Antisocial Integrations: Inverting the Tracking Logic

Social media integrations, such as ‘Like’, ‘Tweet’ and ‘Plus’ buttons, are pervasive on the Web. It seems as if no one ever thinks twice about adding them to their website, as long as they lead to more visitors and attention. However, privacy advocates and researchers have recently drawn attention to the issue of tracking by social networking sites that is indissoluble from the widespread implementation of these ‘social’ plugins and buttons.

Not accepting ‘how the cookie crumbles’, concerns are raised about the monitoring of Web browsing behaviour through tracking cookies. Moreover, several browser add-ons have been rapidly developed with the purpose of blocking unwanted tracking by social networking sites. Although for many Internet users ‘privacy’ is an ambiguous concept, there clearly is something at stake. Still, the tracking issue can -and probably should be- more evidently defined.

According to Arnold Roosendaal, privacy researcher at the Tilburg University for Law, Technology and Society, individual web behaviour is tracked and traced by Facebook using cookies and unique identification numbers. In ‘Facebook Tracks And Traces Everyone: Like This!’ (2010) Roosendaal demonstrated that when FB users and even non-members visit a website that contains a ‘like button’, their visit is registered in unique data sets. Last year Facebook responded with a quick fix for what they referred to as the Connect ‘bug’. Consequently, the so-called ‘Datr’ tracking cookie would no longer affect non-members.

However, Australian hacker/blogger Nik Cubrilovic has recently argued that the Datr cookie “(..) is being set for everybody on any Facebook integrated site – logged in or not logged in”. A few days before posting about the Datr cookie, Cubrilovic worked together with Facebook towards a ‘fix’ for a log-out cookie issue. Facebook would henceforth destroy the ‘a_user’ (user ID) cookie when logging out, which seemed like a big win. Though, according to Cubrilovic Facebook is still tracking us as of now: “If you set a cookie on a users machine from one website, and then read that cookie from that persons machine from another website, that is tracking”. Unsurprisingly, Facebook denies the tracking allegations or having the intension to do so.

Earlier this month six Facebook users filed a lawsuit in California, asking the court for damages, as well as an order that would require Facebook to stop installing post-log out tracking cookies. On top of that Max Schrems, law student in Vienna and initiator of the Europe versus Facebook project,  has filed serious complaints against Facebook for data abuse. He requested all his Facebook data on a CD: 1200 pages, collected over three years, containing all the data he ‘deleted’ and missing the data set of his web browsing behaviour. Schrems claims Facebook is committing multiple breaches of European data protection laws.

Stern TV – Student sagt Facebook den Kampf an (English subtitles are available)

Be aware. It’s not only Facebook tracking you!
With Facebook receiving so much attention in relation to tracking, the activities of other popular social networking sites are all too easily obscured. Twitter, Google+ and Xing are actually doing the same. Tracking you on the web and collecting data on the social media integrations you visit. In August software developer Christian Schneider shared a comprehensible study of the capabilities of all major social networking sites to track web behaviour through social buttons. Concluding that “All tested major social networking websites have the ability to collect and mine data of users visiting social button enabled webpages.”

If we take a bit more distance from the issue that social networking sites are tracking us, it should be clear that the tracking cookies and other methods have existed for many years. As EFF’s Peter Eckersley puts it in the highly recommended article ‘How Online Tracking Companies Know Most of What You Do Online (and What Social Networks Are Doing to Help Them)’:

“3rd party advertising and tracking firms are ubiquitous on the modern web. When you visit a webpage, there’s a good chance that it contains tiny images or invisible JavaScript that exists for the sole purpose of tracking and recording your browsing habits. This sort of tracking is performed by many dozens of different firms.”

Eckersley describes various ways of how dozens of companies engage in tracking practices and also describes steps to take to ‘protect’ yourself. Configuring your browser’s cookie settings in a safe way, setting up TOR and using the NoScript extension are good tips that cannot not be left unnoticed by those concerned about tracking practices.

Blocking the antisocial
Here’s a list of browser extensions that are specifically meant to block tracking.
1: Priv3
The Priv3 Firefox extension lets you remain logged in to the social networking sites you use and still browse the web, knowing that those third-party sites only learn where you go on the web when you want them to.
2: Ghostery
Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes. Ghostery puts your web privacy back in your hands.
3: Disconnect
Disconnect stops major third parties and search engines from tracking the webpages you go to and searches you do
4: ShareMeNot
ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them.

German website Heise also offers a ‘two-clicks for more privacy’-solution that –when implemented- disables the social buttons (Like, tweet, plus) –an their ability to track- by default and activates them only when the user toggles them on. Sidenote:  the German state of Schleswig-Holstein banned the ‘like’ button in August, fining the state institutions who kept the like button on their website.

These techniques to block unwanted tracking by social networking sites probably do a better job in raising awareness about the tracking practices than actually blocking the integrations on a large scale. What seems to be missing is a common understanding of the issue. These techniques are based on the idea to have ‘more privacy’ and being able to ‘control the data collected about you’, and yet, do not provide a clear definition of the problem. Roosendaal, however, describes two significant concepts in his paper: ‘informational self-determination’ and ‘contextual integrity’:

“(..) the individual should be able to decide which data are disclosed to whom and for what purpose. The aspect of contextual integrity means that data have to be treated according to the norms applicable to the context in which the data were disclosed. Besides, data should not be transferred to another context without the individual’s consent.”

As social media integrations conflict with informational self-determination and contextual integrity, I believe we should no longer refer to these integrations as ‘social’ but instead call them ‘antisocial integrations’. Simply because they do a whole lot more than we perceive, enabling corporations to profile individuals without them knowing about it. Besides, these integration postulate the ‘social’ by calling everything social, whereas web users are getting used to a system whereby the craving for attention –using these integrations- inherently becomes a potential threat to the privacy of individuals.

Individual web users are tracked by social networking corporations, resulting in privacy complications. Let’s turn the tables and pay close(r) attention to every step these corporations take. Sooner or later they will have to deal with the tracking issue, as the ‘transparancy’ of operations is likely to become an important matter in discussing law and the regulation of social media. If the ‘private’ operations of these corporate entities -in relation to tracking- are potentially harmful to individuals, it’s about time to bring them to light.

Let’s invert the tracking logic.