Sunday, April 24, 2011

Be Aware, Facebook's Like Button may be Tracking You!

Facebook is the most popular Social Networking Site, as of January 2011 Facebook has more than 600 million active users. Users may create a personal profile, add other users as friends, and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common interest user groups, organized by workplace, school or college, or use other characteristics like using some applications "find your luck", "when you will die" or games etc.

As this network having a large amount of people, security of data or information is very important aspect. To break security or archiving data/information a lots of spamming attack may take place which may come through using some application which have quite beautiful stuff to attract any user like "Get Your T-shirt now Register Here", "See who viewed your facebook profile" etc which force user to like them before using them.

In present days I have been sucked off from such spamming stuff on my facebook wall, people posting regularly these kind of messages in fb chat too. In real, they people are doing nothing beside liking or clicking on those links, thats all act is playing by these spams. They people are unaware of these spamming attacks actually.

Through spamming facebook may track everyone whether they use social networking site or not. Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect. There are some well proved researches of how the 'Like This' button or facebook connect on any web page can gather user browser data and send it back to Facebook. The scenario involves users who already have Facebook accounts:

When the account is created by a user, Facebook issues a cookie containing a unique user ID. This cookie facilitates the display of a username in the login field at returning visits. When accessing Facebook from another device, a temporary cookie is issued, which is replaced by a cookie with the same ID after logging into the account. This allows different devices to be connected to one account carrying the same ID cookie. Every time the user visits Facebook, the cookie is sent together with the HTTP request for the site. As a result, Facebook knows who wants to log in before the login has taken place.

But the cookie is not only sent when a member wants to log on to Facebook, it is also sent every single time a web site which includes the 'Like' button is visited.

"Facebook receives the information concerning the user, including his unique ID, via the cookie. When the user actually clicks on the Like button, he has to provide his Facebook login details and a message about the'Like' is posted on his profile page," writes Roosendaal.

But data about the user is sent to Facebook regardless of whether the Like button is actually activated.

Which is all quite scary - but not too surprising, given Facebook's reputation for snooping on its registered users.

What becomes really scary is realizing how Facebook can track your movements even if you haven't signed up to its fake-friend collection service for lonely teens and sad divorces.

Even if you don't have a Facebook account, you are far from immune from prying eyes, as Roosendaal explains:

"When a user does not have a Facebook account, there is no cookie and no user ID available. In this case, an HTTP GET request for the 'Like' button doesn't issue a cookie.However, when a site is visited which includes Facebook Connect, this application issues a cookie. From that moment on, visits to other websites which display the 'Like' button result in a request for the Like button from the Facebook server including the cookie."

Which means Facebook has swiped another batch of valuable data without asking for permission, the data which may include your mail account info also. When you consider that 40 million unique visitors ended up on a site using Facebook Connect in a single month in March 2011, and that these particular cookies have a two-year expiry date, that ads up to a lot of user data flying around looking for a home.

"Based on the cookie, the entire web behaviour of an individual user can be followed. Every site that includes some kind of Facebook content will initiate an interaction with the Facebook servers, disclosing information about the visited web site together with the cookie."

So you find yourself dragging all of this invisible data round with you like a piece of toilet paper stuck to your shoe, even though you have never even been to Facebook, let alone signed up.

On signing up, the 'toilet paper' cookie, as we have now decided to name it, is sent to Facebook as part of the the request for the web page to be loaded. The server responds and issues some new session cookies and when the account is actually created, a unique ID number is issued and sent in another cookie.

"The connection between this ID cookie and the old cookie is made behind the scenes by Facebook's servers," explains Roosendaal. "This means that the entire historical information of the user can be connected to the newly-created Facebook account. From this moment on, all subsequent requests for Facebook content go accompanied with the cookie including the unique user ID."

As you're reading this rather than laughing, you know a thing or two about cookies. They are helpful to users and of immense value to marketeers, allowing them to bombard you with targeted advertising based on your browsing history.

If every time you walked past a shop on your local High Street someone stuffed an advertising flyer into your pocket without asking your permission, there would soon be a trail of leaflet distributors clutching black eyes and broken noses.

Be careful of what you are doing actually on such Social Networking sites like fb, in result of unawareness you can loose your every private or secure data/information saved in your browser or in current tabs of your browser.

References

en.wikipedia.org/wiki/Facebook

http://tinyurl.com/23k8x8a