Facebook's Latest Outage Highlights A Serious Privacy Concern

If you visited Crooks and Liars Thursday evening you may have had an unpleasant surprise. Instead of being able to read your most favorite blog, you were quickly taken to this Facebook page: Even if you clicked the Okay button on that page

If you visited Crooks and Liars Thursday evening you may have had an unpleasant surprise. Instead of being able to read your most favorite blog, you were quickly taken to this Facebook page:

fberror.JPG

Even if you clicked the Okay button on that page you still weren't brought back here. Instead you just ended up on a blank page. You can actually see this in action on this YouTube video.

I noticed the problem early on and decided to remove the only Facebook code we had running on our home page, which was for the Facebook Like button that used to appear on the bottom left. As soon as that code was removed things went back to normal. Within minutes of fixing the problem on Crooks and Liars, I decided to look into the problem a little more and saw an article isolating it to Facebook Connect:

On Thursday, many major websites were taken down by an error that stemmed from Facebook, as Internet mainstays like MSNBC.com, CNN, Yelp and New York Magazine all sent users to redirect pages almost immediately upon loading.

Upon visiting the sites, users were redirected to an error page inside of the Facebook website, which seems to suggest that the error lies in Facebook Connect, the software platform that snakes Facebook’s reach throughout the entire backbone of the Internet. Connect is seen on many third-party-publisher websites in the form of the “Like” button — especially BuzzFeed, the viral news site which relies primarily on social media to spread throughout the Web.

Facebook Connect and Facebook Like are two separate beasts. Connect allows you to sign into a site with your Facebook login. We have that capability here at Crooks and Liars, but we don't use the traditional Connect method. Instead we have a custom implementation that works better with our user management system.

Facebook Like, on the other hand, is simply a button you click on a page or post so that you can show your Facebook friends that you liked something. In a sense it is similar to the old Digg buttons you used to see all over the web. It all seems harmless enough, but is it really? Salon doesn't seem to think so and neither do I:

Not so fast! We should stop and think about what really happened. By demonstrating a direct connection between our Facebook logins and the Facebook Like buttons on non-Facebook pages, Facebook inadvertently advertised exactly how much it potentially knows about all our Web browsing habits.

Facebook critics have long warned that the way the Like button is implemented across the Web has serious privacy implications. Every time a person visits a Web page with a Facebook Like button, that information is stored in a cookie placed on your computer. It is a trivial matter to connect that information with the cookies set when you actually log into Facebook — information, incidentally, that includes your real name. Let’s emphasize this point: Facebook has the technical capability to connect your real name to every website you visit that has a Facebook Like button embedded in it. And the set of websites captured by the terms “third party sites integrated with Facebook” turns out to be very large indeed.

And you used to worry just about your browser's history. Well forget that! Given the popularity of the Facebook Like button, your browser history is now potentially stored with Facebook, and you don't have anyway of deleting that.

Now you might be asking yourself how this information could be valuable to Facebook. I mean, why should they care what pages you have visited outside of their own? As with most things, the answer is money. Say you view a new laptop on Amazon and then check it out on NewEgg. Well Facebook can now see that you may be in the market for a new computer and when you go to check your Facebook page out, they can use that to deliver and ad for laptops.

Now site tracking for ad placement is nothing new, but there is a big difference here. Facebook has personal information on you, where as ad companies don't. That means Facebook has much higher odds of knowing who exactly is on a website, unlike the ad companies.

Also, Facebook isn't the only one who can find value in this information. I'm sure law enforcement would love to have access to this. It would actually be better information than someones search history from Google, as Facebook would have the actual pages a user visits and not just what they search out and the initial page they go to.

Talk about sneaky and from something as inconspicuous as the Facebook Like button.

Until Facebook comes clean on what they store and do with this information, we have decided to remove the Facebook Like button from the site. We will still keep the Share button and our page widget, since those do not work through the Connect system. The Like buttons we have on our trending widget also don't work through the connect system. Instead that is provided through the ShareThis service we use for all our social buttons.

If you want further protection when you are surfing other sites, then my only recommendations are to either log out of Facebook first or use a separate browser for surfing. That's about the only way to make sure the simple Facebook Like button isn't actually connecting that page and your Facebook account behind the scenes.

About Jamie

Comments

We welcome relevant, respectful comments. Please refer to our Terms of Service for information on our posting policy.