Go Back   Steve's Digicams Forums >

LinkBack Thread Tools Search this Thread
Old Feb 10, 2012, 12:57 PM   #11
JimC's Avatar
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378

Originally Posted by TCav View Post
So if you don't have a Facebook account, you're not vulnerable. And even if you have a Facebook account, but you log off of Facebook when you leave, you're not vulnerable.
Yea, right. Let's just trust a company that makes tons of money from advertising not to try and track us when we're not logged in.

Actually, facebook does continue track you if you're logged out. Here's a video on the subject:


This behavior has been confirmed by security researchers and others, and in a German state, they've even outlawed the use of Facebook Like Buttons on web sites because of it.


Basically, anytime you go to a Facebook "partner" web site with a Facebook Like button on it, it may be updating Facebook cookies recognizing your username if you are logged in, or by using unique alphanumeric tokens based on your IP address and more if you're not logged in, so that Facebook can associate the activity with a unique user.

Many partner sites track more activity via other tools, too (with that data hosted by facebook). For example, here's a page on how to include an Activities plugin on your web site if you're a facebook partner, that even cross references information from facebook friends:


They've even got patents on how some of that works. Here's an article about it (titled "Facebook’s Cookiegate: Controversial Tracking Cookie is Back"):


At one point, Facebook even had an application known as "Beacon" that communicated with Partner web sites, and after a lot of controversy they eventually removed it.

But, now it looks like they're using other methods to accomplish similar goals to track user activity, without exactly advertising they're using those types of techniques for tracking (even if you log out of facebook, because of code being loaded on partner web sites you visit, and *many* sites are setup that way as Facebook partners now)

BTW, if you don't think you have a way for sites to identify your specific browser if you're not logged in, see what this site tells you. Basically, the combination of Browser Version, fonts installed, plugins installed, etc., can make your specific browser quite unique, and when that browser fingerprint is coupled with an IP address, there's little doubt that they're tying information to a specific user, even without using cookies or without you being logged into sites. Go to this link and you'll see a button you can press that looks at information about your browser and compares it to other fingerprints stored in their database:


Here's an article from the EFF (Electronic Frontier Foundation) on the use of browser fingerprinting for tracking purposes (by using a browser fingerprint + IP address to gather information, even when no cookies are present):


Suggestions (if you'd prefer they don't collect data on your browsing activities):

Don't log into Facebook, delete any Facebook related cookies, block access to facebook.com in your hosts file (so that any code from Facebook "partner" sites is blocked from loading, as the way they're currently setup, it loads directly facebook.com)

I took that step (blocking access to facebook.com in my hosts files) after my wife would use one of my PCs from time to time and I'd see her logging into facebook sometimes to check her pages real quick.

If she doesn't mind them collecting data about her, fine.

But, I'd prefer they didn't collect data on my browsing habits, and once I took a closer look at my router logs and firewall logs and noticed the amount of communication to and from IP Addresses associated with facebook, I put a stop to it from my PCs.

Note that the amount of information they collect on facebook users is rather staggering, too. Here's one article about it with links to .pdf files they provided when a user asked for data they had collected about him under EU law:


Now... like it or not, a lot of your activity is being tracked (especially by advertising related companies), and you may find that a lot of that information is being shared with "partner" sites, too. Whenever you sign up for a service of some type on a web site, you may find text to that effect buried in the Terms of Service you agreed to (or even in their Privacy Policy, since most users don't pay much attention to those types of things).

So, it's not just Facebook doing it.

I'm currently using one of the hosts files from a page that TCav linked to, as it blocks access to a lot of sites (like google analytics, and more). You can get it from this page (look for the download links for the MVPS Hosts file (which is downloaded in text format, or in a .zip file you can unzip to get the hosts file from it). Note that if you're using Linux (where the hosts file is stored as /etc/hosts), make sure to rename the file so that hosts is lower case (as linux is case sensitive and expects a lower case filename for hosts):


In addition to the default list of domains in that file, I've also got these entries included for facebook: www.facebook.com facebook.com

Note that if you make use of that hosts file, I think you'll find much faster page loads on many sites, too. For example, it can be rather irritating when page loads are delayed because of Google Analytics when their servers are under load, and that hosts file blocks those servers for you (and most sites do link to Google Analytics now).


Another thing that can help is using products like AdBlock Plus to block access to a lot of sites collecting info and feeding you targeted ads.

You can also block all javascript from running on sites using products like NoScript, and that kind of solution also helps prevent malware infection. But, sometimes it can be more trouble than it's worth using it (whitelisting sites you want to be able to run javascript on since the site features may require it), not to mention that legitimate sites you have white listed can be hacked with malicious javascript inserted on pages.

Another thing to watch out for is that more and more sites are using DOM (Domain Object Model) containers for tracking, as they allow up to 10MB per Object, which allows a lot more data than a normal tracking cookie allows.

Ditto for Flash LSOs (local shared objects), that don't expire and can keep lots of data.

There are many tools around to help out with problems like cookies. Now, you may want to allow some cookies, as they can help improve your browsing experience and some sites don't work correctly without them. But, you may not want other sites updating cookies about your habits.

So, you can find a number of tools and browser add-ons to help out. For example, this Firefox add-on allows white listing of sites you want to allow cookies from:


Here's a tool that I install to automatically remove all LSOs (I do not allow any site to store them on my PCs, period):


In any event, the methods that sites use to track information about you and your browsing habits are becoming quite sophisticated as time passes.

Most of it is relatively harmless and used for keeping track of your preferences, targeting specials based on browsing habits, etc.

But, if you really don't want your browsing habits monitored, you'd probably need to use something like one of these Live Linux distros and make sure you don't log into any sites that can identify you:



That would be easier than setting up your browsers and network access to handle it for you (via the Tor add-on for firefox to use proxy servers to hide your iP Address, making sure cookies are not stored, LSOs and DOMs are not being stored, blocking access to sites via your hosts file and/or iptables in firewalls, etc.). Keep in mind that even if you're not logged in to a site, your IP address and more information about your browser (from the User Agent String being passed) is being recorded by virtually any site you visit (although you can block the UA info from being sent if desired using add-ons).

So, if you're not using a Proxy Server or a product like Tor (and making sure to combine it with other tools to prevent browser fingerprinting), your activity is still being logged to some extent and traceable to you.

Perhaps I'll just "give in" to the fact we live in a monitored society and accept it, joining my wife in posting on Facebook, etc.; since there's not a lot you can do to stop that kind of tracking without taking more extreme measures.

But, I still don't like it (that a number of sites are collecting an awful lot of data now).
JimC is offline   Reply With Quote
Old Feb 10, 2012, 2:39 PM   #12
Senior Member
tsquare's Avatar
Join Date: Feb 2004
Location: Virginia
Posts: 231

WoW!! I definitely got my money's worth in answer to my question. Thank you gentlemen for your responses, I really appreciate it.

JimC, that was a very detailed answer. I know Big Brother is always watching, but I didn't know his entire family was also watching.
tsquare is offline   Reply With Quote
Old Feb 11, 2012, 1:00 PM   #13
Super Moderator
peripatetic's Avatar
Join Date: Nov 2004
Posts: 3,599

I don't particularly understand why you care.
  • My purchasing activity is tracked by the bank.
  • My travel activity is tracked by the London Underground.
  • My physical movements are tracked by my phone and anyone who cares to monitor it.
  • My face is captured on hundreds of CCTV cameras a day.
  • Any text message is logged.
  • Telephone conversations can be monitored at will.
  • My browsing habits are tracked by everyone.
  • My nosy next door neighbour peeks out the curtain at everyone who walks by.
  • The neighbourhood gossips know everyone's business.
  • My emails are stored on many computers.

It affects me personally hardly at all, and is in fact not useful to anyone. The information is useful only when considered and analysed en-masse.

Privacy, like pensions, were a brief historical anomaly of a small part of the 20th century. It made a brief appearance, was loved and abused in equal measure, and has disappeared into the history books as a footnote.

Cest la vie.
My gallery
My X100 blog
peripatetic is offline   Reply With Quote
Old Feb 12, 2012, 11:03 AM   #14
JimC's Avatar
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378

Call me old fashioned, but I don't think it's anyone's business what I do. ;-)

Now, some of the surveys I've seen imply that the younger (under 30) generation using the internet really doesn't care about privacy. That's probably because they starting using a computer where the internet was already popular, and as "Social Media" came of age, they started using it, too.

There are a number of concerns I have about letting one site have tons of information about my habits.

For example, I visit porn sites, gaming sites of questionable legality, sites selling drugs like viagra and more, sites hosting malware, download sites hosting pirated content, etc. That's because we get a lot of spam here, and I'll often click on links posted by new members to determine if it's spam or not (even downloading programs being promoted and checking them with multiple malware scanners to see if they may be hosting malicious content).

Now, do I really want profiles being collected about me showing that I visit those sites, and/or see targeted adverts based on those browsing habits?


Perhaps I'm in a more unique situation. But, I don't like the possibility of being viewed as someone "guilty by association" because of that kind of thing either. For example, if investigators gather logs from sites breaking the law, then subpoena information from ISPs to trace IP addresses accessing a site to specific user accounts.

Another example of potential "guilt by association" is how your Facebook Friends behave. I've warned my wife constantly to be careful what she posts on Facebook (she's a very active Facebook user) and who she allows to be a "Friend". Why?

If one of those "Friends" gets into trouble and Law Enforcement subpoenas their account information, then Facebook is going to provide them with a list of their Friends (along with loads of other information they've collected about that account). So, one of my concerns is that she could end up on watch lists or named in criminal investigation records because of that association.

Not long ago, she had a teenage relative (and I don't remember if it was a great niece, second cousin or whatever) that was one of her "Friends" on facebook. Then, this teenager made a post with photos of herself and a friend appearing to be using some type of drug via a bong style pipe with comments leading you to believe that they were getting smashed.

Now, my wife was very upset about it, as she'd always thought the girl in question was a "good kid" (now a teenager that's apparently hanging out with the wrong crowd) and deleted her as a Friend

But, deleted Friends are still going to be tied back to my wife if one of them is investigated, arrested, etc. (as they're keeping information on that kind of thing, including deleted posts and removed friend links), and there is little doubt that Law Enforcement is going to look at information being kept by Social Websites like Facebook.

On another personal note, I spent a week in the hospital last month for a hernia repair, and I was surprised to find a "blow by blow" account of it on my wife's Facebook pages. You'd think I was about to die at any point reading through the account of it, because she had so much information about issues during recovery, etc. So, she removed the posts after I voiced my concerns about them and the impression they could give to others.

In hindsight, she meant well, and perhaps I really shouldn't have cared. But, I really didn't want "everyone and their brother" to know that much detail about it; and I'm seeing a trend for people (including my wife) to share more and more information (that used to be considered personal and private) about themselves and others on Social Media sites as time passes.

Another concern is that more and more web based applications want more and more permissions. For example, if someone wants to login using their Facebook account to post comments about an article on many Facebook partner sites, many of those sites setup permissions to post to your Facebook account as you, access other information on your Facebook pages and more.

Ditto for mobile applications. It amazes me how much data is being collected by many of the applications on my phone (running Android) and what permissions they ask for by default (including things like sharing your queries with others, sharing your GPS location information with others, etc.)

If you search for pages on "Why Care About Privacy", you'll find arguments on both sides of the need for Privacy issue. But, most of them promoting privacy are in the minority anymore (keeping information private because of employer searches, hackers, identity theft, reducing home break-ins from thieves tracking your movements, etc.), and today's younger generation just accepts the lack of privacy as normal, as they're growing up in a society where everything is being monitored, recorded and shared.

Again, call me old fashioned, but I'm not sure I want everyone keeping track of everything about me, and I still haven't embraced today's "Social Media" sites (yet, anyway).
JimC is offline   Reply With Quote
Old Feb 13, 2012, 8:56 AM   #15
JimC's Avatar
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378

Originally Posted by JimC View Post
Another concern is that more and more web based applications want more and more permissions. For example, if someone wants to login using their Facebook account to post comments about an article on many Facebook partner sites, many of those sites setup permissions to post to your Facebook account as you, access other information on your Facebook pages and more.
Here's a site with links to application permission settings on popular Social Media sites. You may be surprised at what you may have given other sites and applications access to:


Most users don't seem to care about Privacy anymore, and perhaps I'll just "give in" at some point and join the crowd. But, something about the way so much information is being recorded and shared today just seems to "rub me the wrong way".
JimC is offline   Reply With Quote
Old Feb 13, 2012, 9:19 AM   #16
Super Moderator
peripatetic's Avatar
Join Date: Nov 2004
Posts: 3,599

I guess I am of the opinion that we all pretty much live under anarcho-tyranny; if the authorities want to "get you" they can. There are enough laws enacted under various "patriot" and "anti-terror" legislation that you have no real protection against the state.

If they want to come after you they will, and there's basically nothing you can do about it. The only reason that online activities could harm you is if they start actively mining the data to look for people to round up. This seems somewhat unlikely to me.

There are more efficient ways of spreading terror.

I grew up under a fairly opressive regime, though I was never a particular target, I was associated with many people who were targets. This was all long before the internet. I don't see how the technology changes matters.
My gallery
My X100 blog
peripatetic is offline   Reply With Quote
Old Feb 13, 2012, 5:22 PM   #17
shieldz77's Avatar
Join Date: Jan 2012
Location: St Helens, Lancashire
Posts: 37

Originally Posted by MartinSykes View Post
Banning rubbish facebook photos would be like saying people shouldn't talk to each other without crafting each sentence as if it was part of a historic address.
True, but it gets my back up when people post EVERY photo from their night out/day trip etc. I quite enjoy looking at other peoples photos, but please, not the blurred ones.......
my website

my facebook
shieldz77 is offline   Reply With Quote
Old Feb 15, 2012, 1:53 PM   #18
Senior Member
lesmore49's Avatar
Join Date: Aug 2006
Location: Western Canada
Posts: 3,076

One person's treasure is another's garbage...it's all opinion.

I did belong to Facebook, but don't anymore.
lesmore49 is offline   Reply With Quote
Old Feb 16, 2012, 8:50 AM   #19
Senior Member
PeterP's Avatar
Join Date: Jul 2003
Posts: 3,397

Just my opinion on some of the Social media services.

Agree, I tried Facebook long ago just to see what it was.
Then read the tos which got me worried, and quickly got tired of all the garbage flying by. Account a zombie a long time now.
As decided it had no redeeming value to me.

Interesting thing about twitter, I do not use it but I use it
It is an advertising medium, just like most companies we regularly fire off semi automated tweets into the void to try to attract interest.
It is a fire an forget thing, never actually log in to read any of the mind numbing garbage flying by.

Which brings me to Google+ some great photography streaming by there but I have not been able to figure out exactly what to do with that service.
However if you are trying to work on a sites SEO, posting links on google+ seems to be a good way to get them picked by by the google indexer.
Photography a fading pastime

Last edited by PeterP; Feb 16, 2012 at 8:53 AM.
PeterP is offline   Reply With Quote
Old Feb 19, 2012, 9:17 AM   #20
TomH in PA's Avatar
Join Date: Dec 2011
Posts: 65

Along with all the other good information Jim gave, I always turn off "third party cookies" in the browser. Instructions on how to do so are browser specific, but basically a third-party cookie is used when the web site you visited wants to inform another, entirely unrelated site of your visit. Some uses are legit, but they're usually used for tracking/marketing.
TomH in PA is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

All times are GMT -5. The time now is 5:37 AM.