fb is fb & other sites are other sites, and never the twain shall meet?
July 16, 2013 1:12 PM   Subscribe

facebook/big brother-filter: in what ways is facebook (and for that matter other email/social media sites) passively connecting logged-in users to other sites they visit?

Just now I was logged into facebook and had my local paper open in another tab, where I filled out a short survey about the paper's recent website redesign. After I closed the survey, that space reloaded with a "find us on facebook" box and right there at the top was my profile photo with the fb thumbs-up and "you like this." When I logged out of facebook, the ad refreshed with a generic "like us" message.

So, is this just a cookie thing and no different than ads for pea gravel showing up here and there because I've done some recent searches related to a landscaping project? Or are facebook tendrils connecting me without my knowledge to other sites I visit while I'm logged in? And if so, is everyone else doing the same?

I don't mind logging out of facebook to do my other surfing. I just want to know how I'm being connected & when. Especially since I toggle back and forth between my profile and my company's when I'm logged into fb, and I filled out that survey (and blog comments, etc.) anonymously, not signed as me and most definitely not on behalf of my company.
posted by headnsouth to Computers & Internet (7 answers total) 8 users marked this as a favorite
Check out Ghostery. It can both notify you of, and block, such relationships. Firefox and Chrome, not sure about any other browsers.
posted by sandettie light vessel automatic at 1:27 PM on July 16, 2013 [6 favorites]

If you're a Facebook user, they're tracking every site you visit on sites with any sort of Facebook integration, like the local paper. According to that Lifehacker article, Facebook is even tracking you when you're not logged in, if you're previously logged in using the same browser. So to answer your question, yes, your local paper and many other sites are connecting you via Facebook without your knowledge.

I use the Disconnect Extension on Chrome to (hopefully) block this integration, but haven't taken the time to compare it to the other solutions out there.
posted by cnc at 1:59 PM on July 16, 2013 [3 favorites]

It's worth noting that while it's possible that sites are tracking you if you're logged into Facebook, it's way, way more common for sites to simply grab one of Facebook's widgets (like the "Find us on Facebook" widget), and completely ignore any other data that Facebook exposes.

It's also worth noting that as soon as you "like" a page on Facebook, that page (and the site associated with it) has a metric ton of data about you; far more data than is exposed when you just visit a site while you're logged into Facebook. Likewise, in most cases, pages care more about the aggregate number of likes they're getting (and the messaging channel that opens up, specifically being able to post things that show up on your feed) than any of your personal data.

But it's important to be mindful of what pages you're "liking." If you like "chocolate" on Facebook, you're liking an automatically-generated page that isn't associated with anyone and doesn't have a maintainer, so there's nobody collecting your data. But if you like "Chocolate!" on Facebook, that's a page, with a maintainer or a team of maintainers, and you probably don't know anything about them or how they're using your data.
posted by smoq at 2:34 PM on July 16, 2013

It's worth noting that while it's possible that sites are tracking you if you're logged into Facebook, it's way, way more common for sites to simply grab one of Facebook's widgets (like the "Find us on Facebook" widget), and completely ignore any other data that Facebook exposes.

To be clear, this is how Facebook implements the tracking integration that cnc cites in the comment above. Various websites, particularly ones that want cheap and easy "social" features, will insert a Facebook widget on their pages. Then this Facebook widget interconnects with the remote site you're viewing and sends that session info back to Facebook. So even if other "sites... completely ignore" the data that Facebook sends, the ignorance is not going the other way.

Another solution, if you're concerned about privacy, is to only ever log onto Facebook in incognito / private browsing windows, which you close immediately after you're done with Facebook.
posted by Joey Buttafoucault at 3:06 PM on July 16, 2013

I use a separate browser (RockMelt, built for social networking on the Chrome platform) just for Facebook to ensure that there's no cross-contamination.
posted by clerestory at 3:22 PM on July 16, 2013 [1 favorite]

I do the same as clerestory, with Opera.
posted by Sweetie Darling at 7:12 PM on July 16, 2013

This works via cookies, as others have said. When you go to Facebook (regardless of whether or not you log in), they can set a cookie. The cookie is only for Facebook.com, other sites can't access it. What happens then, is localnews.com includes some code from Facebook.com on their site, and your browser sends your Facebook.com cookie out when it goes to grab that code. Your browser also sends along the url of the page you're currently on. All of this is standard web stuff, Facebook is just especially popular and good at getting their buttons on other people's pages.

So localnews.com has some code from Facebook on their site, and because your browser sends your Facebook.com cookie, Facebook knows who you are. They use this information to show you your friends or whatever. They probably also store information about what sites you're visiting, but I'm not up on the latest with that. Someone linked to a lifehacker article before, but I believe that information is now very out of date, as Facebook reacted to the outcry. I'm not aware of any "connection" being made there, but I might be wrong, and also I don't really know what you mean by "connection."

By the way, that cookie we talked about earlier that your browser sends to Facebook is called a 3rd-party cookie. The first two parties are you and the site you're on, and the third is Facebook. Modern browsers include options to block 3rd party cookies, which means that if you're on localnews.com and they include some code from Facebook.com, your browser doesn't send the Facebook cookie. You can try this out by going into your browser settings and disabling 3rd party cookies, and then seeing how things behave differently. There's at least one more way Facebook can use to track you, which is by using Flash cookies, which work differently, but it's not clear to me whether they use them, because when I disabled regular 3rd party cookies, Facebook stuff seemed to stop working.
posted by !Jim at 8:33 PM on July 17, 2013

« Older ExcelFilter: Why do my arrow keys select objects...   |   Is there a smoke/carbon monoxide alarm that is... Newer »
This thread is closed to new comments.