On Sep 29, 12:18*am, FromTheRafters <erra...@nomail.afraid.org> wrote:
> Virus Guy wrote:
> >http://www.dailymail.co.uk/sciencete...Facebook-priva...
>
> > Now I've really never concerned myself as to how the cookies file
> > (usually "cookies.txt" yes?) interacts with your web browser and web
> > servers (and you're welcome to explain this interaction) -
>
> > But if I read this story correctly, what exactly does Facebook's
> > web-server do in terms of reading or accessing your complete browsing
> > history that any other web-server can't do? *Or doesn't do?
>
> > In other words - is this strictly just a facebook phenomena, and if so
> > why?
>
> http://dorianroy.com/blog/2010/04/ho...-button-works/


Good one, thanks. I learned something new and I occasionally program
in HTML/ASP: an "iFrame", interesting.

RL

Facebook has introduced a new Like Button together with some other
“social plugins” at their f8 conference last week. Everybody can put
it on their website so that visitors can “like” a page and add it to
their Facebook profile without leaving the site.

This button actually allows Facebook to track all visitors of the
external site, no matter if they click it or not (as long as they are
Facebook users – but who isn’t?). Facebook can do that because they
use an iframe to display the button. An iframe is something like an
embedded browser window within a page. The difference between using an
iframe and a simple image for the button is that the iframe contains a
complete web page – from Facebook. There is not much going on on this
page, except for the button and the information about how many people
have liked the current page. Click here to open a like button page in
a new window.

So when you see a like button on cnn.com, you are actually visiting a
Facebook page at the same time. That allows Facebook to read a cookie
on your computer, which it has created the last time you’ve logged in
to Facebook. The cookie remains on your computer for months, even when
you didn’t check the “keep me logged in”-option in the login form. It
contains your Facebook user-id. A fundamental security rule in every
browser is that only the website that has created a cookie can read it
later on. And that is the advantage of the iframe: it allows Facebook
to read your Facebook-cookie even when you are visiting a different
website. That’s how they recognize you on cnn.com and display your
friends there.

What I don’t like about this is that it is not opt-in. You’re not
asked to be tracked on external sites by Facebook, and there is also
no opt-out in the Facebook privacy settings. Honestly, you can’t blame
Facebook for that, because there is no way they could check your
privacy settings before they know who you are. The only way you can
avoid being tracked by Facebook on other sites is to logout of
Facebook before visiting any other site. That will delete the cookie.

(If you have a website or blog and want to include the like button,
but do not want it to track the users without their consent, have a
look at this post where you can see how to make a like button with opt-
in)