1. 16

  2. 14

    plaintiffs failed to show that they had a reasonable expectation of privacy


    1. 0

      I’m sorry, but what do you think happens when a person clicks a Facebook Like button embedded on a website? You really didn’t know the click is sent to Facebook for tracking purposes?

      1. 5

        What if I don’t even click it? The fact that it exists on the page means Facebook’s javascript gets to run.

        When a user visits a page with an embedded “like” button, the web browser sends information to both Facebook and the server where the page is located.

        You don’t have to interact with the button for it to track you.

        1. 3

          To wax philosophical for a bit, long ago we called browsers user agents. Which raises the question, who’s the user? If you’re the user and your agent is doing something you don’t want, you should fire it and get a better one.

          1. 2

            Surely for most pages these days 95% of the javascript is for things you either don’t care about or actively work against you (tracking), and 5% is the thing you want. Assuming the user can’t live without the 5%, it is hard to ensure the 5% is run and the 95% is not.

            1. 2

              One of the settings in NoScript allows scripts served from the same domain as the page and disallows all others.

              This fails occasionally (about once a week I have to whitelist another CDN domain) but otherwise has drastically improved my browsing.

              1. 3

                I disabled that because I figured I might stumble on a malicious site and realize it too late. That hasn’t happened, but aimply whitelisting sites you access often amd trust has a similar effect.

                A friend uses throwaway VMs for most of his browsing. A bit like poisoning the data, but if he exhibits the same patterns, despite obviously not using “social media”, that still teaches the beast.

                1. 2

                  The setting I’d like to see is per-site whitelists.

                  I don’t want first-party scripts to be enabled by default, but just because I whitelist a script in one location doesn’t mean I want it whitelisted everywhere. For instance, twitter.com should also load scripts from twimg.com. But I don’t want their scripts running on other webpages.

                  1. 1

                    You can get that from uMatrix.

                    1. 1

                      Yes, I am an avid user of uMatrix these days.

            2. 2

              You also don’t have to be logged in or even have a Facebook account for the button/javascript to track you. PS. there are 20 or 30 of these buttons in common use and half of them (Google analytics etc.) don’t even have a visual hint they are tracking you. Good times.

        2. 7

          This is a good thing. It means that people won’t use the law as an excuse to avoid making browsers secure.

          “Oh, it’s illegal to do ad tracking like that, so we don’t need countermeasures for it” - right up until some TLA, foreign entity, or criminal decides to do it anyway.

          We should start from the assumption that ad trackers will do everything in their power to subvert privacy, even if the law says otherwise.

          1. 1

            That’s a good (Optimistic :) ) way to look at it.

          2. 2

            I’m a little surprised people would bring this lawsuit.

            The entire point of these buttons is to track people around the internet. Of course they’re sending Facebook a ton of information - it’s the only reason the buttons exist.

            How are people so naive to not know about and expect this?

            1. 2

              I’m guessing the point of this lawsuit is to:
              a) Raise awareness for the average Joe who has no idea there is javascript and even just simple requests for the images themselves tracking them in the background
              b) Get a win and set a good precedent (Hopefully relatively cheaply)

              So hopefully they are least have some success on the first goal.