Facebook: analysis and defense

2007-12-18 02:22 pm
mdlbear: (hacker glider)

Thanks to this excellent post on EFF's Deeplinks blog, I can now point the few of you who are interested in the details at Jay Goldman's excellent analysis explaining how FB and their Beacon partners accomplish something that would be a cross-site scripting attack if they weren't ganging up on you to do it. It's done without cookies, by the way; the key part is javascript on the original page dynamically constructing an iframe that does the dirty work talks to Facebook.

So, if blocking cookies won't do it, how do you disable Beacon? The answer is in this blog post by Nate Weiner. Finally, here's CA Security Advisor to point out that Facebook gets the information about your third-party activity whether or not you opt out. Goldman's analysis makes that clear as well. Facebook, of course, says that 'If a Facebook user clicks "No, thanks" on the partner site notification, Facebook does not use the data and deletes it from its servers.'

Do you trust them?

  • Mood: enthralled
Tags:

You know, I was thinking about joining Facebook

2007-11-27 07:24 pm
mdlbear: (wtf-logo)

... but not after this privacy disaster. (via boing boing) There's an earlier article here.

For those who just want the high-order bits, the fuss is about "Facebook's 'Beacon' advertisements, which post information about users' activity on partner sites (movie rentals, purchases from online retailers) onto their friends' News Feed." There's an opt-out, but it's well hidden and you have to opt out separately for each merchant.

Note to vendors: if I buy something and don't mind letting the universe know I've bought it, I'll blog about it. Much of the time I mind a whole lot, so it's my damned choice, not yours. If Facebook ever gets its metaphorical face out of its metaphorical arse, I'll reconsider setting up an account.

  • Mood: disgusted
Tags:

Most Popular Tags

Links

Syndicate

RSS Atom

Style Credit

Page generated 2026-01-03 12:50 pm
Powered by Dreamwidth Studios