Facebook is scaring me

I recommend Ghostery: <a href="http://www.ghostery.com/" rel="nofollow">http://www.ghostery.com/</a><p>Quoting:<p>Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.<p>Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.<p>Choose to block - or not. You get control at a company level - are there some marketers you trust, but others you'd rather turn away? Ghostery lets you open the valve of your web behavior as wide or as narrow as you'd prefer.

I'm an engineer at facebook. I want to clear up a few things that you guys are talking about.<p>For starters, it's true that a visit to a news story or watching a video will trigger a feed story. The point that most people seem to be missing is that this requires you to knowingly allow a social application. For example, in my case, I installed the social plugin for rdio (rdio.com). When I listen to a song on rdio, it publishes it to my friends ticker feeds. (Ticker is the bar on the side where likes, listens, reads, etc go). There are a couple websites that are doing read social browsing, for example the Washington Post's social reader (<a href="https://apps.facebook.com/wpsocialreader/" rel="nofollow">https://apps.facebook.com/wpsocialreader/</a>). Again, just by visiting this page you will not trigger anything unless you have already allowed the application access.<p>In the past I've setup my music player on the laptop to publish the songs I'd been listening to, to my IM client (as away messages) - Adium let's me do this out of the box. It's kind of the same idea, instead this is just built in to the website you visit or music you listen to.<p>You can also disable any application you previously installed by going to Privacy Settings and clicking on Apps and Websites. It should all be there. You don't have to log out of facebook or close your account. Just delete all your social apps. (<a href="https://www.facebook.com/settings/?tab=privacy" rel="nofollow">https://www.facebook.com/settings/?tab=privacy</a>)

I am a software engineer at Facebook. Bear with me because I don't have any PR-quality answer to give you. I am not on the platform team, but I have built apps before in the wild-west days.<p>The app requires explicit permission from the user in order to post activities automatically. The idea, if you watched Mark's presentation, is called "frictionless sharing." A lot of people don't share because it's another step, but if they could install an app like the Washington Post Reader (a great app--even Mark has it installed), they are happy with sharing articles they've read with their friends.<p>I understand you might be concerned, for example if you added that app without realizing that it will post content. If you are concerned about the privacy implications, you can always change individual permissions for an app by going to your account settings, then selecting the 'app' tab on the left, or by going to <a href="https://www.facebook.com/settings?tab=applications" rel="nofollow">https://www.facebook.com/settings?tab=applications</a>. If you are concerned about spamming your friends' news feeds, that's why we built ticker, for the light-weight activities like "watched a movie" or "listened to a song" or "read an article".<p>If I remember correctly, the exact wording of the app permission request was alarming enough to get my full attention ("I, the application, can post as you" or something like that), so I'm worried less about a user missing that part. In my known experiences, the app was installed with the knowledge that it will share your experiences--because the idea is you want to share your activities with your friends. As soon as I read an article, my first action is to either send the link to specific people who are interested, or post it on my wall if I think everyone is interested.<p>We operate under the assumption that users will not do what they don't want to do, as long as we make it explicit what might happen. And if they make a mistake, they can always go change their settings. So I'm not so worried about users who sign up for the Washington Post Reader app, which is marketed as a social reading experiment, and subsequently complain that it shares your read articles.<p>You might still be concerned, in which case, please let me know why (users being misinformed?), and I'll try to pass it onto the platform folks, who were really heads-down the past few months.

I recently decided to RSVP for a meetup on meetup.com. It was a meetup I don't, in fact, want most folks I know to know about. I made sure to use my junk email account that doesn't have my name tied to it.<p>So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you? Then I thought about all the billion different ways facebook has to integrate them into your site and figured this must be one of the ways.

I ditched Facebook this morning when I realized my carefully-constructed "Don't show this part of my profile" list was wiped out in the last redesign.<p>I've always thought the complaints people make after each redesign were simply resistance to change, but this time it doesn't seem worth it to continue.

If people think Zuckerberg had "vision" doing this, I suppose I agree. But his vision wasn't "how can I help people have better online connections and experiences?" or anything like that. His vision was "how can I get people to share everything about their life, so Facebook can make more money?"<p>They are not one and the same thing, because in the latter, the priority is put on optimizing the experience for <i>Facebook</i>, not for the <i>user</i>.<p>Zuckerberg actually believes that there should be no privacy - at all. This is where he's leading Facebook. I believe that's a flawed vision, but he's probably sticking to it, because the less privacy you have, the more it helps the company.

The apologetic posts by Facebook engineers give deep insights.<p>Of course they can argue well on what are, for average users, technical details. On that level, it is possible to get entangled in endless discussions.<p>The real problem is that these posters seem to totally lack (or ignore) an understanding of the bigger picture of what they are contributing to.

I think Ghostery deserves some promotion here : <a href="http://www.ghostery.com/" rel="nofollow">http://www.ghostery.com/</a> available for all major browsers. It blocks near to all webbugs including the facebook social plugins.

A good time to point out the Ghostery Browser extension. Use this at the most paranoid setting so that when FB and others pull stunts like these you have at least some measure of protection.

Logging out doesn't necessarily disable the tracking, though, as the cookies are still there. You could delete them, but I bet the like buttons reset new ones, which correlates your history to you the next time you log back in.<p>Much better is to just nullroute their netblocks at your router. That's what I do.

As always Winer is worried, rightfully so, but people aren't going to log out of facebook. It seems Zuck really wants to get back at people for making him pull "Beacon" back then, so he reintroduced it. Of course it's a privacy concern, but i think people no longer have illusions about their privacy on facebook.

Oh, so Facebook already sent their minions to HN? That was fast! Lately the negative stories are gaining a bit of a momentum. Very much like that development.

I've been logging in to Facebook and Google+ <i>only</i> in a Chrome Incognito window for this reason for a while now. I recommend the practice to everyone.<p>However, yesterday Facebook locked my account because I was browsing "from an unknown device" (the netbook I've been using for years, on the IP address of PyCon Argentina). I unlocked it by identifying five of my Friends from 15 photos. So it's not without its drawbacks.

This is why I block FB in the hosts file (<a href="https://gist.github.com/1197453" rel="nofollow">https://gist.github.com/1197453</a>) and only use my mobile devices for FB messaging.

One of the good way to make general users/facebook realize the privacy concerns of auto-sharing, if popular Porn websites install the FB like buttons.

LOL at all the facebook employees who are chiming into this thread (and others) to defend the latest creepery from their professionally invasive advertising company. I know you're just waiting for the IPO to cash in, but come on, how can you defend this nonsense?

Logging out of Facebook does not do enough. It still retains cookies that specify your account ID even after you logout.<p>You need to delete all of the Facebook cookies. Here is what cookies are retained, but you can test it for yourself to see.<p>While logged in:<p><pre><code> datr, lu, openid_p, c_user, sct, xs and act </code></pre> act is your account number. now a new, fresh request after hitting logout still sends the following cookies:<p><pre><code> datr, openid_p, act, L, locale, lu, lsd, reg_fb_gate, reg_fb_ref </code></pre> If you do not delete cookies Facebook know and can track every user that has ever logged in at your computer.

I can recommend Fanboy's "Annoyance Block List". It will block requests to Twitter, Facebook, ... unless you are opening one of their sites directly.<p>(*) <a href="http://www.fanboy.co.nz/adblock/" rel="nofollow">http://www.fanboy.co.nz/adblock/</a>

RequestPolicy users are protected against this entire class of problem. When I'm looking at a webpage, I know it isn't pulling in content from any other site, including Facebook, unless I specifically allow it to.

This is the wild west and Facebook is doing a land grab.

127.0.0.1 facebook.com<p>127.0.0.1 www.facebook.com<p>127.0.0.1 connect.facebook.com<p>127.0.0.1 fbcdn.com

I recently built a website on wordpress and put in facebook connect plugin. It saves ppl a few minutes to login ect. I was extremely scared about the widget that shows who has been on the site. I do not believe that just logging in gives a website permission to publish that user has been to that website. This is just the tip of the iceberg. Facebook is getting out of hand.

From the RWW article, it looks like you have to enable a "social news app" for this to be an issue. I don't know why anyone would do that.

As the two FB engineers mentioned, you have to allow access to the app before it can know anything about you or take action on your behalf. See Step 2 of the Open Graph tutorial: <a href="https://developers.facebook.com/docs/beta/opengraph/tutorial/" rel="nofollow">https://developers.facebook.com/docs/beta/opengraph/tutorial...</a><p>Publishing actions requires the publish_actions permission, so if the app previously didn't ask for it, I believe you will be asked to re-authenticate the app with the new permissions.<p>I, for one, am going to be reviewing the apps I've previously added to ensure that none of them are doing anything I wouldn't want to. Not sure where to file FB API feature requests, but it would be nice to not have an "all or nothing" approach to authentication (this is a problem with the Twitter API as well, FWIW). For example, if an app requires X, Y and Z permissions, I might want to only allow X and Y and just not use the features that require Z.

I guess, I should always browse Facebook in "Private Browsing" mode, without any other site open in that session.

You can use this Chrome extension to kill cookies when logging out: <a href="https://chrome.google.com/webstore/detail/bgonpegbhnjepleakgjdbaepkfedhhnf?hc=search&#38;hcp=main" rel="nofollow">https://chrome.google.com/webstore/detail/bgonpegbhnjepleakg...</a>

Another analysis/viewpoint: <a href="https://plus.google.com/111297306144520956414/posts/JLQogwzooYd" rel="nofollow">https://plus.google.com/111297306144520956414/posts/JLQogwzo...</a>

Anything that you don't want to be published on facebook, just don't do it on facebook. So that article you want to read privately, just go to news.google.com and read as much as you want. Don't use the facebook app for that. Same thing, if you want to listen to spotify, don't link it to your facebook account, etc...<p>This is how things have been for years, and if you are a more private person (like me), just reading news and listening to music "offline" and go to facebook when you feel like sharing.

I've been in the process of minimizing my Facebook presence, but have left the account open just in case a specific need to use it arises in future. I'm already on other social networks, and Facebook is relatively high maintenance in terms of chasing privacy issues and dealing with other nonsense. For me the cost/benefit just isn't worth it, although I realize that this won't be the case for everyone.

So it seems the solution would be to have different browser profiles. For instance, one for regular browsing, one for FB and one for gmail?

Doesn't this 'frictionless' sharing have plenty of precedent online? Anyone can view the tunes I listen to on my Last.fm page, the pages I bookmark (visible by default) on Delicious. How are these social apps on Facebook different?<p>On the point of 'noise', both these examples provide ways of making sense of the streams. Last.fm charts, Delicious popular streams, and tags.

Life is fine without Dorkbook. Never used it and hopefully never will, although it is getting harder and harder as my school has started to actively use it for e.g. communication regarding potential jobs for students and graduates in companies and institutions the school cooperates with.

Wouldn’t disabling third-party cookies take care of this? (And many other questionable things?)

What most people fail to realize is this... Facebook is <i>not</i> the product Facebook is trying to sell. YOU (and everything about your life!) are what Facebook wants to sell.<p>Facebook is the next great advertising platform, after Google.

Am I the only person who has a virtual machine which is used only for Facebook?

<a href="http://webgraph.com/resources/facebookblocker/" rel="nofollow">http://webgraph.com/resources/facebookblocker/</a><p><a href="http://sharemenot.cs.washington.edu/" rel="nofollow">http://sharemenot.cs.washington.edu/</a>

I've been ensuring I log out for quite a while now. I also have all platform functions disabled in my settings. It's all extra work though. There's a lot of friction involved in remaining private

The latest url for app permissions is <a href="http://www.facebook.com/settings?tab=applications" rel="nofollow">http://www.facebook.com/settings?tab=applications</a>

Don't log out, because logging out each time and logging back in is inconvenient. Use a tracker blocker instead - like Easy Privacy with Adblock Plus, or Ghostery.

It's not about privacy. It's about <i>discretion</i>. Why is this hard to understand?

One idly wonders if it is possible to turn the (to me) useless ticker feature off.

Facebook needs to let you uncheck rights when you Connect to a site.

ผมอยู่ในสมาคมแห่งการแบ่งปันและมีนํ้าใจแบ่งปันกับเพื่อนๆในfacebook

My reply: <a href="http://matjaz.posterous.com/why-you-should-log-in-to-facebook" rel="nofollow">http://matjaz.posterous.com/why-you-should-log-in-to-faceboo...</a>

All the Facebook engineers on here sound like I imagine IBM executives do when asked about the involvement of IBM in the holocaust...<p>I'm genuinely surprised that the EU haven't stepped on Facebook yet. It's the creepiest, most invasive thing ever developed.

Maybe because not everyone lives 10 minutes from each other and is 100% independently mobile? And gee... occasionally even people that you really enjoy spending time with have to move to other areas of the planet.

Switch to other services (Instagram, Twitter, Google+). Problem solved.<p>Unless you like to be in S/M relationship. You're the S.

This really comes down to Winer's tin foil hat obscuring what's actually happening and writing the story to reflect his lack of facts. For these "reading a story" posts to get to your timeline, you have to opt-in by installing the app and giving it permission to do that. If you're dumb enough to do that and get offended, maybe you should close your Facebook account.