| CA exposes sneaky Facebook tracking |
|
|
|
| Written by Stephen Withers | |
| Monday, 03 December 2007 | |
|
After an outcry from users, Facebook provided an opt-out mechanism, but it assumed consent in the absence of a response. Since it was possible to navigate away from the affiliated site after performing an action that would be sent to Facebook but before the opt-out message appeared, it is doubtful that is a safe assumption. Futhermore, according to Facebook, "as long as you are logged out of Facebook, no actions you have taken on other sites can be sent to Facebook." Stefan Berteau, a research engineer at CA's PestPatrol spyware research team, has found that isn't true. Berteau has examined network traffic logs and determined that some information is sent to Facebook even when the user opts out. It is especially worrying that he found identifying information was transmitted even when he was not logging into his Facebook account. "Despite the fact that I was not logged in, Facebook just received enough information to tie the activity I took on their affiliate to my individual account, which combined with the social data they already have, such as circles of friends, level of education, communication patterns, and geographic locations, would allow them to profile individual consumer behavior on a nearly unprecedented level of detail," he wrote. If Berteau is correct, this is egregious behaviour on the part of Facebook. If you felt like being charitable, you could write it off as a bug. But according to Berteau, his attempts to raise the issue with Fackbook's privacy department were fobbed off. An old saying suggests that if a situation can be explained in terms of a conspiracy or a cock-up, the latter is more likely. The particular person that handled Berteau's alert may have been badly informed or incapable of understanding the issue, but it seems more likely that Beacon is actually working as intended. After all, CA senior researcher Benjamin Googins had previously determined that using an affiliate site sends data to Facebook before the option to opt-out has been presented. If you must use Facebook and are concerned about this issue, the recommendation appears to be that you block URLs that match www.facebook.com/beacon/* or facebook.com/beacon/* with the aid of BlockSite or AdBlock Plus if you're using Firefox, or by adding them to Internet Explorer's restricted zone.
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
