Two-click button foils Facebook tracking, a new tool for privacy-concerned nonprofits
Last month, the privacy commissioner for the German state Schleswig-Holstein, Thilo Weichert, announced that he would fine websites in his state €50,000 if they included Facebook’s “Like” button<.
Weichert argues that this popular function breaches privacy by making it possible for the social networking giant to guess user preferences and opinions by compiling a profile of all the sites marked on one computer.
The issue is that even if you don’t click the “Like” button, Facebook still knows you visited the page because its server gets called to display the button code. For individuals already on Facebook, it can compile a detailed profile of you around the web, based on what you visit (again, whether or not you click the button) and serve you or your friends particular ads on Facebook as a result. For those who are not on Facebook, or who aren’t logged in, it can still tie the profile to your IP address, and could theoretically link that information to you, should you subsequently show up on Facebook.
This isn’t unique to Facebook
Most “free” third-party apps do exactly the same thing, although few have the reach of Facebook. The other big player is Google, who tracks you (by IP address) using Google Analytics, which many websites have installed in exchange for free website statistics, and tracks you (by Google profile) using Google’s new “+1” button released as part of the Google Plus social network. Since Google makes so much of its money from advertising, its interest in knowing which sites you visit is pretty self-explanatory.
Other social networks’ widgets, such as TwitterTwitter is a social network built around short status updates — a combination of microblogging and instant messaging, with the ability to post from mobile phones through text messages.’s “Tweet” button, the Pinterest button, etc. also are certainly tracking who is accessing them, but to date there have been fewer examples of them using this information to build profiles of people. Social “plugin” applications, like AddThis, ShareThis and Disqus also compile profiles of people as a way to present them what they think will be the most useful social network buttons (and in some cases links to other content), but it’s less clear whether they’ve been using that information for any other purposes.
Several organizations I’ve seen have prominently linked to the Tor Project<, and there are good resources from the EFF< and Ethan Zuckerman< on using Tor for anonymous blogging. There are also several< Firefox< plugins< that anonymize your browsing. Any of these methods would defeat tracking by social networking widgets.
A two-click solution for websites
For organizations that want to ensure their users are only tracked by social networking websites if they explicitly opt-in, there’s an exciting new development.
Last week, as a response to the German privacy commissioner’s declaration against social networking buttons, German website Heise has released a script< that disables social networking buttons by default.
The script renders three social networking buttons — Facebook’s Like, Google’s +1 and Twitter’s Tweet — as greyed-out images hosted locally on the website. After flicking a virtual switch, site visitors enable the actual social networking button, which calls the web servers of Facebook, Google or Twitter and would thus trigger the data collection. There’s also a handy settings button to the right, that allows you to permanently opt-in to one or all of the services for that site. You can see it in use< at the bottom of the post where they announce it.
Image credit Flickr user therontrowbridge