Re: Facebook tracking from Francis Larkin on 2011-09-26 (public-tracking@w3.org from September 2011)

From: Francis Larkin <fran@fb.com>
Date: Mon, 26 Sep 2011 01:37:26 +0000
To: "Aleecia M. McDonald" <aleecia@aleecia.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CAA524E9.1AC5E%fran@fb.com>

Hi all, 
Just to clarify, Facebook users need to opt-in to using Timeline apps, and
we've made improvements to our permissions dialog to make the new
experience clear to people (preview module, clear description, updated
button next, in-line privacy selector).

More relevant to this working group, we've responded to the blog post
below to correct misconceptions about how Facebook handles cookies for
logged out users: 
http://nikcub-cache.appspot.com/logging-out-of-facebook-is-not-enough#comme
nt-319881438.  Some people on this list have reached out to me about the
this, so thought I'd share.

Happy to discuss further if anyone has questions.

Best,
Fran



On 9/25/11 2:36 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote:

>A very nice summary, Karl. This also relates to Issue-26 on widgets and
>consent.
><http://www.w3.org/2011/tracking-protection/track/issues/26>
>
>	Aleecia
>
>On Sep 25, 2011, at 3:25 PM, Karl Dubost wrote:
>
>> Relevant to the work of this Working Group
>> I guess it relates to ISSUE-10: What is a first party? [2]
>> 
>>    Dave Winer wrote a timely piece this morning about
>>    how Facebook is scaring him since the new API
>>    allows applications to post status items to your
>>    Facebook timeline without a users intervention. It
>>    is an extension of Facebook Instant and they call
>>    it frictionless sharing. The privacy concern here
>>    is that because you no longer have to explicitly
>>    opt-in to share an item, you may accidentally
>>    share a page or an event that you did not intend
>>    others to see.
>> 
>>    The advice is to log out of Facebook. But logging
>>    out of Facebook only de-authorizes your browser
>>    from the web application, a number of cookies
>>    (including your account number) are still sent
>>    along to all requests to facebook.com. Even if you
>>    are logged out, Facebook still knows and can track
>>    every page you visit. The only solution is to
>>    delete every Facebook cookie in your browser, or
>>    to use a separate browser for Facebook
>>    interactions.
>>    ‹ Logging out of Facebook is not enough, [1]
>> 
>> [1]: 
>>http://nikcub-static.appspot.com/logging-out-of-facebook-is-not-enough
>> [2]: http://www.w3.org/2011/tracking-protection/track/issues/10
>> 
>> -- 
>> Karl Dubost - http://dev.opera.com/
>> Developer Relations & Tools, Opera Software
>> 
>> 
>> 
>
>

Received on Monday, 26 September 2011 07:05:32 UTC