Social widgets, such as the now-ubiquitous Facebook “Like” button and Twitter “Tweet” button, offer users a convenient way to share online content with their friends and followers. These widgets have recently come under scrutiny for their privacy implications. Yesterday, The Wall Street Journal reported that Facebook, Twitter, and Google are informed each time a user visits a webpage that contains one of the respective company’s widgets:
Internet users tap Facebook Inc.’s “Like” and Twitter Inc.’s “Tweet” buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting. These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don’t click on the buttons, according to a study done for The Wall Street Journal.
It wasn’t exactly a secret that social widgets “phone home.” However, the Journal’s story shed new light on how the firms that offer social widgets handle the data they glean regarding user browsing habits. Facebook and Google reportedly store this data for a limited period of time — two weeks and 90 days, respectively — and, importantly, the data isn’t recorded in a way that can be tied back to a user (unless, of course, the user affirmatively decides to “like” a webpage). Twitter reportedly records browsing data as well, but deletes it “quickly.”
Assuming the companies effectively anonymize the data they glean from their social widgets, privacy-conscious users have little reason to worry. I’m not aware of any evidence that social widget data has been misused or breached. However, as Pete Warden reminded us in an informative O’Reilly Radar essay posted earlier this week, anonymizing data is harder than it sounds, and supposedly “anonymous” data sets have been successfully de-anonymized on several occasions. (For more on the de-anonymization of data sets, see Arvind Narayanan and Vitaly Shmatikov’s 2008 research paper on the topic).
While these social widgets may well pose no real threat to privacy, some especially privacy-sensitive users might be wary of the risk of being “tracked” by a social networking service, however small that risk may be. Such concerns aren’t totally unreasonable — if, say, the browsing data collected by Facebook or Google were to be breached and subsequently de-anonymized and tied to authenticated (logged-in) users by malicious actors, the resulting privacy harms could be quite serious.
Fortunately for privacy-conscious users, there are several ways to stop social widgets from collecting data about your browsing habits. As the Journal points out, you can simply log out of your Twitter or Facebook account prior to visiting other websites. Other methods include clearing out your cookies or using your browser’s privacy mode when visiting social networking sites. And, of course, there’s always the “nuclear option” of deleting your social networking accounts entirely.
Perhaps the most convenient, slick way to avoid social widgets is to simply use a browser add-on that selectively disables cross-site requests from Facebook, Twitter, and Google. The WSJ profiled one such add-on, Disconnect, which is compatible with Chrome, Firefox, and Safari.
If you’re a Firefox user, the popular add-on NoScript also offers a robust and effective mechanism for blocking social widgets. To do so, you’ll need to paste a few lines of code in NoScript’s Application Boundaries Enforcer (ABE), a powerful module that allows users to establish custom rules governing scripts and cross-site requests. If you’ve got NoScript installed (get it here), simply go to the ‘Options’ menu, select the ‘Advanced’ tab, then the ‘ABE’ subtab:
Site .facebook.com .fbcdn.net facebook.net
Accept from SELF
Accept from .facebook.com .fbcdn.net facebook.net
Accept from SELF
Accept from .twitter.com
Site .google.com googleapis.com
Accept from SELF
Accept from .google.com
Then hit ‘Refresh’ and ‘OK’ and you’re all set. If you’ve done this correctly, you should no longer see Facebook, Twitter, or Google widgets. To verify that no data is being transmitted to the companies, install and run HTTP traffic analyzer Fiddler then visit a webpage featuring social widget. If no HTTP request is transmitted to a social networking service, you’re in the clear. Note that this technique also doesn’t affect the functionality of Twitter, Facebook, or Google, so you can still use each of these services with full functionality. If you want to block other social widgets, simply add additional lines to ABE in NoScript in the same manner as above including the domains of the services you wish to block.
As this post hopefully illustrates, privacy-conscious users aren’t helpless; extant technological solutions can address many privacy concerns already, while more robust tools are constantly emerging. As for Facebook, Twitter, and Google, it’s hard to fault them for responding to user demands. Statistics indicate that social widgets are immensely valuable and popular among users, so activating them by default is a sensible decision.
I’d like to see these firms offer a mechanism for authenticated users to opt out of social widget data collection entirely. Greater transparency regarding how the data sets are anonymized would also be welcome. Meanwhile, privacy-conscious users can take matters into their own hands by opting out manually.