Some privacy practices when using Facebook

Tor

I have recently started using the Tor Browser when browsing Facebook and Twitter (although I need to get into the habit of doing so consistently). Amongst other things, Tor can help to protect against IP address tracking (although it is not bulletproof!). I find it unnerving that Facebook and Twitter are able to discern who my housemates and officemates are, even if I have had almost no interaction with them. (I don’t mind being associated with my particular housemates and officemates at the moment, but some people may mind that.)

Mobile website and JavaScript

I also use the mobile Facebook website on my laptop, and avoid it completely on my phone. The mobile Facebook website can run without JavaScript, which you can disable using NoScript, a Firefox extension which is automatically shipped with the Tor Browser. Disabling JavaScript protects against some of their data collection habits, such as cursor tracking and reading from unsubmitted forms.

Facebook is not the only website that practises such habits with JavaScript: another example is described here. The Independent‘s website is particularly bad as far as JavaScript is concerned: many articles on their site do not display properly unless you allow a load of JavaScript from third parties, including many advertisers.

Clickjacking

When you click on outgoing weblinks on Facebook, they do not directly take you to the desired website. Instead, they take you first via a tracking page: note the URL at the bottom:

This intermediate tracking page allows Facebook to know what links you have clicked on, at what time and in what context. (A browser doesn’t send this information to the webserver of the page containing the link.) To partially overcome this, I give the full URL when posting a link. A reader can then copy this URL and go to it directly, skipping the intermediary.

Since many users are not aware of Facebook’s outlink tracking, it should be considered a form of clickjacking.

Conclusion

These practices are a start, in lieu of managing to persuade one’s friends to migrate to a more private (and oftentimes more open, somewhat ironically) platform. Of course, Facebook may still harvest information about me, including anything I post, the things that I click on (or not click on), and anything said about me by other people.

By the way, you should care about privacy even if you are not a criminal and have ‘nothing to hide’. That claim is patently false: we all have secrets which we would like to keep, even if they are not illegal. Society has stigmas, and an unscrupulous government or employer could use its illicitly-obtained knowledge about your relationship, which you might like to keep quiet about, to blackmail you. And while it’s unlikely that any Facebook employee would personally be interested in your life, the psychological profiling that they may obtain from tracking your cursor could be very lucrative for an insurance company. And, of course, we often talk about other people behind their backs, in unflattering ways.

2 thoughts on “Some privacy practices when using Facebook”

  1. Readers of this article may also be interested in two browser addons made by the Electronic Frontier Foundation (https://www.eff.org/):
    — Privacy Badger (https://www.eff.org/privacybadger), which is designed to block domains that are determined, over time, to be tracking the user
    — HTTPS Everywhere (https://www.eff.org/https-everywhere), which, where possible, enforces the encrypted https

    Furthermore, one might prefer to use a Virtual Private Network (VPN), rather than the Tor browser.

Leave a Reply

Your email address will not be published. Required fields are marked *