Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 03 December 2007 09:35

CA exposes sneaky Facebook tracking

Facebook's Beacon system is logging users' activities in a manner contrary to the company's stated practices according to a CA security researcher.

The idea behind Beacon is that prople can see what their 'friends' have been doing at affiliated sites, such as renting videos, playing games, choosing recipes or purchasing items.

After an outcry from users, Facebook provided an opt-out mechanism, but it assumed consent in the absence of a response. Since it was possible to navigate away from the affiliated site after performing an action that would be sent to Facebook but before the opt-out message appeared, it is doubtful that is a safe assumption.

Futhermore, according to Facebook, "as long as you are logged out of Facebook, no actions you have taken on other sites can be sent to Facebook."

Stefan Berteau, a research engineer at CA's PestPatrol spyware research team, has found that isn't true.

Berteau has examined network traffic logs and determined that some information is sent to Facebook even when the user opts out. It is especially worrying that he found identifying information was transmitted even when he was not logging into his Facebook account.

"Despite the fact that I was not logged in, Facebook just received enough information to tie the activity I took on their affiliate to my individual account, which combined with the social data they already have, such as circles of friends, level of education, communication patterns, and geographic locations, would allow them to profile individual consumer behavior on a nearly unprecedented level of detail," he wrote.

If Berteau is correct, this is egregious behaviour on the part of Facebook. If you felt like being charitable, you could write it off as a bug. But according to Berteau, his attempts to raise the issue with Fackbook's privacy department were fobbed off.

An old saying suggests that if a situation can be explained in terms of a conspiracy or a cock-up, the latter is more likely. The particular person that handled Berteau's alert may have been badly informed or incapable of understanding the issue, but it seems more likely that Beacon is actually working as intended.

After all, CA senior researcher Benjamin Googins had previously determined that using an affiliate site sends data to Facebook before the option to opt-out has been presented.

If you must use Facebook and are concerned about this issue, the recommendation appears to be that you block URLs that match* or* with the aid of BlockSite or AdBlock Plus if you're using Firefox, or by adding them to Internet Explorer's restricted zone.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments