Facebook recently launched the “Like” function, which basically can be embedded into arbitrary web sites. Naively, it does two things:

  1. Provide a “Like” button for sharing the web site
  2. Show you how many other users like the web site

Sounds good, doesn’t it?

But now reconsider: even when you don’t use the “Like” function, facebook is in fact notified of which web sites you visit!.

Encouraging you to “share” content with friends is the hanger for this function. This is what makes web masters install it on their sites: they expect to get some extra traffic from your friends, so they just add it.

But whether you like it or not, it basically allows Facebook to track your complete web viewing habits. And it’s the target web site that opts in, not the user! Combined with all the personal information Facebook already has on you, this is a major privacy concern. Combining this information might even be illegal in some countries (but probably not in the US where Facebook lives, privacy unfortunately has a low role here).

The best workaround currently is to blacklist Facebooks “Like” function using some kind of AdBlock, for example using this element filter:

IFRAME[src^="http://www.facebook.com/plugins/like.php"]

But in general, we should try to make this kind of data aggregation illegal without explicit consent and force Facebook to make this an opt-in feature. Political work needed here …

P.S.: Make sure to check if your AdBlock actually blocks and not just hides. As far as I can tell, WebKit Adblock, including Chromes, only hide ads. Firefoxs AdblockPlus seems to be more powerful.

P.P.S.: yes I’ve read the claim that Facebook doesn’t track. No wait, all they basically said was that they are not going to announce at F8 they will be selling web surfing behaviour based ads to their customers. They actually did NOT state (or guarantee) they will NOT use data mining on this data. Just that you probably will not be able to buy eyeballs based on rules such as “has visited/liked disney.com” …

P.P.P.S.: I’ve been told that facebook.com/widgets/like.php also needs to be blocked, since some sites use this URI scheme. And of course, Privoxy and similar privacy-increasing proxies are a useful addition, too.