Facebook is following me from website to website

Back in March of this year I (Julian Evans blog) wrote a post about the Facebook ‘Like’ button JavaScript threat. In it I highlighted how easy it was for Facebook to collect data for internal analysis (i.e.improve their site) rent or sale and the JavaScript iFrame and XSS threat vectors. What I didn’t mention was the social media integration plug-ins that are being installed across many websites. I have a social media integration plugin on this site (see opposite), but the only data I see is whether people ‘like’ or ‘don’t like’ a post – nothing else.

The Facebook ‘Like’ button which appears on my website and many others is provided as a means of recommending specific content to others. This isn’t a privacy issue, however the major privacy discussion amongs my collegues is that of Facebook Connect – what is this monolith collecting from our surfing habits? Facebook Connect has sharing tools that let it track where you are on the web, even when you’re logged out of your account. You’ve probably noticed this while surfing the web. You don’t have a choice when it comes to Facebook following you all over the web – or do you? Read more...