other browsing from your Facebook activity. Use a separate browser.
      It's even easier on KDE (use the Facebook widget) or Android (use Tinfoil).

  • Your best choice (Score:5, Insightful)

    by Kohath ( 38547 ) on Monday July 03, 2017 @03:47PM (#54737765)

    As a safeguard, you should just never login to Facebook.

    • whats facebook. oh yeah, thats where everyones business is everyones business. probably why i dont have an account. its for kids and grandparents that dont know any better.
    • Re:Your best choice (Score:5, Interesting)

      by sit1963nz ( 934837 ) on Monday July 03, 2017 @04:20PM (#54738017)
      Irrelevant, Facebook still builds a profile, still tracks you and still updates its information about you.
      Hell I bet they even know what you look like, all it requires is someone you know who is on Facebook to upload photos with you in it.
      From there they can start doing a process of elimination.

      Because they look at the sites you visit they can tell your gender (50% reduction in the unknown just with that item)
      Age, race, religion, political ideology, income, and where you live are also discernible with enough data. And its not just the data they get from Facebook , they will have scraped data from phone directories and other public facing databases, they would also have paid for other information from other sources such as store loyalty cards, frequent flyer lists, etc etc etc etc etc.

      They also "sell" that information,based on their data are you currently looking at going on a holiday, those web sites can then bump up the prices slightly because they too know your income, etc.

      And not once have you ever had a Facebook account.

      If you think simply not having a Facebook account is all it takes then flying is just the art of aiming at the ground and missing.
      • by Lennie ( 16154 )

        Facebook share links/buttons are on many, many websites. Most people haven't figured this out yet. But they can still use it to build a profile about you.

    • by Anonymous Coward

      You don't even need to be a member of Facebook for them to track you. Any site that has Facebook stuff on it is tracking you even if you disable Javascript.

      • by Anonymous Coward

        I don't use Facebook at all. I was researching hotels in a particular city in another state and emailed some info to another person. Before they read the email, their Facebook started showing ads for that particular hotel, and other attractions in that particular city.

  • sooo... (Score:4, Interesting)

    by TRRosen ( 720617 ) on Monday July 03, 2017 @03:51PM (#54737793)

    once again lawyers file silly suits without knowing how technology works.

  • the /etc/hosts file
    • In particular, redefine the following host names (e.g., to 0.0.0.0) in your /etc/hosts file:

      connect.facebook.com

      connect.facebook.net

      graph.facebook.com

  • Tell them you won't visit their sites anymore if they continue to facilitate Facebook's or Google's or anyone else's cross-site cyber stalking.

    If your going to sue anyone consider directing your legal efforts at site owners for facilitating cyber stalking. Don't waste your time with Facebook.

    Contribute to public awareness campaigns that equate Facebook logos on websites with eye of Sauron in the minds of users. The thing cyber stalking firms fear most is sunlight... an informed public knowing they are bei

  • by Dadoo ( 899435 ) on Monday July 03, 2017 @04:21PM (#54738029) Journal

    Ummm... I logged out of Facebook. How is that not an expectation of privacy?

    • Ummm... I logged out of Facebook. How is that not an expectation of privacy?

      Because you (well, your agent: your computer) kept going to the extra trouble to send additional data to Facebook, even after you logged out. If you had expected privacy there is no way you would have kept sending them data. Ergo, you didn't expect privacy.

      • by MobyDisk ( 75490 )

        Did the users type in their user name and password when they clicked the like button?

        • Did the users type in their user name and password when they clicked the like button?

          Don't be absurd; they didn't do anything so relatively anonymous as merely typing their name and password and DoB and SSN and uploading their scanned retina image. The user sent a unique key that Facebook had offered them earlier, and that the user stored on their computer until the time came to send it back to Facebook along with their favorite URLs.

          And what's this nonsense about clicking the like button? The user sent th

    • The counter-argument to that is: You use Microsoft operating systems. You have explicitly given permission for every action you take to be logged somewhere and examined later at the pleasure of Microsoft. Using Facebook is merely a subset of using a computer (which has a Microsoft Operating system on it) therefore, you have already given up any expectations of privacy. Logging out of Facebook is not sufficient to prove that you would have an expectation of privacy since you abandoned all expectation of priv

  • Credit cards track you everywhere you go, too. Online or off, merchant service providers are now starting to give full purchase history data to their customers. As a retailer, it's great to be able to track everybody.
    • Has that been publicly acknowledged by the card issuers? I try and limit what they know by opting for cash on some transactions. If you are saying they are putting it in the marketing database when you make a purchase each item you buy, not just what store you shopped at, even if you don't give a rewards card or number, then that is level of personal violation I haven't seen documented.
  • This is where domain blacklisting, referring removal/mangling and by-default JavaScript blocking start to sound real good. Very difficult to track us "paranoid" folk around unless you have access to all the random WWW logs out there.
  • The judge didn't say Facebook "can do" anything. The judge said the plaintiffs can't pursue certain specific legal theories against Facebook, but can pursue others:

    The plaintiffs cannot bring privacy and wiretapping claims again, Davila said, but can pursue a breach of contract claim again.

  • Facebook is already doing that with advertising, taking your interactions with Facebook and combining it with third-party personal data to track you on the Internet. Read that in "Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley" [amzn.to] by Antonio Garcia Martinez. The author sold his engineers and company to Twitter and got hired by Facebook in a three-way deal.

  • Information does indeed want to be free, in that like water it is very hard to contain for long, and it will flow wherever it can as fast as it can through the smallest open channels.

    I was thinking you could claim harm by starting up a company that explicitly sold your data so someone else having it would diminish the value, but that seems contrived and would probably not help since others collecting your data would not mean the paid source could not still collect it...

  • Use a web browser that's designed for privacy, like Brave (company founded by Brendan Eich [brave.com]).

  • Stay off social sites, don't join any social sites, don't ever believe the internet owes you privacy. Or any browser, operating system or software and apps. You want privacy it's you job to be selective on how you access the internet. Facebook is not there to protect your privacy since it provides you a service for free. Which you can freely decline to use if you do not agree with their agreements. Don't waste court time for frivolous whining about privacy.
    • It doesn't matter if you never, ever log in to facebook, they can still track you. Any time you visit any web site that has a "Like us on facebook" icon (or other completely hidden scripts), it sends information to facebook that you (some anonymous person with a unique identifier) visited their site. Now, you visit another such site, and that icon sends facebook your unique ID, along with information that you logged in to that site. Eventually, they can piece together enough information to connect your uniq

  • Seems to me that while this

    that plaintiffs could have taken steps to keep their browsing histories private

    speaks of incognito etc mode, it seems really an encouragement (if not a directive) to use ad blockers. If the official legal opinion (in a silicon valley court, no less) is a variation of caveat emptor (browser beware), that can't be particularly good for legitimate folks.

    Yeah, I know many folks here are already big advocates of ad blockers, and I'm aware every sizable nation state on the planet i

  • ISPs can literally sell your browsing info to whoever the fuck they like? And this is somehow a problem but that isn't? Weird.
  • c't fixed it in 2011

    https://www.heise.de/ct/artike... [heise.de]

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Working...