Why is my picture staring back at me from this webpage?
May 21, 2010 7:14 PM   Subscribe

Facebook privacy question. Today I visited a site I'd never been to before and to my consternation found, at the bottom of the page, a comment field with my FB name and my picture. I was at the time logged into FB in another tab (I was playing Lexulous). What just happened? And how did the site get my info?

I've previously followed all the steps listed here in order to lock down my information, so I'm a bit perturbed to find that my name, picture and a link to my FB account is showing up on a random site. Should I be freaked out? Is this just the way of the future?
posted by jokeefe to Computers & Internet (22 answers total) 14 users marked this as a favorite
 
Yeah, nice ain't it?

This is Facebook's "Social Plugin" system, see here.

Purportedly, sites that want to can just plug a referral into Facebook o n their page. The site in question does "not" recieve any info about you from Facebook, since that's all hosted at Facebook. Only once you take action from within the mini Facebook portal, since it references the site, will naughty things take place.

It still smells like the end of Facebook to me. This was not the way to take the world "more social".
posted by cavalier at 7:20 PM on May 21, 2010


reclaimprivacy.org
posted by fixedgear at 7:23 PM on May 21, 2010 [3 favorites]


Only once you take action from within the mini Facebook portal, since it references the site, will naughty things take place.

Ah, I bet that's why the comment box had a little "log out" button that, when I experimentally clicked it, did nothing (but transmit a bunch of info to the bad people, no doubt).
posted by jokeefe at 7:30 PM on May 21, 2010


under the reclaimprivacy link that fixed gear posted - i'm in the all clear as far as having my account locked down and that shit still happens to me. as cavalier said, supposedly the site in question gets no info about me, but i will admit to having my doubts.

part of me feels like all of facebook should listen to what zuckerberg has said (in the advice of "listen to what they're telling you, not what you want to hear") -

they "trust me"
dumb fucks

posted by nadawi at 7:30 PM on May 21, 2010 [4 favorites]


Reclaim Privacy doesn't fix that nefarious little aspect of FB's privacy-mangling features. Who knows what they'll add when the upcoming "fix" (which appears to be solving the same "problems" these latest changes were addressing, not people's problems with the changes) is rolled out.
posted by julen at 7:38 PM on May 21, 2010


"they" being Facebook, not the fine folks at Reclaim Privacy.
posted by julen at 7:39 PM on May 21, 2010


jokeefe, if you log out of facebook from facebook and then visit that site, does your profile appear? I'm going to guess not.
posted by canine epigram at 7:41 PM on May 21, 2010


i'm in the all clear as far as having my account locked down and that shit still happens to me.

I recall reading somewhere that Facebook went ahead and shoveled a ton of user information to "selected partners" before they instituted the new privacy scheme.
posted by Thorzdad at 7:43 PM on May 21, 2010


jokeefe, if you log out of facebook from facebook and then visit that site, does your profile appear? I'm going to guess not.

No, it doesn't-- I did check. Which means that logging out of FB when I'm visiting other sites is one way to circumvent this (I hope); but it's a bit of a pain in the ass, especially if I'm following a link posted on FB itself.
posted by jokeefe at 8:02 PM on May 21, 2010


You might be able to use Adblock Plus to prevent this in Firefox.
posted by Knappster at 8:19 PM on May 21, 2010 [1 favorite]


I keep FB in a separate browser just for this reason. It's a pain, but it makes me feel slightly better.
posted by newrambler at 8:23 PM on May 21, 2010 [1 favorite]


Maybe I'm being naive, but like cavalier noted, unless you post anything there, you should be fine.
posted by canine epigram at 9:19 PM on May 21, 2010


1. http://www.reclaimprivacy.org/
2. https://addons.mozilla.org/en-US/firefox/addon/3145
posted by yoyo_nyc at 11:04 PM on May 21, 2010 [3 favorites]


If you use Firefox, have a look at RequestPolicy. It will block all cross-site requests, totally, unless you specifically allow them. For example, Metafilter is allowed to request info from googleapis.com, but it's blocked from getting info from google-analytics.com.

Any requests from $site to facebook.com or fbcdn.com will be blocked unless you explicity allow them.
posted by Solomon at 12:05 AM on May 22, 2010 [5 favorites]


Thank you all, especially for the links. I'll be adding stuff to Firefox and keeping Facebook strictly on that browser--I can use Safari or Opera for everything else. Thanks again.
posted by jokeefe at 12:17 AM on May 22, 2010


This is the future. No really, I think it will be. I still don't like it, though.

However, your actual information (in this case and as far as we currently know) was never shared with the site. They have never received your name or picture. Your browser displays it "directly from Facebook". So to say. No privacy concerns, here.
posted by oxit at 12:49 AM on May 22, 2010


In some cases, if you follow a link from a Facebok page, your user-name may be passed to that site in the referral header; this information leakage would not be prevented by blocking cross-site requests, and the only way to prevent it seems to be to not follow links from facebook to external pages.
posted by James Scott-Brown at 1:50 AM on May 22, 2010


Other posters are correct. It is unnerving, but not "dangerous".

Even if the site did somehow get access to your information, what harm is there? You published it online- did you publish any non-public information?
posted by gjc at 8:47 AM on May 22, 2010 [2 favorites]


Is this the same thing that the ad services do with their tracking cookie, but exposed to the end-user?
posted by smackfu at 9:10 AM on May 22, 2010


There are some reports that Reclaim Privacy is also spyware/data mining. Use carefully.
posted by nimsey lou at 4:35 PM on May 22, 2010


Specifically this is an embedded iframe served from Facebook servers. It's possible to block these with Ad block plus. I listed the rules needed to do this in an answer to an earlier question. It is also useful to install an add-on to remove selected cookies as Facebook leaves cookies around and this is what is identifying you.
posted by tallus at 11:48 PM on May 22, 2010


Bye the way, there is no place like 127.0.0.1
posted by yoyo_nyc at 12:54 PM on May 23, 2010


« Older the way forward with a broken heart   |   How to choose a reputable outsourcing company? Newer »
This thread is closed to new comments.