Latest Privacy Badger removes Facebook's link tracking - gHacks Tech News

Latest Privacy Badger removes Facebook's link tracking

The Electronic Frontier Foundation released a new version of Privacy Badger today for Chrome and Firefox that removes link tracking techniques that Facebook uses on its site to track outgoing link activity.

While Facebook knows exactly what its users do when they interact on the site, it would not know nearly as much about links to third-party sites that users interact with if it would not use a technique that is called link shimming.

The main idea behind link shimming is to use a wrapper around the original link so that all activity flows through Facebook servers first before the actual link target is loaded.

Facebook is not the only company that uses link shimming; many major Internet companies including Google or Twitter, use similar techniques.

The screenshot below demonstrates how skimmed links look like on Facebook. The link target is a page on Ghacks, but Facebook wrapped it around its own link target to track user activity.

facebook link tracking

Facebook runs a script on its site that manipulates skimmed links when users interact with those links. When you hover over an external link on Facebook, a script ensures that you see the right link target and not Facebook's link monstrosity.

Whether that is done to provide users with information about a link's destination or to hide the fact that Facebook redirects the link through its own servers is unclear.

The new version of Privacy Badger takes care of skimmed links on Facebook which the company uses to track users. The browser extension removes Facebook's link wrapper and blocks the tracking code; it does so automatically on Facebook and requires no user interaction for that.

The code is based on Facebook Tracking & Ad Removal, a browser extension for Firefox and Google Chrome that blocks tracking on Facebook's site and removes advertisement from Facebook as well.

Privacy Badger started to remove wrapped links to third-party sites on Twitter in 2017.

Closing Words

The new version of Privacy Badger blocks some of Facebook's tracking of third-party links. It should be clear that you cannot prevent all forms of tracking on Facebook if you use the site but that you can limit your exposure.

Privacy Badger blocks some tracking already, from Facebook but also other companies, and the EFF promised to keep on releasing updates for the extension to improve tracking protections further.

Now You: What do you do against online tracking?

Summary
Latest Privacy Badger removes Facebook's link tracking
Article Name
Latest Privacy Badger removes Facebook's link tracking
Description
The Electronic Frontier Foundation released a new version of Privacy Badger today for Chrome and Firefox that removes link tracking techniques that Facebook uses on its site to track outgoing link activity.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Richard said on May 28, 2018 at 10:22 pm
    Reply

    Thanks Martin! Great info. I also install FBP extension as well. It cleans up the feed nicely. They recently added a quick cleaning feature. You go into settings /ads and it can wipe out all interests, ads, websites. I do this every few days to erase tracking.

  2. Millenicide said on May 28, 2018 at 11:07 pm
    Reply

    Can this be done via ublock origin filters?

    1. Tom Hawack said on May 29, 2018 at 12:19 am
      Reply

      Depends of the lists you use for uBO; I don’t know if the default lists provided handle Facebook’slink shimming. If not Facebook dedicated lists exist, i.e.

      Fanboy Annoyances List at https://fanboy.co.nz/
      Social media filter at https://kb.adguard.com/en/general/adguard-ad-filters

      I use them both to defeat Facebook’s intrusion on the Web but I ignore their Power on Facebook itself given I avoid social medias (except YouTube since it appears it’s considered as a social media).

      My anti-tracking DoD includes, as far as Firefox is concerned, following extensions:
      uBlock Origin,
      Skip Redirect,
      ClearURLs,
      Smart Referer,
      Trace,
      Decentraleyes

      Of course the classical cookie management, here with Cookie Autodelete.
      Firefox is set to honor First Part Isolation (privacy.firstparty.isolate = true).

      Of course the Ghacks-userPref arsenal.
      Am I forgetting something?

    2. Klaas Vaak said on May 29, 2018 at 5:06 am
      Reply

      @Millenicide: good question. I too prefer to use uBo instead of an extension if poss. I am a bi in 2 minds about Privacy Badger: I have seen comments that say it is complementary to uBo, and I have seen comments that say if you use uBo you don’t need PB. Having installed uBo I recently removed PB, then reinstalled it.

  3. Valrobex said on May 29, 2018 at 12:50 am
    Reply

    To curb online tracking I use Privacy Badger, uBlock Origin, and based upon your recent review I’ve added Trace. So far, they appear to work well together and I’ve only encountered one website that didn’t load. In addition I’ve tweaked Firefox in several about:config recommendations as well. I also use Epic Privacy Browser (which has a built in VPN) and like that browser as well, but FF is becoming my “go to” primary browser now that I’m learning more about how to customize it.

    Since I’m a relative novice I’ve learned quite a few tips from your blog, Martin. Many Thanks.

  4. Darren said on May 29, 2018 at 3:03 am
    Reply

    Thanks for the heads up. Been meaning to install this on Firefox.

  5. chesscanoe said on May 29, 2018 at 3:21 am
    Reply

    A Version of Privacy Badger for Chrome, Firefox, and Opera newer than Version 2018.5.10 dated 2018-05-23 is not yet available yet in the US per https://www.eff.org/privacybadger . This may simply be a commonly seen delay in availability for a new version.

    1. gh said on May 29, 2018 at 7:59 am
      Reply

      nevermind us. don’t see nothing in uk either for firefox or chrome.

  6. Mikhoul said on May 29, 2018 at 3:48 am
    Reply

    Martin you should add that on Firefox there is a major bug that prevent to remove the tracking if you use the middle (scroll wheel) or right mouse buttons it will NOT prevent the Tracking on Firefox (It’s a Mozilla Bug/Feature). 😉

    On Chrome/Chromium it work perfectly since there is NO bug 😊.

    Source: https://github.com/mgziminsky/FacebookTrackingRemoval/issues/10

  7. jern said on May 29, 2018 at 5:03 am
    Reply

    Martin asks…
    What do you do against online tracking?

    Well, I don’t use Twitter, Facebook or Google. I do use Privacy Badger.

  8. Klaas Vaak said on May 29, 2018 at 5:08 am
    Reply

    Martin, I am posting comments but they don’t appear. I have noticed some other people have the same problem.

    1. Martin Brinkmann said on May 29, 2018 at 5:41 am
      Reply

      Klaas, are all comments visible now? Send me a message if you want an account on this site to see if it helps.

      1. Klaas Vaak said on May 29, 2018 at 3:02 pm
        Reply

        Martin: yes they are visible now, thanks.
        Re an account: what does it mean, how would it help?

      2. Martin Brinkmann said on May 29, 2018 at 4:21 pm
        Reply

        Accounts eliminate all ads and bypass caching.

      3. Klaas Vaak said on May 29, 2018 at 6:06 pm
        Reply

        I already have ads filtered out by uBo. Would an account add further value?
        What do i need to do to have an account? I don’t see a button to open an account.

      4. Tom Hawack said on May 29, 2018 at 6:24 pm
        Reply

        @Klaas Vaak, you cannot open an account right from here on Ghacks. If you ask Martin via the contact form/page (link at bottom of this page) to open an account, he will ask you an email to open the account, you’ll then receive an email from WordPress with a link to a first login and the availability to modify a default password which is advised. From there on you’ll be able to login to Ghacks via a dedicated Ghacks link. Login offers as often elsewhere to stay logged in (off by default). Cookie is set. If session only cookie (if you logged in with checking “Remember me”) you’ll have to login again on new sessions as well of course if you’ve logged out or deleted the cookie. All options remain accessible via your personal GHacks Dashboard (VIP, styled, lounge feeling).

        Big advantage is that your comments get posted immediately and that you mustn’t be naughty (not excessively that is!) otherwise : Raus! (I think it means “Out!” in German).

        Come to where the pleasure is, come to the Ghacks Account, international passport to commenting pleasure.

        Ouf. I did it.

      5. Klaas Vaak said on May 29, 2018 at 7:15 pm
        Reply

        Hey Tom, thanks for jumping in and clearing this up for me. I’ll sure go ahead and ask Martin to open an account.
        I won’t get naughty with my comments – have not insulted anyone thus far, I think ;-)
        BTW, I always enjoy reading your comments because I learn from some of them too. Cheers.

      6. Tom Hawack said on May 29, 2018 at 7:30 pm
        Reply

        I appreciate on my side reading your comments. We indeed get to learn quite a lot here, with the articles but also within the users’ dialogs, which is also why a quasi real-time commenting environment is so welcomed.

        Editing my above comment where I of course made a slight logical inversion/mistake:

        “If session only cookie (if you logged in with checking “Remember me”)”
        must be
        “If session only cookie (if you logged in without checking “Remember me”)”

        Let’s have a commenting party! (I never know how to end a comment smoothly, like in all correspondence!)

      7. Klaas Vaak said on May 29, 2018 at 7:39 pm
        Reply

        Tom, I got your 2nd reply through my email inbox, but it does not appear here. Strange.
        Anyway, thanks to 1 of your comments in another thread I decided a few months ago to give Waterfox a try and it is now my default browser – very happy.

        In about:config I have amended cookie behaviour as follows:
        network.cookie.lifetimePolicy changed from 0 to 2 (the cookie expires at the end of the session (when the browser closes))

        So, once I get my account, I’ll see how the cookie setting will affect it.
        Talk to you soon.

      8. Tom Hawack said on May 29, 2018 at 8:10 pm
        Reply

        @Klaas Vaak,

        “Tom, I got your 2nd reply through my email inbox, but it does not appear here.”
        All these delays disappear with an account. Of course in this case it’s the comment of someone who has an account (me) which is delayed on a display for a user who hasn’t got one (you) and I’m surprised, but I assume it wouldn’t occur if both have an account. This is a new scenario for me.

        Concerning
        “network.cookie.lifetimePolicy changed from 0 to 2 (the cookie expires at the end of the session”

        That means all cookies vanish when closing Firefox EXCEPT those you’ve set as an exception.
        To set an exception, two possibilities:

        1- On the site where the cookie applies -> Right-click View Page Info
        In Page Info / Permissions / Set Cookies, uncheck on the left ‘Use Default’ and check on the right ‘Allow’ (or ‘Block’ to refuse all cookies, which is not our aim here)

        2- In Firefox / Options / Privacy & Security / Cookies and Site Data, click ‘Exceptions’ on the right and edit your cookie permissions. NOTE : if you create a cookie exception best is to set https:// rather than http:// because Firefox validates less secure but not more secure : if you make an exception for http://ghacks.net then the exception won’t handle https://ghacks.net, but the other way around it will.

        P.S. Since Firefox 60 cookie exceptions apply to Sites’ data as well (hence the title ‘Cookies and Site Data’)

        See you later!

      9. Klaas Vaak said on May 30, 2018 at 6:45 am
        Reply

        @Tom Hawack: thanks Tom, that little tutorial is very useful. I never looked at the “View page info” box, but will use it more now. Cheers.

  9. Borgy said on May 29, 2018 at 8:48 am
    Reply

    Y’all might want to check out https://filterlists.com

  10. TelV said on May 29, 2018 at 2:27 pm
    Reply

    I think I’m going to submit a complaint to the European Data Protection Board about this. It can’t be right that Facebook is doing this behind users backs. I’ll use your article as a reference if that’s OK with you Martin. Might as well get the ball rolling by making use of the GDPR to see how it works.

    The general EDPB’s site is this one: https://edps.europa.eu/ but users have to go through their own local authority to submit a complaint. Since I live in the Netherlands, that’ll be the Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl/nl

    Be interesting to see how they respond.

  11. AAA said on May 30, 2018 at 9:07 am
    Reply

    Haven’t used FB since the day Cambridge Data Breach news broke… 🌚

    …. I ain’t missing much! 🤤

  12. AAA said on May 30, 2018 at 9:09 am
    Reply

    Haven’t used FB since the day Cambridge Data Breach news broke… 🌚

    …. I ain’t missing much! 🤤

  13. Pierre said on May 31, 2018 at 10:46 am
    Reply

    An extension more ?!
    Is it not included in Easy Privacy (by default in uBlock origin and Opera) ?

  14. awd said on June 1, 2018 at 7:31 am
    Reply

    still nothing. they must have pulled it or something.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.