back to article German watchdog rips off Facebook's thumbs after online fracas

Five German companies have removed Facebook’s “like” button from their websites following pressure from the niftily-named Consumer Advice Center of North Rhine-Westphalia (Verbraucherzentrale NRW). Two weeks ago, Belgium’s data protection authorities said the social network was breaking national and EU law by tracking users on …

  1. Natalie Gritpants

    Twitter et al should be covered by this too

    I'm not sure if those "search this site with Google" input boxes also result in tracking without consent.

    1. NumptyScrub
      Unhappy

      Re: Twitter et al should be covered by this too

      To be fair, anyone linking code off ajax.googleapis.com is also likely facilitating tracking without consent, because I never see that domain without scripts also wanting to run from google-analytics.com (which often does not appear as a blocked domain until I enable the ajax one, so it's likely the ajax domain specifically calling the analytics domain itself...)

      Thanks to the prevalence of using 3rd party hosted scripting, basically the entire commercial internet is tracking you without informed consent anyway, singling Facebook out for it just because their button is visible is akin to cutting the leaves off and leaving the roots behind. They just revert to invisible means of doing the same thing, and back to BAU.

      1. Paul Crawford Silver badge

        Re: Twitter et al should be covered by this too

        We see more and more reasons to use a Tor-like system for everyday browsing, and it has nothing to do with legality or otherwise, and all about basic privacy. No need for the multi-hop effort of Tor, just a system (even browser plug-in) that randomly redirects your request to others in the same country as the target web site (so it can be presumed the content is legal there) for the short term path. That and keeping each tab private and deleting automatically on closing so cookies, etc, are not shared between sessions or sites you open separately. And also makes everyone's browser look like one of a very small set to render fingerprinting pretty useless.

        A shame that web browsers are not really interested, instead keep pissing away effort on ever more useless GUIs and advertising revenue options.

        1. anonymous boring coward Silver badge

          Re: Twitter et al should be covered by this too

          "A shame that web browsers are not really interested"

          I was unaware that the web browsers have now acheived consciousness!

          This is frightening indeed!

    2. Charlie Clark Silver badge

      Re: Twitter et al should be covered by this too

      The search with Google is less of a problem because users actively seek it out and it's labelled as being from Google. The problem is with anything that automatically includes third party code in a page.

      Google understood the problem earlier than most and, for example, explains how to embed YouTube videos in a page reasonably, ie. not tracking someone just because they load a page with a YouTube video.

    3. big_D Silver badge

      Re: Twitter et al should be covered by this too

      In Germany they are covered. This has been the case for several years.

      In fact Heise Verlag (technical magazine publisher) provided a method of disabling the buttons by default and only turning them on if the user wants to use them back in 2011. (http://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html)

      They updated the system again towards the end of last year:

      http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

      (Articles in German)

  2. TheCookieCollective

    Good, but not quite right

    Surely a better approach - and one that the cookie law promotes, is for the websites in the first place obtaining permission from users, to include the like buttons. Then they can be added to the page dynamically and all is well.

    Its not that difficult.

    1. Jamie Jones Silver badge
      Facepalm

      Re: Good, but not quite right

      You mean just like one of the websites does, as mentioned in the article?

    2. king of foo

      Re: Good, but not quite right: about bloody time someone did something

      Are you talking about doing something like the "this site uses cookies bla bla bla ignore my techno gabble I'm reputable because I'm warning you about something no need to read me further, oops I forgot to add a cross/close me link, oh well never mind it's not as if I'm taking up half the sodding page and won't go away.... leave this website now or I will continue to annoy you" that pops up on every ***** website you visit?

      That's almost as bad as the Fwitted JavaScript popups inviting you to download an "app" (a shit version of the website, with missing features but twice the privacy invasion) or "join us/subscribe/register for a free account so we can sell your info to the king of Nigeria because he has a lucrative opportunity you may be interested in" before you've had a chance to read the bloody page.

      I think the punish bad behaviour ethos is a good one, and gets the ball rolling re future punishment of other similar practices.

      I don't use 'social media', it uses me.

      I like the idea of a "free" internet. As in speech. In order to accomplish this we need policing, not censorship.

    3. big_D Silver badge

      Re: Good, but not quite right

      Which is what Heise.de have been promoting since 2011 with their social media button add-on for websites (Shariff).

      1. Trigonoceps occipitalis

        Re: Good, but not quite right

        I have not yet visited a site that says something along the lines of:

        "This site uses cookies: if you want to download these cookies click YES, if you want to continue without downloading these cookies click NO."

        Usually it is more:

        "In order to save the whale, eradicate paedophilia, prevent global warming etc etc this site uses cookies. Click YES to agree."

        And this is considered informed consent?

        1. Charlie Clark Silver badge

          Re: Good, but not quite right

          And this is considered informed consent?

          No, all the cookie notices are legally worthless. But as enforcement is largely dependent upon the national ICO, most of which have been deliberately hobbled, the issue is somewhat moot. Things will probably change next year with the new EU data protection directive. Fines for breaches could be up to 10 % of turnover though unlikely for that kind of thing.

          The BBC's cookie page is pretty reasonable except all optional cookies should be disabled by default.

  3. Nick L

    Google analytics...?

    Thinking out loud, what about Google analytics? Must admit I block that at the router, but...

    1. Pascal Monett Silver badge

      Re: Google analytics...?

      Indeed, blocking Facebook from automatically tracking people is a good move in my book, but damn near everyone is using Google code directly from the source.

      Google must be rolling on the floor, laughing at how Facebook needs cookies to track people. With Google, just visiting a site triggers a call, so they know you're there.

      So, how does Germany feel about that ? Or is this just a warming-up round before they start gunning for the Big G ?

    2. Anonymous Coward
      Anonymous Coward

      Re: Google analytics...?

      Slightly less accurate but still a nice source of volume data: Google fonts. It gets cached by the browser, but it would be nice to keep an eye on what they do about that too as you can invalidate the cache.

      Now, try to find a Joomla, Drupal or Wordpress theme that does NOT use Google fonts. Yup - hard work. I know because I tried.

      Also be careful with your hosting provider - some throw analytics in without telling you. I noticed that when I looked at a test site I set up somewhere and Ghostery flagged up Google Analytics without me having installed them (because I never do, neither do I install asocial media buttons because of the associated tracking).

  4. Rory B Bellows
    Thumb Up

    Can they hear me now?

    Is the Facebook circle logo on this article the same thing as a 'thumbs up' button? There's also another one in the bottom right area of the comments section... I'm not on facebook so I don't know what clicking on either of them does...

    1. Anonymous Coward
      Anonymous Coward

      Re: Can they hear me now?

      I'm not on facebook so I don't know what clicking on either of them does

      If you're not already on Facebook this will automatically set up an account for you, and then send you WhatsApp to instal on your phone so it can use your address book to invite everyone you know as well. While everyone is busy giving away details about you (FB won't ask you yourself because that would mean it would have to comply with Data Protection) it will download any pictures it can find and invite your now well established network to tag you so it can stick a pretty picture on the dossier before it sends it on the CIA (or FBI if you're in the US).

      Sorry, only kidding. You probably already have a Facebook account, just not a login..

  5. James 100

    Two step version?

    There's a "privacy enhanced" version out there somewhere which displays the social icons greyed out initially, without loading their scripts - so they don't get a chance to track you unless/until you've explicitly requested that service by clicking on it. Once you click (thereby arguably consenting to tracking, since you are knowingly interacting with them) the Like button activates.

    Google Analytics and co worry me a bit too; IIRC back before Google bought them, they offered a self-hosted option which avoided all these issues, but of course that got killed off smartish.

    1. Dan 55 Silver badge
      Thumb Up

      Re: Two step version?

      Was going to say the same. Bruce Schneier's website uses them. Really it should be the default, but so should lots of things...

    2. big_D Silver badge

      Re: Two step version?

      That sounds like the c't magazine 2-step social media button solution to the problem from 2011 (Shariff from heise.de)

  6. Anonymous Coward
    Anonymous Coward

    Privacy Badger

    Install Privacy Badger and it will tell you exactly what a page is up to (and block it).

    https://www.eff.org/privacybadger

  7. FozzyBear

    This articles heading was promising .

    I had high hopes of seeing a nice picture of zuckerberg holding up mutilated hands, with a footnote claiming the germans would be going after his smug smiling face next.

    Alas it was not to be

  8. Charlie Clark Silver badge

    According to the consumer watchdog, Facebook uses cookies to automatically track website visitors, whether or not they click the offending button, and whether or not they even have a Facebook account.

    No, it's not according to the watchdog, it's exactly what's happening: the "like" button is a clever bit of social engineering to facilitate user tracking across websites.

    Website owners should think twice about using these kind of things. Not only out of respect for users' privacy. These trackers aggregate data across websites which website owners don't have access to and are the basis for Facebook and co for selling adverts to the sites. With the data gathered they can, and do, happily talk to the competition about the kind of visitors that visit a site. By placing the button on the page you give these companies to hoover up data about your customers but they don't have to share this data with you.

  9. Mage Silver badge
    Big Brother

    Block the parasites and fine them

    I use noscript and other tools to block most of the trackers, which can be done without cookies now.

    Most people are not that tech savy.

    There is a reason that 29 of top 30 Web Borgs are based in Ireland for EU stuff and many moving all non-USA stuff. It's not low corporation tax but the useless Irish Regulators.

    Rather than fine Facebook, the Irish data commissioner has issued a notice warning EU citizens to avoid using Facebook.

    How does that work given all the 3rd party junk on nearly every major website.

    I can't actually find the notice. Maybe in a filing cabinet in a toilet in the basement.

  10. KjellBjarne
    FAIL

    At least the reg is clear

    oh wait... what's that facebook-icon on every single article up to?

    1. Dan 55 Silver badge
      Trollface

      Re: At least the reg is clear

      It's taking the "https is coming real soon" promise made by Reg staff out back and kneecapping it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like