How Facebook Tricks Webmasters To Collect Users Web Surfing History

image

With the recent announcement that Facebook will begin selling your web browsing history to advertisers, we thought we’d take a look at how they actually get your web browsing history in the first place.

Most people assume that Facebook tracks them when on facebook.com, but you don’t have “Facebook” installed on your computer and you don’t “open up Facebook” to surf the web.  Where do they get data from?

Even without visiting facebook.com, plus.google.com, or twitter.com, you’re likely to encounter elements from these sites almost seven times a day. The trackers come in the shape of cookies, JavaScript, 1-pixel beacons, and Iframes, and cute looking widgets.

These elements have the ability to ping Facebook’s servers with:

  • The URL of the page you’re viewing
  • The site that referred you to that page
  • The browser you’re using
  • The OS you’re using
  • Your approximate geographic location
  • The size of your screen
  • If you’re logged into Facebook they can associate you with your Facebook profile.

The Facebook Like Button

One very popular widget on the internet is the Facebook like button. Facebook’s Like button has made it easy for hundreds of millions of Web users to share content with their friends on the social networking site. The button appears on more than one-third of the top thousand websites and has been integrated into everything from Bing search results to countless blogs around the ‘net. What users may not realize is that the soft blue thumbs-up is tracking their surfing habits, even if it doesn’t get clicked.

image

Any time the Like button is displayed, information is zapped back to Facebook’s servers.

Facebook Connect and Your Privacy

Facebook Connect is the next iteration of the Facebook Platform that allows users to “connect” their Facebook identity, friends and privacy to any site. Even if you never login to a site using Facebook Connect, the fact that they have the Facebook Connect JavaScript snippet present on their site means Facebook can see that you are present on that site.

Over 50,000 sites use Facebook Connect, and if you’ve visited one of them, you’ve been tracked.

image

Like Boxes Are Creeping On You Too

image

The Like Box is a special version of the Like Button designed only for Facebook Pages. It allows admins to promote their Pages and embed a simple feed of content from a Page into other sites. As this is a JavaScript widget, every time it is loaded it pings information about you back to Facebook servers.

We found over 1 million websites that have this box.  (and additionally show pictures of the followers faces)

image

What Can you Do About It?

Twitter and Pinterest, which track people with their Tweet and PinIt buttons, offer users the ability to opt out. And Google has pledged it will not combine data from its ad-tracking network DoubleClick with personally identifiable data without user’s opt-in consent. Facebook does not offer an opt-out in its privacy settings.

Instead Facebook asks members to visit an ad industry page, where they can opt out from targeted advertising from Facebook and other companies. The company also says it will let people view and adjust the types of ads they see.