General security

"Frictionless Sharing": Browser History Leaked into the Cloud

Adrian Birsan
March 29, 2013 by
Adrian Birsan

I don't want this article to be alarming, and its purpose is not to make you deactivate / delete your Facebook account or make you stop all your social online-activities. I just hope after reading it you will pay a bit more attention about your privacy, your cookies, and your browser history because seems that lots of our information is leaked into the cloud without our will.

"Frictionless sharing," Mark Zuckerberg said in his presentation regarding the Facebook timeline. It sounds like, "Don't trouble yourself with decisions... we'll take care of sharing what you do. You just sit back and enjoy the shiny new object."

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What information does Facebook get when I visit a site with the Like button or another social plugin?

Still think of ourselves as Facebook's customers? We're not. We're Facebook's product; we have allowed a lot of our privacy to be eroded on Facebook. The site demands people use their real names. No big deal, it's all about family and friends, right? Except all the times it's not--but that's the price we pay.

They've made it publicly clear that they consider the notion of privacy on the internet to be an outmoded concept, and that it is contrary to their business model. Facebook has made it clear that their business is to own your online identity, and nobody pays any attention. Very few people will ever read the TOS, so most choose to be ignorant of the actual scope of the information they volunteer. The vast majority probably wouldn't care even if they were informed.

So Facebook exploits this in a myriad of ways, including passing one's information to third party apps; logging them into unrelated non-Facebook sites based on their cookie; opting users into various 'features' by default.They've taken it upon themselves to further intrude into our online lives.

Entering one's mobile information into the site will someday contractually permit them to monitor phone calls and mine them for more personal data. Maybe they'll improve their facial recognition software to be highly effective at identifying individuals based on the copious database of photos that users have supplied. Maybe they form partnerships with other major sites to generate profiles on what people buy online, the vehicles they drive, the itemized charges on their checking and credit cards, the loans they accept, the emails they send and receive, etc.

Maybe they offer all of this freely to law enforcement, governments, and any interested companies willing to pay for it. Maybe they decide that even allowing users to manage the few options currently available is too much freedom and scrap the settings altogether. Maybe they tie the site into the very hardware in our phones and PCs and Macs and tablets with 'trusted' integrated chips.

Maybe they keep pushing the line, because perhaps one of these days they will finally find the point where people beyond those ordinarily concerned about these issues will actually take notice and say "hey, wait a second..." And just maybe that will lead to a demand that our government come down and set some better rules and regulations on behalf of the public.

Perhaps at that time, more people will finally understand the folly in allowing a company like this to do as they are wont. And maybe there will be a few less apologists willing to rush to their defense every time and tell the rest of us why all of this is totally okay.

Bing search is already hooked up to Facebook. You have to log out of FB to use Bing otherwise people will see what you are searching for. Google also keeps tabs on your searches. You have to log out of Google, delete cookies then search. You will get very different results if you are logged in or still have old Google cookies. Huffpo also does search and read sharing. You have to click the button if you don't want people to see what you're reading. Those are just few examples but in a quick search you can find many others like this.

The point is that what FB is doing with their cookies is no different from what every other online advertising company does... leveraging them as the valuable product they are. If you have cookies enabled, there are at least 10 companies out there, all tracking you, trying to put relevant ads in front of you. Imagine all the online services that track your browser history. They know what bank you go to, where you shop, where you browse. Maybe they won't sell this information but I'm pretty sure they'll target ads to you. So, do you wonder where the spam came from?

So let's see how we can face this problem and protect our privacy!

- Facebook Disconnect Chrome Extension

Stop Facebook from tracking the webpages you go to.

Facebook is notified whenever you visit one of the more than one million sites on the web that use Facebook Connect and has a history of leaking personally-identifiable information to third parties. Turn off the flow of your data to them!

Facebook Disconnect blocks all traffic from third-party sites to Facebook servers but still lets you access Facebook itself.

Sounds great! BUT Disconnect has the following warning before install "This extension can access: Your data on all websites - your tabs and browsing activity - your browsing history"

Personally, I didn't use it but if you did please share your Disconnect experience.

-Facebook Blocker

This browser extension stops Facebook social plugins—including those within iFrames—from running on sites other than Facebook itself. This includes 'Like' buttons, 'Recommended' lists, and should also stop any Facebook scripts from tracking your browsing history.

-Abine DoNotTrackMe

"Trackers are watching your every click. Websites are selling your information, and data brokers are buying. Stop them in their tracks with."

Fast, easy setup

Blocks600 trackers

Web pages load up to 4x faster

-AdBlockPlus

Banish social networks like Facebook, Twitter, and Google+ from transmitting data about you after you leave those sites, even if the page you visit has a social plugin on it.

-Ghostery - Be a web detective.

Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior. Ghostery tracks over 1,200 trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

-Firefox Private Browsing

Browse the web without saving information about the sites you visit

Use Firefox's private browsing mode for sites which you consider risky to visit, like Facebook. Once you close the browser, it forgets everything. You were never there. Beats the flash every time.

-Widget Block

Block widely installed 3rd party social/web 2.0 widgets to make pages load faster.

3rd party widgets from sites like Facebook, Twitter, Google Plus One, Disqus, etc. can slow down page load times when browsing on other sites that include them. WidgetBlock disables a number of widely installed 3rd party widgets so that your pages load faster. It includes options to choose the Widgets you'd like to disable. For a full list of the Widgets blocked please see the options page.

WidgetBlock disables the Widgets by preventing them being requested from the server in the same way the popular AdBlock extension works. It only prevents the Widgets from loading on other sites, so the sites that own the Widgets will still continue to work as normal. WidgetBlock can save time loading pages, bandwidth, and your privacy.

-2-Click Like 2.0

Protects your privacy by converting normal Like buttons to 2-Click buttons and thus not tracking you.

Are you worried about your privacy? Or just worried about page load times? This Add-On will convert the "Like" buttons of the major Social Networks to "2-Click Like" buttons and therefore protecting your privacy - since it's know they use it to track you.

-Track Me Not

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. To better simulate user behavior TrackMeNot uses a dynamic query mechanism to 'evolve' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.

Maybe logging out isn't enough to protect our privacy, maybe the existent tools aren't good enough, so my paranoid solution regarding Facebook is to use one browser for Facebook only, or create one windows user only for Facebook (the switch between windows users takes few seconds) but to be honest I can't do that even though it sounds safe enough.

Instead, we can restrict public access to our info as much as possible. We can keep an account open with minimal info. We won't use the info that credit card companies or banks use to verify our identity. Disconnect Facebook from other sites that we use to visit. Enable "no tracking" on our browser. Clear the cookies frequently. We won't use Facebook to logon to other sites because we'll create a "daisy chain" of our sites. Basically we should proactively block them from tracking us, as much as possible.

Maybe the world needs to be more open. Maybe people should stop hiding who they are. If everyone's dirty laundry is out in the open, you can't pretend to be a pristine, shiny person. No one is perfect. The other members of society won't be able to sit behind their masks and judge you because there will be no masks.

Right now, there are major implications to sharing everything - corporations want that info so they can make money off you, governments want it so they can control you and/or keep track of you, and people with aberrant psychologies might want it to just plain hurt you.

If you want an open world where people can share most (if not all) of their information safely, we first have to change society into a much more sane one that isn't based on money and one where there are no governments as such, or at least not governments that are run by a ruling class with a vested interest in keeping the population subjugated, like now. One where the stresses of daily living aren't as extreme as they are now which encourages those aberrant psychologies I mentioned.

Until that day, privacy is still important. Always keep in mind that if you're not paying for a service, you're the product, not the customer.

Adrian Birsan
Adrian Birsan

Adrian Birsan is a freelance web developer and pentester. Says he: "Technology has always been something which captivates me; I like computer security and software development. I am a pentester on my free time and also own a blog where I post useful information. I am a big supporter of Freedom of Speech and ... I play the guitar m/ " His blog can be found at http://softpill.eu/