Friday, November 30, 2007

Extreme Alert for all Facebook Users

Stefan, A friend of LSWTF (or as Colbert would say, friend of the show) is one of the foremost experts in various things computer related in this area of the world. If memory serves he has testified before Congress many times, and even as we speak is trying to kill us all be designing Skynet. This week though he came across some disturbing information about Facebook and the new Beacon system.
Facebook is collecting information about user actions on affiliate sites regardless of whether or not the user chose to opt out, and regardless of whether or not the user is logged into Facebook at that time.
You can go into detail into the article, but I will try to surmise what he is saying in plain speak in case you don't speak techno wunderkid.

Beacon and Facebook are using a script to basically track where you are going on the internet, even if you are not logged in to Facebook. I was going to try to sum it up, but I would probably screw up the events that happened.
...a GET request was issued to, with variables which included my current location on Epicurious, and the URL I had loaded to get there, including the variable indicating my action, namely "Save to Box". A Facebook cookie was also returned, which includes a variable named h_user (presumably a user ID), and my login email address in plaintext. (The email address is partially visible as the value of login_x on the right side of the screenshot, as I didn't feel like posting my alumni address to the world).

Despite the fact that I was not logged in, Facebook just received enough information to tie the activity I took on their affiliate to my individual account, which combined with the social data they already have, such as circles of friends, level of education, , communication patterns, and geographic locations, would allow them to profile individual consumer behavior on a nearly unprecedented level of detail.
So if you're one of those people who are very concerned about your internet privacy, about third parties knowing where you go to, or anything in that nature I suggest you read the article and decide what actions to take. Facebook seems to be denying and jumping around the questions Stefan has posed to them. There are instructions in the article about what steps you can take if you are computer savy, and there is apparently something in Firefox that you can block this, but I need to check with Stefan on what browser he was using;or I suppose you can just cancel your Facebook account and never go back.

In response to the which browser question...
Stefan: "I've tried it with firefox, IE and konqueror on windows and linux"

No comments: