Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Facebook tracks your external web browsing history through the use of their embedded buttons, and links that history with your profile. So even if you don't post private information to Facebook, they're tracking your private activity unless you take measures to block such buttons across the web.


...or use Facebook in a different browser (or Incognito), or specifically log out of Facebook when you're not using it.

Or only use it in the Facebook App on your phone, but never log your browser in to it.

"Logging in" is completely broken on the internet - no argument, there.


The other two approaches may work, but

> or specifically log out of Facebook when you're not using it

will probably not, because they set tracking cookies that remain even when you log out.

Complete speculation here, but if they're willing to do that, who's to say they don't link traffic from known IP addresses as well? It might be linked less strongly but in many cases could still be associated in some way. They track web browsing for non-users already anyway, so if they can connect that to existing users by IP I'd be fairly surprised if they didn't.

In order to prevent this, you have to block trackers in all your browsers and devices with Ghostery or similar tools.


Browser user agent string alone is quite accurate identification [1]. Just add IP/country data on top of that..


If people can't be bothered to care about security, they won't be interested in doing this.


With the immaturity of the app permissions model and Facebook's abysmal record, I feel like you're far better off using a mobile browser (in incognito, of course) than the mobile app.


or on a different computer.


connected to the neighbor's open wifi?


Nope, not if you're outside the US. Seriously getting sick of repeating this, but whatever. Facebook Ireland (mmm, double Irish) is the data controller for all Facebook users outside the US, and they released a report which prevents facebook from doing this. AFAIK, they said that this data can only be retained for 30 days and cannot be linked to user profiles and/or used for targeted advertising.

For some strange reason, the same requirements do not apply to Google, and Twitter are currently being investigated.


Facebook can't track you regardless of whether you have an account much less whether are logged in IF you use Firefox's RequestPolicy plugin.


was about to post the same. Request policy + noscript ftw


Facebook tracks your external web browsing history through the use of their embedded buttons, and links that history with your profile

Not if you log out of FB. Conveniently, the "Like" button tells you when you're logged in and the "(Not You?)" link allows you to log out of FB whenever you notice you're still logged in. Hmm, this gives me an idea for an indicator browser extension.


Yes, it does, through the use of tracking cookies that persist after you log out. They also track non-users.


They say they don't keep shadow profiles of your external Web traffic [though I can't imagine that's true].

In line with other responses, I use a browser plugin that blocks all traffic to Facebook when I'm not on a facebook.com domain, and I exclusively sign in via incognito mode so the session is destroyed when I'm finished.


Easy enough: I have a separate browser for connecting to Facebook. I also have the usual set of tracker-blocking plugins installed on Firefox, which I use for normal browsing.


Google also tracks you on non-Google sites that use Google-hosted Ajax libraries, which is a huge chunk of the web.


If they do, that's a lot more devious that Facebook's "like" button, because if you block it, then the site doesn't work.


That's silly. I block it (via the someonewhocares host file) and not it works but makes browsing faster.

Only downside is when i click done actual useful advertising result on gsearch i get a 404 :)


How is it silly? When someone loads jQuery from Google, and their site depends on jQuery, do you expect the site to still work when you block Google's CDN?


no major provider serve ads and jquery/yui mirrors from the same CNAME...

i know your example is moot because google doesn't




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: