Tuesday, 4 December 2007

Locking down Facebook

There has been a flurry of concern regarding the Facebook Beacon advertising system. The first warning came when some Facebook users became aware that third party websites were posting updates to their Facebook minifeed. In response, Facebook changed the privacy options to allow users to opt out, and a number of users found workarounds using the Blocksite add-on for Firefox.

Unfortunately this was insufficient and it has now been revealed that Beacon sites are sending Facebook information even when you are logged out of Facebook! Even worse, unless you are sniffing your network traffic, you wouldn't know about it.

I'm guessing this works because Facebook doesn't remove all cookies when you log out and it is using these cookies to link activities on third party sites back to Facebook.

So in order to allow access to Facebook, without letting them access the rest of my online life, I've done the following:

1) Create a dedicated Firefox profile for Facebook
2) Install Blocksite in the Facebook profile to stop Beacon working
3) Install Blockstie in the default profile to prevent access to Facebook
4) Delete Facebook cookies from the default profile

To create a new profile, configure Firefox to open the profile manager by appending -ProfileManager to the execute command.

Create the new profile (e.g., "facebook") and then create a new Firefox icon, removing the -ProfileManager and adding "-p facebook -no-remote" (without the quotes).

Change your original Firefox icon and add "-p default -no-remote" to the execute command line. You no longer need to use the -ProfileManager switch.

The -p option specifies a profile to use, and the -no-remote allows multiple profiles to be loaded concurrently, so you can have your normal browser and your Facebook browser open at the same time.

Once you have a dedicated Facebook profile setup, use the Blocksite add-on to prevent Beacon from working.

It might also be a good idea to prevent Facebook loading in your default profile, just in case you forget where you are. Again, this can be done using the Blocksite add-on.

Another step you can take to protect your privacy is to use a Yahoo! email disposable address specifically for Facebook. This means that third parties won't be able to link you based on your email address.

It's unlikely that this will be the end of the Facebook privacy problem, but hopefully these techniques will help Facebook isolated from the rest of your online activity.

No comments: