My problem with an idle Facebook account is at least twofold: my activity is still being tracked against my will, and out of principle I refuse to support an organization which so blatantly disregards personal space.
Your activity is being tracked irrespective of whether or not you have a Facebook account. Google and Facebook will track you anyway and then correlate your browsing patterns with those of other people (about whom they know more) and infer everything there is to know about you.
That doesn't mean we should just roll over and give it all to them.
You're not obliged to hand this data over when you don't use their services, and ideally, they wouldn't track you if you didn't want to be tracked, but facebook is pretty close to being ethically void, so they'll do whatever scummy thing they want, so you should by all means make it as difficult as possible for them to get data on you.
>> That doesn't mean we should just roll over and give it all to them.
Unless you run an ad blocker and/or EFF Privacy Badger, that's exactly what you're doing. Your consent is not required. There are literally _dozens_ of companies that do this, Facebook and Google are just two of them. There were some initiatives in some states to apply a stiff tax to companies that trade in user data, but I don't know if they went anywhere. That's one tax I'd be in favor of, even though I'm not in favor of more taxes in general.
The point is that regardless of whether or not consent is required, it's a question of principle to not give consent (and personally I do use LibreJS and the other various tools to improve the shitty state of affairs).
Companies acting unethically shouldn't be given extra leeway to act even more unethically.
> I refuse to support an organization which so blatantly disregards personal space.
I suppose you have no cell phone and live in a place with no government then, because Facebook can't hold a candle to telcos and governments when it comes to disregarding your personal space.
Some forms of intrusion are more difficult to avoid than others; obviously that doesn't make it irrational to avoid as much as you realistically can.
Also, Facebook holds a significantly broader type of information than uncle Sam or T-Mobile. And Facebook also provides an avoidable vector for government surveillance. Analogy: no machine is totally secure, that doesn't mean we give up, turn off all security software and stop patching exploits.
Pretty sure protecting your personal space is the government's job. At least in the US. Not saying they are doing a good job in particular, but it's in the mission statement.
People have to pick their battles based on their resources and level of concern. While the tracking that you bring up is important to keep in mind, its existence does not justify that kind of nefarious privacy invasion that Facebook operates as part of its business plan.
Mine is even more simplistic. I lack self control. With an account, even a deactivated one, I've been guilty of logging back in at 2 AM on a Wednesday morning just to stalk an old acquaintance from high school.
Adding to this: If you have an idle Facebook account, people will use it to invite you to events and tag you in photos, so Facebook will have a much better idea of who you're interacting with and when offline.
I'm sure Facebook will still track you (this applies even if you don't have a Facebook account). You'd need to block their domain and any ad domains that may be related. (Edit: Also mentioned here: https://news.ycombinator.com/item?id=14463127)
Deleting cookies isn't enough anymore to prevent tracking. Facebook knows your home IP address, your browser user-agent, and likely your browser finger print. Should they care to, they don't need a cookie to connect you with data they already have about you.
I wonder if there's a good way to get around some of these problems.
In my country, and with my ISP we have dynamic IP's, so I don't have a 'home IP' as such. Browser user agent's are pretty easy to spoof/mock/etc. Browser fingerprinting is super hard to work around though - especially stuff like the canvas fingerprinting, because blocking it outright can also be used as a unique identifier when combined with other data.
Would it be possible to build some kind of public repository of canvas fingerprints, then whenever a site tries to build one, rather than outright blocking it, you return one of the public fingerprints from the repository. Get the repo big enough and used by enough people (especially if you could extend it out to other identifiers like fonts) and I imagine you would have a good chance of driving down one's uniqueness in a privacy conscious manner.
I'm not familiar with JS or the mechanics of how these fingerprints are generated, so I don't know if this is possible, but I imagine that if you can block them (Firefox 'Canvas Blocker' extension, you could intercept them?
I use noscript and a cookie manager (protection of wanted cookies, deletion of all others upon shortcut). I havent seen facebook tracking pixels by now, are they being used? From an img src request they could still see my IP and user agent, plus knew which site I am on, but as far as I can tell they just use script src, and that gets blocked.
I wrote an example of how to reduce privacy exposure by blocking ubiquitous domains using uBO's point-and-click "firewall" pane, and used Facebook as an example: