When a visitor surfs into the YouPorn homepage, a script running on the website checks to see what other porn sites that person has been to.
It's based on your browser changing the color of links you've already clicked on. A script on the site exploits a Web privacy leak to quickly check and see whether your browser reveals that the links to a host of other porn sites have been assigned the color "purple," meaning you've clicked them before.
A group of researchers from UCSD trolled through the Web's most popular sites to see which ones were collecting this information about visitors. They found it on 46 other news, finance, sports, and games sites, reporting their findings in a paper with the intimidating title, "An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications."
Facebook's 'Like This' button is tracking you:
I thought it was common knowledge that Facebook tracked all Facebook member web activity across non-Facebook sites via the "Like" buttons that those other sites add to their pages. After Facebook's Beacon was launched (and failed) it seemed pretty obvious that this was another attempt at similar data mining/aggregation. Only this one goes way beyond purchases to all kinds of web activity, and it's much more low-key (instead of automatically collecting and broadcasting users' purchase data on their Facebook walls, the "Like" button scheme only does the broadcast when the user actually clicks the button, but data on page visits is STILL being collected regardless).
This is why I was surprised to see you implement all those Facebook "Like" buttons on the DNA Lounge website.
The insidiousness of it is that most 3rd party websites think that all that's happening is that they're getting some free promotion on Facebook whenever anyone clicks a Facebook "Like" button on their site.
A few months ago, in order to sandbox Facebook on my computer I used Fluid.app on Mac OS X (http://fluidapp.com/) to create a site-specific browser for Facebook. Now when I'm on my computer I only log in to Facebook through that browser. For good measure I also always log out whenever I'm done using Facebook. While I'm mobile I'll still (and only) use Facebook's iPhone app, since iOS has pretty good app sandboxing built-in.
Amendment: "Common knowledge" being to people who pay appropriate attention to privacy regarding Facebook (I expect most people reading here).
I didn't add those Like buttons because I have some great desire to help Facebook out with their spamming, but because I'm *trying to run a business*. Being the only business not using Facebook is not beneficial to me or, really, anyone else. The paranoid already know what to do. The other 99.999% don't care.
My surprise comes from how I'd expected you'd know about how Facebook uses the "Like" buttons to track user activity on other sites, or you did know and implemented them anyway, considering that you're well known to take a stand on many other issues where there may be conflict between an incremental benefit to business and privacy or other other social issues.
It hadn't occurred to me that they could track the logged-out and then re-associate them with the logged-in. But, mostly, I just don't care.
Facebook has said officially that they don't do this. But of course we have no way of knowing (given their size and sprawl management might honestly believe that while engineers are in fact doing it)
This is going to happen anyway. A society without privacy is perfectly workable, it's just that it happened faster than we could adjust to it. Celebrity magazines ("Look, Jennifer and David buy groceries, in a shop! Like us!") are as much a symptom as Facebook Like. We'll get used to pretending we don't know and don't see things, like any parent of a normal teenager.
That said during the adjustment period the NHS might have wanted to think harder before adding Like buttons to embarrassing or even career-threatening disease information pages. Who the hell "Likes" STDs anyway?
By the way, this OpenID plugin does not suck, unlike the last one (or maybe it's the same one but configured better?)
David Baron fixed the CSS privacy leak, the fix is in the Firefox 4 betas.
Sucks about the Facebook button, but everyone is voluntarily giving Facebook all their information anyway, it's not like they have to be exceptionally evil to get more than enough data to make money off of.