I like how this is posted on a news site which uses “asshole-design” (previously known as “dark patterns”) to force people into accepting their third party cookie tracking. (They basically hide the ability to disagree to their third party cooking behind the “learn more” button, while only displaying “Accept and close” in a flashy colour at first)
It seems to only show up when visiting from IP’s geolocated in the EU. I didn’t see it from my home connection, but once on corporate VPN which exits in Europe it showed up.
Also remember: Plenty of companies are still happy to charge you for the privilege of being their product. The promise of cable TV was that there wouldn’t be advertising, since the subscriber was the customer.
FB can encrypt links back to its own servers, but fbclid was being added to any link FB ever touches despite being destined to non-FB servers. It can’t encrypt that, because it needs to pass a URL that the non-FB server can process.
I think these reports are missing a lot. FB tracking within itself is expected. The reason fbclid was so problematic is it was attempting to track people around the broader Internet where the user wasn’t interacting with FB at all, and at least for now, these privacy protections are effective against that.
Hindsight is 20/20, but it wasn’t a great call for Firefox to implement this ever recommending add-ons/filters that do this. By blocking them at the browser level it flips the switch from on-our-radar from privacy enthusiasts to time-to-exterminate because it was perceived as a thing niche users do. The surprise to me is that Firefox’s user base size being considered a ‘threat’ as it’s numbers have been low for a while (at least according to what analytics are telling us, neverminding correlation between privacy-focused browser and those blocking their analytics upstream). Is the Firefox base bigger than we think? Does Firefox have a influence sphere that would introduce the feature to more browsers? Or is it just that any threat even small is just worth it to rethink the tracking tokens?
Ultimately best move you can do if not for straight-up deleting your account is to only use Meta products (Facebook, Instagram, WhatsApp) when absolutely necessary (like contacting a business that only operates on Facebook or telling your contacts how to reach you elsewhere) and always inside some form of container to separate its tendrils from your browser/device.
I’ll disagree - Facebook could have done this anyway due to any number of triggers and it’s good to force the behaviour to be more in-your-face. It’s one thing for someone visiting the link to not send the parameters - the other side of the coin is people who want to share a link without tying it to their own account or session. People who are used to cheerfully stripping that part of the URL before sharing are going to be irritated when they can’t, which is exactly the sort of friction and frustration FB deserves to cop for this.
When your audience is “everyone on the internet”, it’s likely that even browsers with shares in the single digits add up to quite a bit of your revenue. With various privacy extensions available in other browsers sprinkled on top, I can imagine it being perceived as a threat to the business.
That said, I don’t think “privacy through obscurity” is a great approach to solving these issues. We need to fight this on another level: it’s important for browser vendors to make a stand, and for legislature to catch up as soon as possible.
It’s also worth considering the demographics of those low numbers. I know lots of non-technical people who are well into their fifties and sixties and swear by Firefox because it’s what their kids installed on their computers twenty years ago, not to mention early Firefox adopters who still stick with it. This overlaps the target audience that Facebooks exploits the most.
Not sure I’d conclude the privacy protection browser is the bad guy here.
You’re right that as surveillance protection gets more prevalent sites like Facebook will just get more aggressive in how they track us. The big event here though is Safari’s cookie policy which has had major effects on Facebook’s ad business.
I don’t think that makes them bad. But until we get regulations, I feel keeping the arms race under the radar at least was working for some of us. If this prompts the EU to adopt stronger rules (because US lobbying won’t make it happen) against different kinds of tracking, then the hindsight is that this is the right call. The problem is that until that point, until we get a new legal barrier, we went from there being a workaround in extensions like ClearURLs and uBlock Origin lists that now no longer work for Facebook, and others like likely follow suit soon enough.
I’m sure regulation would lead to some unexpected consequences, like it did with GDPR and those dark-patterny cookie consent forms and putting a lot of faith in a site that says you are exercising your right to be forgotten but who knows.
Pre-installed computers should have an incentive to add privacy-enhancing features, but even then it’d lead to Google’s asshole campaign of detecting Firefox and/or addons, and the ignorant masses will “enhance their experience” gladly.
Constant education, in failures of both markets and governments, is no small part of what must happen, but at the end of the day, the government is kinda clueless and the corporations will find a way to exploit that.
You’re not wrong–plenty of lawmakers are far from tech literate and their advisors don’t seem to be much better. Luckly with GDPR all you have to do is not click the colored button and pick the grayed out one which usually has everything unchecked on most sites now. Dark patterns or not, at least we’re exposed to the opportunity to opt out even if such banners make the internet more annoying and ugly as a result. It’d be nice if “don’t be evil” could be a real mantra.
It’s driven me to use private windows and such more, at the risk of having to re-find a url if I forget to grab it and the browser is restaryed. Maybe we can trust all that cookie stuff, but it’s not the only form of tracking.
Besides, as I tend to say, even anarchy needs rules. Any law or regulation is worse than useless in administrative and legal fees if it’s ultimately not upheld by any form of executive power. Thus it’d be kinda nice if the power could belong to the people, not externalized to a law that maybe can be circumvented by incorporating abroad or corrupted or broken by any other form of corruption.
Sorry for bordering on off-topic, but the outcry for regulation comes up so often, and I find it somewhere on the border of sad and oversimplified. Even though I’m hard-pressed to come up with a machinery of incentives and education that’s a feasible and robust alternative.
People just need to be told and made to care there’s a war going on.
If a browser tries to “understand” URIs as more than arbitrary bits of stuff held together by slashes, and modify them without the cooperation of the thing that generated them, then it will end up broken sooner or later.
I like how this is posted on a news site which uses “asshole-design” (previously known as “dark patterns”) to force people into accepting their third party cookie tracking. (They basically hide the ability to disagree to their third party cooking behind the “learn more” button, while only displaying “Accept and close” in a flashy colour at first)
Agreed. I wouldn’t have posted that link if it weren’t for the fact that that popup never showed up in my browser.
It seems to only show up when visiting from IP’s geolocated in the EU. I didn’t see it from my home connection, but once on corporate VPN which exits in Europe it showed up.
It didn’t show up in my desktop Safari in the EU, but it did in mobile Safari. Could be my adblocker swallowing it, though it never does otherwise.
Whenever I see Facebook, LinkedIn, or Google (these days), etc. talking about “the customer” I’m reminded of this scene from Mars Attacks:
https://www.youtube.com/watch?v=_vUrAMxmO_A
Or the classic Twilight Zone episode “To Serve Man”
Distressingly accurate. Remember: If you don’t have to pay for something, then you are not their customer, you are their product.
Also remember: Plenty of companies are still happy to charge you for the privilege of being their product. The promise of cable TV was that there wouldn’t be advertising, since the subscriber was the customer.
If you do have to pay for something, then you are not their (only) customer, AND you are also a premium product that has money.
What about the Linux Kernel? I have (unfortunately) never done anything to further progression in regards to Kernel development.
Good question. I think the answer is that the goal of the Linux kernel is not to make a profit.
FB can encrypt links back to its own servers, but fbclid was being added to any link FB ever touches despite being destined to non-FB servers. It can’t encrypt that, because it needs to pass a URL that the non-FB server can process.
I think these reports are missing a lot. FB tracking within itself is expected. The reason fbclid was so problematic is it was attempting to track people around the broader Internet where the user wasn’t interacting with FB at all, and at least for now, these privacy protections are effective against that.
Hindsight is 20/20, but it wasn’t a great call for Firefox to implement this ever recommending add-ons/filters that do this. By blocking them at the browser level it flips the switch from on-our-radar from privacy enthusiasts to time-to-exterminate because it was perceived as a thing niche users do. The surprise to me is that Firefox’s user base size being considered a ‘threat’ as it’s numbers have been low for a while (at least according to what analytics are telling us, neverminding correlation between privacy-focused browser and those blocking their analytics upstream). Is the Firefox base bigger than we think? Does Firefox have a influence sphere that would introduce the feature to more browsers? Or is it just that any threat even small is just worth it to rethink the tracking tokens?
Ultimately best move you can do if not for straight-up deleting your account is to only use Meta products (Facebook, Instagram, WhatsApp) when absolutely necessary (like contacting a business that only operates on Facebook or telling your contacts how to reach you elsewhere) and always inside some form of container to separate its tendrils from your browser/device.
I’ll disagree - Facebook could have done this anyway due to any number of triggers and it’s good to force the behaviour to be more in-your-face. It’s one thing for someone visiting the link to not send the parameters - the other side of the coin is people who want to share a link without tying it to their own account or session. People who are used to cheerfully stripping that part of the URL before sharing are going to be irritated when they can’t, which is exactly the sort of friction and frustration FB deserves to cop for this.
I hope you’re right. I hope these sorts of news stories prompt users to think more wisely about how they use social media.
When your audience is “everyone on the internet”, it’s likely that even browsers with shares in the single digits add up to quite a bit of your revenue. With various privacy extensions available in other browsers sprinkled on top, I can imagine it being perceived as a threat to the business.
That said, I don’t think “privacy through obscurity” is a great approach to solving these issues. We need to fight this on another level: it’s important for browser vendors to make a stand, and for legislature to catch up as soon as possible.
It’s also worth considering the demographics of those low numbers. I know lots of non-technical people who are well into their fifties and sixties and swear by Firefox because it’s what their kids installed on their computers twenty years ago, not to mention early Firefox adopters who still stick with it. This overlaps the target audience that Facebooks exploits the most.
Not sure I’d conclude the privacy protection browser is the bad guy here.
You’re right that as surveillance protection gets more prevalent sites like Facebook will just get more aggressive in how they track us. The big event here though is Safari’s cookie policy which has had major effects on Facebook’s ad business.
I don’t think that makes them bad. But until we get regulations, I feel keeping the arms race under the radar at least was working for some of us. If this prompts the EU to adopt stronger rules (because US lobbying won’t make it happen) against different kinds of tracking, then the hindsight is that this is the right call. The problem is that until that point, until we get a new legal barrier, we went from there being a workaround in extensions like ClearURLs and uBlock Origin lists that now no longer work for Facebook, and others like likely follow suit soon enough.
I’m sure regulation would lead to some unexpected consequences, like it did with GDPR and those dark-patterny cookie consent forms and putting a lot of faith in a site that says you are exercising your right to be forgotten but who knows.
Pre-installed computers should have an incentive to add privacy-enhancing features, but even then it’d lead to Google’s asshole campaign of detecting Firefox and/or addons, and the ignorant masses will “enhance their experience” gladly.
Constant education, in failures of both markets and governments, is no small part of what must happen, but at the end of the day, the government is kinda clueless and the corporations will find a way to exploit that.
You’re not wrong–plenty of lawmakers are far from tech literate and their advisors don’t seem to be much better. Luckly with GDPR all you have to do is not click the colored button and pick the grayed out one which usually has everything unchecked on most sites now. Dark patterns or not, at least we’re exposed to the opportunity to opt out even if such banners make the internet more annoying and ugly as a result. It’d be nice if “don’t be evil” could be a real mantra.
It’s driven me to use private windows and such more, at the risk of having to re-find a url if I forget to grab it and the browser is restaryed. Maybe we can trust all that cookie stuff, but it’s not the only form of tracking.
Besides, as I tend to say, even anarchy needs rules. Any law or regulation is worse than useless in administrative and legal fees if it’s ultimately not upheld by any form of executive power. Thus it’d be kinda nice if the power could belong to the people, not externalized to a law that maybe can be circumvented by incorporating abroad or corrupted or broken by any other form of corruption.
Sorry for bordering on off-topic, but the outcry for regulation comes up so often, and I find it somewhere on the border of sad and oversimplified. Even though I’m hard-pressed to come up with a machinery of incentives and education that’s a feasible and robust alternative.
People just need to be told and made to care there’s a war going on.
If a browser tries to “understand” URIs as more than arbitrary bits of stuff held together by slashes, and modify them without the cooperation of the thing that generated them, then it will end up broken sooner or later.