Not sure how they are doing this, but I have gotten tired of having to play “whack-a-mole” with FB scraping private information from my browser in other ways, so what I have done is sandboxed it: I have a separate “Facebook” account on OS X, and I assume that anything I do on that account is shared with Facebook.
I don’t log into Facebook for any reason on my normal user account, and I don’t log into anything else on my Facebook account. They can still sniff certain things using browser fingerprinting and so on, but this seems like the best I can do for the moment on my desktop.
Did you happen to read the answers? Two specifically mention that Facebook requests authentication access (OpenID, I believe) the first time. It appears this user authorized Facebook at some point in the past and forgot about it.
When I look at this page: https://accounts.google.com/b/0/IssuedAuthSubTokens I can see that at some point in the past, I allowed Facebook access to my Google Contacts (probably their "find friends" feature). Facebook could use that to check if you're logged in.
When I tried it, Facebook created a popup with a OAuth prompt the first time and only briefly opened a blank popup on subsequent attempts. De-authorizing facebook makes the prompts appear again."
Unless they're talking about two different prompts?
> I have done is sandboxed it: I have a separate “Facebook” account on OS X
At what point will you decide to ban Facebook? Will you stop using their services if they find a way to spy on your cross-browser behavior? Or will you just sandbox them further into a VM, or even another physical machine? What if other sites you use regularly also start tracking you so aggressively?
I deleted my FB account when I learned that more of my profile info was being made public over time. This was before Like buttons.
I was not a heavy user, but this decision had its price; there are people I no longer communicate with because of it. Still, I'm happy I took a stand, all the more so because things have deteriorated much further since then in terms of privacy.
I have a dedicated Firefox profile for Facebook. This keeps all cookies separate. I haven't done a deep check as to whether this avoids all the Facebook problems, but it's a start.
You make an interesting point--why is it the technically savvy are partitioning their FB usage, but not necessarily partitioning their secure accounts in the same way?
Chrome supports multiple profiles now, see http://chrome.blogspot.com/2011/11/take-your-chrome-stuff-wi.... I can't believe so few HN readers know this, since it's the best way to use seperately Google Apps and Gmail accounts. It works for Facebook too, obviously.
You can sync all Chrome browsers, on all your devices, with both your Google Apps account for work and your personal Gmail account. It means that each profile have their own bookmarks, history & most visited pages, extensions, saved passwords (...) synced in real-time (you can even sync open tabs!). It's very powerful to improve your focus, because you only use 1 browser (no need to switch your habits) and you're never get distracted by notifications, mails, docs, rss when you're in your work/perso "station".
With the "Like" button littered all over the web, Facebook can still connect you to all the websites that have the Like button installed! That's why I prefer AdBlock/Privacy Filters/even blocking Facebook domains by adding entries to /etc/hosts file to prevent even even a connection to their (known) IPs.
That's a pretty solid way to handle security. I wonder if there's a way to make sure you're always booting from the same starting point so that nothing is persisted to the image between vm sessions.
I have been spending a lot of time looking into how to best solve the web's current facebook problem. I'm especially interested in approaches to distributed social networking (think what the Diaspora guys are aiming at).
With that preface, it's my impression right now that https://singly.com deserves a serious look from communities such as hacker news. So, I'm mentioning it here.
A little about them: they're led by the guy who created XMPP (aka Jabber). He's written a new distributed protocol based on JSON instead of XML ( http://www.telehash.org/ ). They've been joined by the guy who lead Canonical (publishers of Ubuntu). Like Wordpress, they are part free software project and part optional hosting company.
No, I am not affiliated with them. But I am really thinking that I would like to be...
A bunch of organizations seem to be more consistent adding "Events" to their Facebook page than updating their website, also, so I need to periodically check if I don't want to miss things.
If there are people who can cut you off for not using FB, that means simply that you are less important to them than they are to you. It means that they are strong and you are weak. Are you seriously going to let such people emotionally blackmail you into using FB?
Situations like yours always remind me of how people emotionally force each other to stay in a religion, by threatening a cut-off of communication if they leave.
In Criminal Minds, they talk about a perp devolving .. as business pressures increment[1] .. these incidents will only increase in occurrence and decrease in terms of surprise for users.
I was browsing Facebook in Chromium in Mac OS when all of sudden, something started requesting Key Chain access for just just about every web site login I have stored. Coincidence? I have no idea what was going on, never happened before or since.
I'm familiar with DDG, donttrack.us, dontbubble.us. My question was because even without an account or using its search engine, with AdWords and other products, Google is able to track people to provide them – and those who fall in the same bucket – targeted advertisement (which is what Facebook uses the same data for).
I am not much concerned about this – but I'm starting to, sometimes it is actually a bit creepy –, but I see a lot more people concerned about Facebook tracking them than Google, which I don't understand, since Google has been doing it far longer and in a much more pervasive way, yet very few people express concern about Google these days. I remember the uproar when Gmail introduced content targeted ads, but now nobody cares anymore, directing all attention only to Facebook.
Tangentially, the issues raised by dontbubble.us concern me more than being tracked.
Kind of – I have one separate browser for Facebook and Google (as in all Google products where I'm logged in). All my other browsing is done in my main browser through Tor, including my searches for which I use Scroogle.
Facebook doesn't really have a targeted audience anymore. It's pretty much everybody. At this point its like deciding not to use the telephone because the line could be tapped. Facebook is becoming an essential communications platform for a lot of people. Particularly people under 20.
Events - a lot of people post events on Facebook and trust that all of their friends will see it.
Photos - a lot of people only share photos through Facebook. If you want to see or download photos someone has taken at an event you were at your probably need to use Facebook.
Email - most younger people do not use email (unless they have to for school/business. Instead they use Facebook messages.
I won't bother addressing you last comment. Maybe your experience of high-scool was different than mine was, which consisted of a lot more that 'silly high-school gossip'.
Really though, you're choosing to socially isolate yourself in two ways. First from everyone using Facebook for social organization (the status stream is considered as almost a joke by now by a large portion if users).
But you're also isolating yourself by simply drawing a point that you don't have Facebook anymore. It's an eye roll producer on the level of saying "Oh, I don't have cable/TV anymore." Sure, lots of people agree with that notion but it's used to drive a wedge in-between you and others by most
I don’t log into Facebook for any reason on my normal user account, and I don’t log into anything else on my Facebook account. They can still sniff certain things using browser fingerprinting and so on, but this seems like the best I can do for the moment on my desktop.