Tuesday, November 10, 2015

OpenStack 11/11/2015 (a.m.)

  • I checked and sure enough: five Facebook cookies even though I have no Facebook account. They're gone now, and I've created an exception blocking Facebook from planting more cookies on my systems. 

    Tags: surveillance state, Facebook, tracking-cookies

    • Facebook has been ordered by a Belgian court to stop tracking non-Facebook users when they visit the Facebook site. Facebook has been given 48 hours to stop the tracking or face possible fines of up to 250,000 Euro a day.
    • Facebook has said that it will appeal the ruling, claiming that since their european headquarters are situated in Ireland, they should only be bound by the Irish Data Protection Regulator.

      Facebook’s chief of security Alex Stamos has posted an explanation about why non-Facebook users are tracked when they visit the site.

      The tracking issue centres around the creation of a “cookie” called “datr” whenever anyone visits a Facebook page. This cookie contains an identification number that identifies the same browser returning each time to different Facebook pages. Once created, the cookie will last 2 years unless the user explicitly deletes it. The cookie is created for all visitors to Facebook, irrespective of whether they are a Facebook user or even whether they are logged into Facebook at the time.

      According to Stamos, the measure is needed to:

      Prevent the creation of fake and spammy accounts
      Reduce the risk of someone’s account being taken over by someone else
      Protect people’s content from being stolen
      Stopping denial of service attacks against Facebook

    • The principle behind this is that if you can identify requests that arrive at the site for whatever reason, abnormal patterns may unmask people creating fake accounts, hijacking a real account or just issuing so many requests that it overwhelms the site.

      Stamos’ defence of tracking users is that they have been using it for the past 5 years and nobody had complained until now, that it was common practice and that there was little harm because the data was not collected for any purpose other than security.

      The dilemma raised by Facebook’s actions is a common one in the conflicting spheres of maintaining privacy and maintaining security. It is obvious that if you can identify all visitors to a site, then it is possible to determine more information about what they are doing than if they were anonymous. The problem with this from a moral perspective is that everyone is being tagged, irrespective of whether their intent was going to be malicious or not. It is essentially compromising the privacy of the vast majority for the sake of a much smaller likelihood of bad behaviour.


Posted from Diigo. The rest of Open Web group favorite links are here.

No comments: