×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Heise's 'Two Clicks For More Privacy' vs. Facebook

timothy posted more than 2 years ago | from the like-grit-in-the-eye-of-sauron dept.

Facebook 206

First time accepted submitter FlameWise writes "Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)." As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

206 comments

don't people already do this? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37294042)

"disable unintentional automatic tracking of all page visits by third-party social sites like Facebook"

I think anyone who cares the slightest bit about privacy already blocks facebook's address blocks, googles trackers, and so on.

Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control. I figure that my computer exists to make MY life easier, not to make money for facebook or google.

"Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

Re:don't people already do this? (3, Informative)

Samantha Wright (1324923) | more than 2 years ago | (#37294092)

This is a mindblowingly old and tired debate, but I think the typical reply to you goes something like "most people are mostly stupid and as a result we need to take care of them. Further," goes the repartee, "all of this this should be opt-in to begin with."

Re:don't people already do this? (2)

KiloByte (825081) | more than 2 years ago | (#37294986)

You mean, it should be legal to rob you or murder you unless you register for a legal protection program?

Re:don't people already do this? (1)

Sique (173459) | more than 2 years ago | (#37295040)

It's not called "legal protection program", it's called "applying for citizenship/residental status and paying taxes", but you get the general idea.

Re:don't people already do this? (1)

Anonymous Coward | more than 2 years ago | (#37295058)

In most civilized countries it already is legal to be murdered

Re:don't people already do this? (1)

Samantha Wright (1324923) | more than 2 years ago | (#37295074)

By "all of this" I meant "all of this privacy-invading tracking stuff." Didn't you even read the headline?

Re:don't people already do this? (5, Insightful)

Anthony Mouse (1927662) | more than 2 years ago | (#37294116)

"Automatic tracking" can almost entirely be disabled already - and for years now. You just have to DO IT, and most people would rather bitch than spend the 5 minutes it takes.

If I'm just reading the news, I use whatever computer is in front of me. Sometimes that's my PC, or my laptop, or my PC at work, or a school computer, etc. Having to change a setting on every different computer I use is a huge annoyance, to say nothing of the times when I don't have administrative access to make certain changes.

Anything that makes protecting my privacy the default is a win.

Re:don't people already do this? (-1, Flamebait)

Richard_at_work (517087) | more than 2 years ago | (#37294938)

So basically, what you are saying is that You can't be bothered, so you want others to do the work for you?

Re:don't people already do this? (0)

Anonymous Coward | more than 2 years ago | (#37294972)

No, its that those settings interfere with other peoples settings and is not realistic.

Re:don't people already do this? (1)

martin-boundary (547041) | more than 2 years ago | (#37295032)

That's exactly right. The ONUS should be on the sites to get individual permission for their tracking, not on you to withold permission each time.

The point being that tracking is already superfluous work that the companies go out of their way to do, so it's ok if the law says they aren't allowed to do it without even more work to get permission from every surfer.

Re:don't people already do this? (1)

Ethanol-fueled (1125189) | more than 2 years ago | (#37294316)

Your computer obeys you. You get to decide whether it stories cookies from any given site, whether it loads *anything* from facebook's addresses, whether it loads web bugs, and so on. It is under your control.

Bullshit, son. A computer is a lot like a woman - they'll both do whatever the hell they want until you train 'em and tell 'em what to do and how to behave. For example, when you first ask it to make you a sandwich, it'll hand you a pink-frosted pop-tart instead. That's when you have to hit the case a couple times to loosen the stuck fans and knock the dust loose. It will then make those sandwiches for you, but you have to train it to avoid breads with weird grains and cut your sandwich in triangles, not rectangles, using horseradish mustard instead of that cheap French's shit.

Re:don't people already do this? (1)

smellotron (1039250) | more than 2 years ago | (#37294414)

A computer is a lot like a woman - they'll both do whatever the hell they want until you train 'em and tell 'em what to do and how to behave.

You may have better luck using root privileges [xkcd.com].

Re:don't people already do this? (0)

Anonymous Coward | more than 2 years ago | (#37294568)

Do you use a proxy every time you search? Google tracks searches by IP address too so they can make your searches 'better'.

I don't get it... (2)

FormOfActionBanana (966779) | more than 2 years ago | (#37294046)

They embed a Facebook "like" button on their website... And then they decide it's creepy so they grey it out???

When I think something is creepy I just remove it....

Re:I don't get it... (5, Informative)

YodasEvilTwin (2014446) | more than 2 years ago | (#37294080)

No, dude. They have a little grey icon hosted locally, and when it's clicked they do an AJAX call and insert the Facebook "Like" button dynamically. That prevents Facebook from using the page that gets loaded in the iframe with the Like button from tracking the user until they've clicked the button. Otherwise everyone who visited the site would automatically be tracked when the Like button was automatically loaded.

Re:I don't get it... (1)

ge7 (2194648) | more than 2 years ago | (#37294112)

Why would they need to do AJAX call? Normal Javascript works just fine and saves requests and server resources.

Re:I don't get it... (2, Informative)

Anonymous Coward | more than 2 years ago | (#37294216)

The act of loading the like button is what allows Facebook to track users. This site defeats this by deferring the loading of the button until after a user asks for it. The AJAX call is to Facebook to load the button (and track the user).

Re:I don't get it... (0)

Anonymous Coward | more than 2 years ago | (#37294242)

Meh, I think it's actually loading an iframe as opposed to an XHR style request, but perhaps that's just a nit-pick.

Re:I don't get it... (1)

ge7 (2194648) | more than 2 years ago | (#37294244)

There's no AJAX involved. It's pure JavaScript.

Re:I don't get it... (1)

is as us Infinite (920305) | more than 2 years ago | (#37294450)

You are wrong:

AJAX: Asynchronous JavaScript And XML

Asynchronous because the js call happens after the page has already beeen loaded and XML (ie XHTML) is what is returned from the call. Or rather, returned and inserted, if you want to be pedantic (which you obviously do.)

Re:I don't get it... (2)

linuxgeek64 (1246964) | more than 2 years ago | (#37294126)

There's no Ajax involved in Heise's thing.
The Facebook like button is not directly put into the webpage, because that could cause issues with the cross-origin policy in browsers (a browser lets only pages on facebook.com to make Ajax requests to facebook.com).

Instead, the like button is in an iframe, which is a different webpage stored in a frame in another webpage. Those don't require any sort of Ajax at all. Instead, clicking the gray icon uses JavaScript (which is definitely NOT Ajax) to replace their grayed-out like button with an iframe containing the actual one.

FTR, in case you didn't guess already, the iframe points to a webpage on facebook.com that contains the webpage for the like button.

Re:I don't get it... (0)

_merlin (160982) | more than 2 years ago | (#37294286)

Instead, the like button is in an iframe, which is a different webpage stored in a frame in another webpage. Those don't require any sort of Ajax at all. Instead, clicking the gray icon uses JavaScript (which is definitely NOT Ajax) to replace their grayed-out like button with an iframe containing the actual one.

Yo, sup dawg. I herd you like web pages, so I put a web page in your web page, so you can click while you click.

Re:I don't get it... (1)

Fjandr (66656) | more than 2 years ago | (#37294408)

JavaScript (which is definitely NOT Ajax)

Nope, you have to add HTML and CSS to arrive at AJAX. ;)

Re:I don't get it... (1)

Serious Callers Only (1022605) | more than 2 years ago | (#37295068)

Nope, you have to add HTML and CSS to arrive at AJAX. ;)

I wonder why so many people who have no idea what they are talking about seem to think AJAX is required for this?

AJAX has nothing to do with CSS. AJAX is the use of javascript to make remote calls to a server and use the data returned (usually json, xml or html fragments) to populate the parts of the page without reloading the entire page. It does not require HTML and CSS, though it usually goes with an HTML page.

Hiding a facebook like button until clicked does not require AJAX.

Re:I don't get it... (3, Informative)

Arancaytar (966377) | more than 2 years ago | (#37294528)

The greyed-out dummy button (that's what the markup calls it in the HTML class description) has the function of showing users that the option still exists, but requires them to enable it. It also is loaded from the Heise site itself, thereby requiring users to explicitly opt in before their browser sends any request to Facebook.

Consequently, instead of automatically sending data about all visitors (including those who don't even have Facebook accounts and have no use for the Like button) to Facebook, only those visitors who want to give information to Facebook anyway (by clicking the Like button) will be tracked.

Would this not make social targeting work better? (0)

Anonymous Coward | more than 2 years ago | (#37294060)

Instead of all of the false positives and stray clicks, social media sites should get better data, no?. Smaller data set? sure. Better targeting definitely. They will lose out on impressions but id rather have better quality than throwing things at a wall and seing what sticks.

Re:Would this not make social targeting work bette (1)

YodasEvilTwin (2014446) | more than 2 years ago | (#37294088)

Um, what? They're purely losing data. Instead of having both (1) the list of users / IPs / whatever who view a page and (2) the list of users who "Like" that page, they now only get (2) and their IP info, rather than everyone's. There is no advantage.

Re:Would this not make social targeting work bette (4, Informative)

Riceballsan (816702) | more than 2 years ago | (#37294460)

Not really, with the like button the way it is, lets say 2 people went to the page, a skate boarder and a teacher, skateboarder likes the page, teacher glances over it. With that information facebook knows that the teacher looked at the page, but wasn't inclined enough to like it, but if they noticed 75 teachers looking at it without liking it, they'd know something interests teachers in that page enough to look at it, The skate boarder likes it. For the skate boarder side the information is the same, but the information of who is looking at it, but not liking it, is still valuble data.

Shouldn't Facebook be worrying more about... (1)

gtch (1977476) | more than 2 years ago | (#37294062)

"Blacklist" — if that's how Facebook reacts when a website declines to hand over unnecessary data to them, how does Facebook react to the sites which deliberately manipulate the data sent back to Facebook? Or maybe Facebook doesn't realise the extent to which that is happening already?

Re:Shouldn't Facebook be worrying more about... (1)

Johann Lau (1040920) | more than 2 years ago | (#37294274)

and for what purpose? what would I gain by reporting inflated numbers to webite? not that I would ever even come close to a like button, much less employing it, but still, I wonder? I don't doubt the data can be manipulated, but for what ends?

Re:Shouldn't Facebook be worrying more about... (0)

Anonymous Coward | more than 2 years ago | (#37294642)

You could probably mess up all sorts of demographic and marketing data if you start seriously futzing around. Stuff like "X percent of the people who like A also like B" could become useless in terms of what the value of X and even A and B are. That would reduce the value of that information as it became more and more useless for targeting advertisements and making product/service recommendations.

Nice to see this. (2, Insightful)

ArchKaine (652697) | more than 2 years ago | (#37294068)

I have to say that I'm impressed with Heise doing this. This puts the choice of being tracked into the user's hands.

Re:Nice to see this. (4, Insightful)

Anthony Mouse (1927662) | more than 2 years ago | (#37294134)

I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.

Re:Nice to see this. (1)

ArchKaine (652697) | more than 2 years ago | (#37294168)

<quote><p>I can certainly see why Facebook hates it though: Not only does it deprive them of the tracking information for all the people who don't click the like button, it changes the user's choice in clicking the button from "click this button if you like the story, but you'll be tracked either way" to "click this button to cause Facebook to track you" -- and if it becomes common knowledge that that is how the like button works, fewer people will use it.</p></quote>

So, it goes from 'install software to force an opt-out' to opt-in. Fine with me. More sites should do this in order to allow their users a choice.

Re:Nice to see this. (2)

Commontwist (2452418) | more than 2 years ago | (#37294190)

Yea. I didn't know that and I am most certainly displeased by that little trick. It's like 'put this like button on your webpage so Facebook can track everyone who looks at your webpage for free even if they don't use the button'.

That kind of accurate info like how many people are visiting certain websites and which pages could be sold to competing websites by Facebook. I'm not surprised the site did that if they realized the implications of the buttton.

Re:Nice to see this. (2)

vlueboy (1799360) | more than 2 years ago | (#37294470)

It's only because Germany very recently started pushing an anti-facebook stance. I doubt they would have implemented this so easily without a government breathing down their necks --they're the largest German web news provider IIRC.

Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments a-la CNN, New York Times or Yahoo (too lazy to translate and confirm whether they have a official off-site forum that is obligatory of sites looking for discussion clicks.) So they didn't REALLY need the revenue or hits calculated by keeping the button active. This also shows their users are MORE tech savvy while at once being LESS prone to panic/complain on ideological changes.

Re:Nice to see this. (0)

Anonymous Coward | more than 2 years ago | (#37294530)

It certainly works the other way round. Our government doesn't do anything without a hard push at the moment. Heise is a tech site and were already privacy advocates so it just had to happen when enough people nagged about it.

You can comment on their stories and there is a(n) (in)famous friday flaming:
http://www.heise.de/ct/foren/

I guess the still get most of their revenue by selling the print editions, but the site is also ad-driven unless you got adblock installed.

Re:Nice to see this. (1)

Arancaytar (966377) | more than 2 years ago | (#37294546)

they're the largest German web news provider IIRC.

Note that they're also the foremost German tech news publisher. Their articles are aimed at precisely the section of readers that are more likely to care about their online privacy and to recognize when something violates it.

Re:Nice to see this. (1)

silanea (1241518) | more than 2 years ago | (#37294980)

Non-Americans don't even have the same business models that drive traffic to US sites. They don't even have per-story comments [...]

It would have been sufficient to RTFA to see that you are wrong. Underneath the text even the Google translation shows quite prominently "Read comments (162 posts)". Let us visit the largest German news websites that I can name off the top of my head and click on an exemplary story to see who has per-story comments:

7 out of 8 have per-story comments. This business model has very much arrived here.

Re:Nice to see this. (0)

Anonymous Coward | more than 2 years ago | (#37294652)

and if it becomes common knowledge that that is how the like button works, more people will ADBLOCK it.

FTFY. You're already tracked, whether you use it or not, and -- worse -- whether you're even have a Facebook account or not.

Re:Nice to see this. (1)

vlueboy (1799360) | more than 2 years ago | (#37294440)

The name sounded familiar and some digging shows that these are the same guys that did an IPv6 trial [h-online.com] in the past year. So they've already one-upped slashdot with something.

Maybe I'll start learning German to be packed up for the not-so-far day when slashdot implements their Like button: thousands of us per day already acquiesced with Geeknet adding 3 different links to "follow us on $SOCIAL_NETWORK" on the front page. The next logical step to ???? PROFIT! is just to wait for a juicy FB/FBI deal to track non-conformists and further de-anonymize geeks and their slashdot effect when linking to Wikileaks stories, for instance.

Re:Nice to see this. (2)

V for Vendetta (1204898) | more than 2 years ago | (#37295022)

Heise is famous (or "infamous" to certain parties) for "Doing the right thing(tm)!". They've done so in the past and I truely hope they continue to do so in the future.

Something else /. won't bother with (1)

Burz (138833) | more than 2 years ago | (#37294100)

Privacy is just something to gossip about.

Re:Something else /. won't bother with (0)

Anonymous Coward | more than 2 years ago | (#37294172)

No. YOU have given up. YOU failed at life.
Stop the crab mentality. Don't act like the whole world followed you into your cattle existence.

If you like to be dominated, well, that's your problem.
But don't be surprised if it turns out my dick breaks your hip when I happen to be the one who's dominating you. ^^
And certainly don't come crying to me.

Re:Something else /. won't bother with (1)

Johann Lau (1040920) | more than 2 years ago | (#37294178)

good point... is there something like a "fuck facebook" plugin? you know, block all resources hosted on facebook domains, unless you're actually browsing facebook... if something like that doesn't exist, it kinda should, and surely google and others could use being included in that, too....

Social media AdBlock list (1)

xororand (860319) | more than 2 years ago | (#37294258)

This filter list for the Firefox addon "AdBlock Plus" is exactly what you're asking for. It blocks social networking elements everywhere except on the sites themselves.

http://www.camp-firefox.de/forum/viewtopic.php?f=4&t=82797 [camp-firefox.de]

Re:Social media AdBlock list (1)

Johann Lau (1040920) | more than 2 years ago | (#37294296)

thanks! :)

that still leaves chrome, opera and safari :D (yeah I know I'm greedy, but it's for a good cause ^^)

Re:Social media AdBlock list (4, Informative)

brim4brim (2343300) | more than 2 years ago | (#37294366)

Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome): http://www.ghostery.com/download [ghostery.com]

Re:Social media AdBlock list (1)

Jah-Wren Ryel (80510) | more than 2 years ago | (#37294654)

Just use Ghostery, available for all the popular browsers (IE, Safari, Opera, Firefox, Chrome)

Not really for Chrome. It works sporadically. As in you can load a page and a random subset of trackers will be blocked, hit reload on the same page and a different random subset of trackers gets blocked.

The Ghostery developers blame Google for having a crappy API. They may be right, I don't know. Whatever the reason though it means I only use Chrome for exactly one website, "they" can track me all they want on that one website.

Re:Social media AdBlock list (1)

KiloByte (825081) | more than 2 years ago | (#37294830)

Since you can't exactly accuse Google of being technically inept, it's obvious the inability to block tracking, lack of sane cookie handling, etc, in Chrome is done on purpose. It's not a hard thing to implement, too -- heck, even Netscape (2.0?) did cookies better, by giving you choice to allow/allow for session/reject them, and to save your choice per-domain. As far as I know, in Chrome there's currently no way to have cookies limited to a session by default but allow permanent ones on a whitelist basis.

Re:Social media AdBlock list (0)

Anonymous Coward | more than 2 years ago | (#37294372)

ghostery does it as well, available for both FF and chrome to my knowledge

Re:Something else /. won't bother with (1)

creigs (1994068) | more than 2 years ago | (#37294824)

There is also the RequestPolicy plug-in for FF. It can block all requests from web domain A to domain B, whether Iframe, image, or redirection. You get to choose which web site can link to which, or allow/disallow a web site to be linked from anywhere, or to anywhere. However, it is constantly blocking new web sites until you give permission, which is somewhat a nuisance, because many websites load their content from multiple domains. But the alternative is to allow yourself to be tracked all the time, so I think it's worth it, at least for me.

Re:Something else /. won't bother with (1)

Johann Lau (1040920) | more than 2 years ago | (#37295078)

oh, I don't mind having to whitelist personally, I do that with cookies too and wouldn't want it any other way. thanks for the suggestion!

Re:Something else /. won't bother with (2)

wgoodman (1109297) | more than 2 years ago | (#37295016)

Actually, the disconnect plugin is there to specifically remove tracking from FB and other sites by default. you can enable it on specific sites if desired, but the default is block all their bs tracking. This blocks things that adblock does not (though adblock is a must either way)

Folks, this is the problem. (1)

For a Free Internet (1594621) | more than 2 years ago | (#37294118)

Folks, recently I discovered proof of what I've suspected for a longtime: I am GOD. That explains why the world is so f***ed up, because people are not worshiping me enough, so they become mean, greedy, ugly and unlucky, and they get old and die. Folks, start worshipping me and things will get better, I promise!!!!!

Facebook can suck on... (0)

gstrickler (920733) | more than 2 years ago | (#37294120)

My big ten inch
Record of a band that plays the blues.

I think it's a great idea, keep up the good work heise.de

So when will Slashdot follow heise's example? (0)

Anonymous Coward | more than 2 years ago | (#37294224)

Or is it already? It doesn't look like it

Simple do-it-yourself (partial) solution (3, Informative)

93 Escort Wagon (326346) | more than 2 years ago | (#37294272)

When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

Re:Simple do-it-yourself (partial) solution (2, Informative)

Anonymous Coward | more than 2 years ago | (#37294478)

When you're done reading Facebook, Click "Account" then "Log Out" before visiting any other sites. Only be logged into Facebook when you're actively using Facebook.

How naive of you. Your IP is still the same, and so is your user-agent/fonts/etc. They don't need you to be logged in order to track you.

Re:Simple do-it-yourself (partial) solution (1)

Anonymous Coward | more than 2 years ago | (#37294596)

Not only that, logging out is just a flag on Facebook's side. They still send all the cookies with session information.

Re:Simple do-it-yourself (partial) solution (1)

Baloroth (2370816) | more than 2 years ago | (#37294614)

Yeah, I remember getting a nasty shock a few days ago when I didn't do that (I normally am very obsessive about it), and I noticed my name appearing in other pages. Seriously, Facebook, stop stalking me. Well, that is why browser extensions were made (Ghostery, I hope you work as advertised.)

Re:Simple do-it-yourself (partial) solution (1)

jo_ham (604554) | more than 2 years ago | (#37294962)

Why do you think I have Facebook sandboxed in its own browser, separate from all of my other browsing?

I do not trust them as far as I can throw them.

GameBoyRMH's sig (2, Interesting)

Onymous Coward (97719) | more than 2 years ago | (#37294318)

I had just learned about what Facebook had been doing by reading GameBoyRMH [slashdot.org]'s sig:

Facebook's pure HTML tracking system [tinyurl.com] - How long has this been going on?

Re:GameBoyRMH's sig (1)

poena.dare (306891) | more than 2 years ago | (#37294376)

Can someone explain to me some GOOD things you can do with iframes?

I guess it is a silly question... ?

They just seem like a bad idea to me.

Re:GameBoyRMH's sig (0)

Anonymous Coward | more than 2 years ago | (#37294406)

Great virus's come from iframe, xframe or frame. Unless your after a virut.ce infection or something I would block all three in squid

You can get more privacy though if you use the

Facebook Blacklist
66.249.64.0/19
67.192.35.191
69.63.176.10
69.63.176.11
69.63.176.0/20
69.63.181.12
69.63.181.0/20
69.63.184.11
69.63.189.11
69.63.189.0/20
204.15.20.80
204.15.20.0/20

Re:GameBoyRMH's sig (1)

Johann Lau (1040920) | more than 2 years ago | (#37294446)

Can someone explain to me some GOOD things you can do with iframes?

Well, I'm very much a total javascript newbie still, and recently I decided to implement popup windows for my custom CMS thingy. Using iframes for that, I could simply re-use everything as is, and the submit button of pages "embedded" in a popup still works. For example the comment form pops up, you enter your comment and hit submit, the popup says thank you for your comment, you close the popup. Or you go to the "comment on X" page directly -- same code internally, you see? which of course also means everything works with javascript disabled which is super leet.

If I wanted to make that without iframes, I would have to make a second submission/feedback route via AJAX... for stuff I already have! Essentially doubling that stuff for everything that can be handled in popups. Nah...

And then there's dashboards, little scripts on various webservers displaying various stats, all put into one dashboard via iframes. Sure, that's again not exactly useful for the end user, but I do appreciate such a thing exists. I'm sure there are a lot of real uses for iframes... un the absence of abuse, they can allow for wonderful stuff that would be needlessly complicated without them.

Re:GameBoyRMH's sig (0)

Anonymous Coward | more than 2 years ago | (#37294538)

Can someone explain to me some GOOD things you can do with iframes?

Use your own judgement on whether this is good or not, but iframes can be used to embed payment processing pages to reduce your server's pci compliance needs. This can save a lot of money.

Adblock connect.facebook.com, plus.google.com, etc (1)

devbrent (2452610) | more than 2 years ago | (#37294374)

I adblocked facebook connect a long time ago due to privacy concerns. Facebook already knows enough about me - my friends, my family members, my interests, the places I've been tagged. They don't need my personal browsing history.

Re:Adblock connect.facebook.com, plus.google.com, (0)

Anonymous Coward | more than 2 years ago | (#37294726)

quite right.

On my home network, I've redirected sites like FB Gmail, G+ etc to a dummy web page that just displays a picture of a Cow's backside doing what comes naturally.
Visitors do get quite a surprise...

Can facebook see any website I go to... (1)

DSS11Q13 (1853164) | more than 2 years ago | (#37294386)

that has a "like" button regardless of if I click it or not?

Re:Can facebook see any website I go to... (0)

Anonymous Coward | more than 2 years ago | (#37294432)

Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button. This works because the 'Like' button loads a script when the website page loads. That script runs, tracks you, and reports the data back to facebook. (Similarly, other scripts also run in the background to track your usage of a website you visit, like Google Analytics)This kind of data is extremely valuable and it surprises me that website owners are happy to give that data to facebook for free.

Re:Can facebook see any website I go to... (3, Informative)

Arancaytar (966377) | more than 2 years ago | (#37294570)

Yes, but only if you are logged in to facebook at the time you visit a website that has a 'Like' button.

Regardless of whether you are logged in or not. Even if you don't have a Facebook account. The difference being logged in makes is just that they can associate the visit with an identity you built, instead of building one from all the visits to various websites you make with the same IP address.

Re:Can facebook see any website I go to... (0)

Anonymous Coward | more than 2 years ago | (#37294498)

Yes they can. Cross site script inclusions means you can never be sure what those scripts do.

Re:Can facebook see any website I go to... (0)

Anonymous Coward | more than 2 years ago | (#37294586)

Yes, thats what this whole story is about.

Re:Can facebook see any website I go to... (1)

DSS11Q13 (1853164) | more than 2 years ago | (#37294626)

hmm, in that case. i don't suppose there's a firefox extension that does the same thing?

Re:Can facebook see any website I go to... (0)

Anonymous Coward | more than 2 years ago | (#37294744)

Yep.

What about Google Analytics? (0)

Anonymous Coward | more than 2 years ago | (#37294422)

It seems like every web site out there is using it, and in this case it's the web site owners who (primarily) are interested in the data. So I guess we cannot count on them to do the job.

I guess only firefox / chrome plugins will save us here.

Re:What about Google Analytics? (1)

0123456 (636235) | more than 2 years ago | (#37294474)

I guess only firefox / chrome plugins will save us here.

Google Analytics seems to be trivial to block in /etc/hosts. Facebook tracking isn't so easy.

This is apparently required by law in Germany (5, Informative)

slart42 (694765) | more than 2 years ago | (#37294514)

Some missing context: http://www.kreativ-ackern.de/2011/08/20/gefaellt-mir-facebook-dienste-illegal/ [kreativ-ackern.de] (In German).

Basically, a German authority for privacy rights has recently claimed that embedding a Facebook "Like" button on your web site is a violation of german privacy rights, because it allows tracking of all users of the web site by a third party. According to the article, having a "Like" button on your site can yield in fines up to EUR 50k. This is probably technically and legally correct, I doubt that anyone would actually be sued any time soon, though. But the headline has made a big splash on the german internet in the last weeks, and I'd assume that heise's move is a direct reaction to this (which is mentioned in the document as a possibly legal way to have a Like button on your web site).

Heise did not "change" their 'like' buttons (1)

Anonymous Coward | more than 2 years ago | (#37294548)

They implemented this before adding like buttons to their page. heise did not have the tracking buttons on their page, like /. has. So the post is somewhat misleading.

Small correction (3, Informative)

Affenkopf (949241) | more than 2 years ago | (#37294600)

Heise didn't change their social 'like' buttons. They introduced them. Heise never had these buttons before because of the privacy issues.

Re:Small correction (0)

Anonymous Coward | more than 2 years ago | (#37294764)

That's right - you just need to read carefully:

"From now you can also suggest articles on heise online on Facebook, Twitter and Google + comfort his friends. We have ensured that while the data of the Heisenberg-reader will not be sent without the consent of the operator of the network platforms."

weird I did this but didn't think the same way (1)

terrox (555131) | more than 2 years ago | (#37294606)

I did the same thing on some of my sites but I didn't think about facebook tracking, I just loaded my "like" stuff into a div using jQuery so it didn't bog the users down with all the facebook bloat stuff and I didn't need to show their ugly icons until the user wanted to see them - same mechanics, different goal.

/etc/hosts? (2)

Pelekophori (1045104) | more than 2 years ago | (#37294684)

127.0.1.1 www.facebook.com

/ just saying

Re:/etc/hosts? (1)

Anonymous Coward | more than 2 years ago | (#37294856)

The iframes don't come from www.facebook.com, I use adblock plus:

|http://static.ak.fbcdn.net/*
http://www.facebook.com/plugins/like.php*
|http://platform.twitter.com/*
|http://twitter-badges.*

Etc...

So? (0)

Anonymous Coward | more than 2 years ago | (#37294722)

Where's the like button for this page?

Why not from the beginning (0)

Anonymous Coward | more than 2 years ago | (#37294930)

This magazine writes alot about privacy and they put this button there without protection like now. Why not?

Re:Why not from the beginning (1)

maxwell demon (590494) | more than 2 years ago | (#37295026)

This magazine writes alot about privacy and they put this button there without protection like now. Why not?

No, they didn't add those buttons until now. The first sentence in the German text (I didn't bother to check out the Google translation) reads (emphasis by me):

"Ab sofort kann man auch auf heise online Artikel bei Facebook, Twitter oder Google+ komfortabel seinen Freunden empfehlen."

Which means (emphasis by me):

"Starting now, it is possible also on heise online to comfortable recommend articles on Facebook, Twitter or Google+ to your friends."

Why does it require two clicks? (1)

kasperd (592156) | more than 2 years ago | (#37295024)

It is quite obvious how getting this icon from facebook every time a page is loaded will allow facebook to track it. But why does that mean you have to click twice after this change? Couldn't they just host the icon locally and still let the link do what it used to do on the first click?

Re:Why does it require two clicks? (1)

ais523 (1172701) | more than 2 years ago | (#37295072)

That'd be a CSRF attack against Facebook if it worked. Imagine if sites could simulate a "Like" on themselves from users who had no intention of clicking the button, but had actually clicked something entirely different. It's a good thing that it's impossible.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...