Graalians

Graalians (https://www.graalians.com/forums/index.php)
-   Off-Topic Chat (https://www.graalians.com/forums/forumdisplay.php?f=14)
-   -   Logging out of Facebook is not enough (https://www.graalians.com/forums/showthread.php?t=1002)

Unleash 09-26-2011 06:45 AM
Logging out of Facebook is not enough
 
I came across this article and I must say it's pretty scary.

You can read the full article (with a lot more detail) here: http://nikcub-cache.appspot.com//log...-is-not-enough
Quote:
Logging out of Facebook is not enough

Dave Winer wrote a timely piece this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.

The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.

The primary cookies that identify me as a user are still there (act is my account number), even though I am looking at a logged out page. Logged out requests still send nine different cookies, including the most important cookies that identify you as a user

This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. The only solution to Facebook not knowing who you are is to delete all Facebook cookies. You can test this for yourself using any browser with developer tools installed. It is all hidden in plain sight.

An Experiment

This brings me back to a story that I have yet to tell. A year ago I was screwing around with multiple Facebook accounts as part of some development work. I created a number of fake Facebook accounts after logging out of my browser. After using the fake accounts for some time, I found that they were suggesting my real account to me as a friend. Somehow Facebook knew that we were all coming from the same browser, even though I had logged out.

There are serious implications if you are using Facebook from a public terminal. If you login on a public terminal and then hit 'logout', you are still leaving behind fingerprints of having been logged in. As far as I can tell, these fingerprints remain (in the form of cookies) until somebody explicitly deletes all the Facebook cookies for that browser. Associating an account ID with a real name is easy - as the same ID is used to identify your profile.

Facebook knows every account that has accessed Facebook from every browser and is using that information to suggest friends to you. The strength of the 'same machine' value in the algorithm that works out friends to suggest may be low, but it still happens. This is also easy to test and verify.
What are your thoughts? With most people having Facebook accounts for Graal I imagine this would affect some of you at one point.

snk 09-26-2011 07:51 AM
cool but check this

http://touch.facebook.com/
or
http://m.facebook.com/

they rock :D

If its something cool, I could make a Graal script which will spam '<3snk4life' :D

Door 09-26-2011 06:25 PM
I accidentally ran that "experiment" once several years ago. Back before I deleted my Facebook, I tried making a Graal one separately. It was immediately suggested to all my irl friends as a new friend for them to add. This kinda pissed me off even though I'm not one to separate my online life from my irl one to any huge extent. In fact, I only found out that it happened cuz one of my friends was like "Hey don't you go by Door online? Is this yours?" lmao

I couldn't help but think about the people I've met who say that their irl friends/family have no idea they are huge dorky losers online. Like, huuuuuuuuge. I mean, playing Graal? Woooow. But seriously, the whole thing just sort of made me see how much Facebook is a crock of **** about privacy.

Dragu 09-26-2011 07:04 PM
To be true, there are a ****load of vids and stuff even parodys of facebook tht show how unsafe it is.
The sad thing is most things are true lol

Niels 09-26-2011 08:01 PM
I can just imagine all of the bad sites posting crap on your Facebook wall if they learn how to do it. That's really not a feature I'm sure people will appreciate.


All times are GMT. The time now is 09:45 AM.

Powered by vBulletin/Copyright ©2000 - 2025, vBulletin Solutions Inc.