[libeclipse]

I have a few questions.

1) “Facebook’s intrusion could have easily been blocked, but plaintiffs chose not to do so,”

This seems like a dangerous precedent. So if we can block surveillance attempts and we don't try, then it's our fault?

> “The fact that a user’s web browser automatically sends the same information to both parties does not establish that one party intercepted the user’s communication with the other,”

This makes no sense. Nothing happens "automatically", someone wrote the code for that to happen, in this case, Facebook.

But, at the end of the day it's just an embedded thing in a bunch of websites. I don't see anyone suing Google about AdSense. I mean I despise Facebook, but unless they're doing something more nefarious than getting a GET request on page load, then I'm not sure that I care enough. Get a blocker.

[braythwayt]

The most interesting thing to me about "Facebook's intrusion could have easily been blocked, but plaintiffs chose not to do so," is that it implies that users have a right to block tracking code.

If that isn't already enshrined in case law, hopefully it signals that we will not get laws passed requiring users to allow tracking, and the courts will hopefully invalidate terms and conditions requiring tracking.

Having lived through the rise of DMCA, I live in fear of an emboldened industry getting laws passed that make the use and distribution of blocking software illegal.

[jacquesm]

> Having lived through the rise of DMCA, I live in fear of an emboldened industry getting laws passed that make the use and distribution of blocking software illegal.

The day that happens I'm joining the dark side.

[usrusr]

> The day that happens I'm joining the dark side.

Only if you make it past HR

[jacquesm]

Or past the firewall.

[drdaeman]

> Nothing happens "automatically"

Actually, the problem is [add: after the website is created, and tracking code is put there by someone] that it all happens automatically.

See, there is another perspective into this. Not exactly correct (I admit, there is some stretching and it's not all solid), but just the general idea...

The semi-forgotten term for the browser is user agent. Point is, it really should act on behalf of the user. It's an automation that should be programmed to do what the user wants it to do (browsing the web, displaying the pages, etc), sparing user of mundane choices and gory technical details.

If the agent is configured to willingly accept and execute arbitrary third-party instructions, and provide detailed information - and it can be configured differently - isn't the problem with the agent configuration? If you didn't want that GET request, why agent did it? And it's not that the agent was tricked (hacked) into doing so - all the APIs (cookies, XHR, etc) are well-documented. Sure, there is some shady stuff sometimes going on - like browser fingerprinting, but it's not the core issue.

Maybe we should actually start blaming browser vendors for shipping badly pre-configured software with the defaults that consciously and willingly trade privacy for "not breaking" the web?

Remove the automation and just imagine users themselves would somehow connect to the web, and the site would tell "hey, now go talk to Facebook server and do whatever they say" - and they do. (And this is what actually happens!) Surely, the tracking would be a non-issue.

[_jal]

> Maybe we should actually start blaming browser vendors for shipping badly pre-configured software with the defaults that consciously and willingly trade privacy for "not breaking" the web?

This.

The writing was on the wall when the conversation became about "balancing" the interests of users and huge content factories. And now web-DRM is a standard.

Fuck that; my computer, my rules.

I had a funny conversation recently with someone who was arguing that I was breaking etiquette, or perhaps an implied contract (it wasn't clear) by messing with cookies. He realized the absurdity about the time I asked if I was ethically obligated to back up and restore the cookies in case of drive failure, but people have some really odd notions about their right to control state on my machine.

In some ways I prefer the black-hat types; at least they're aware that they're working against my interests and don't become indignant when I point it out.

[ComodoHacker]

>The semi-forgotten term for the browser is user agent. Point is, it really should act on behalf of the user.

The user agent concept is long dead and buried. Modern web browser is more like a virtual OS, a platform for running arbitrary code loaded from the internet, a hosting environment for temporary lending computing power of user's device and its network access to whomever was able to lure the user to their website.

[d8421l01vv4r]

> This makes no sense. Nothing happens "automatically", someone wrote the code for that to happen, in this case, Facebook.

The website you are visiting has to deploy Facebook's code though. So the website owner has to allow it (assuming the know the implications of what they are doing).

[type0]

> So the website owner has to allow it (assuming the know the implications of what they are doing).

You could assume it but it's not necessary the same people who designed the web page that add those facebok "features". From my impression, often than not you have some "social media marketing expert" that does this. And they do not give a rats ass about any nefarious tracking and will continue to be blissfully ignorant about the users privacy unless it becomes a corporate policy to care about those things.

[admax88q]

The website owner still has the ultimate responsibility for what is served on their site.

If they employ some "social media marketing expert" who deploys tracking code, then that's still on them.

[pyre]

On the other hand, Facebook could design their social media widgets in a way that doesn't require the user to send a GET request to Facebook unless the user actively clicks to share.

[JetSpiegel]

Also know as a link. That's not Web 3.0 enough.

[pyre]

Most of these sites don't want you to navigate away from their page. They would rather you can share without leaving their site (i.e. a dialog pops up that allows you to create your Facebook "share" post, and submit it).

[altern8tif]

How do the courts rationalise privacy concerns of the less tech-savvy?

Do we assume everyone reasonably knows how to block surveillance attempts by Facebook/Google?

Shouldn't privacy be a default right, and that users can opt-in (to be tracked) with their expressed consent instead?

[wodenokoto]

The opposite thinking is what lead to the EU cookie warnings.

Users can easily block cookies themselves, but that is no excuse for the cookie intrusion, so every single website must display a pop-up warning that it uses cookies.

Imagine that: every single website you visit shows a pop-over or an extra top bar that you have to close. Every website.

That's the online life of the European netizen.

[closeparen]

Yes, actually! You have no expectation of privacy with a postcard or a conversation in a public place, therefore they can be legally intercepted. This precedent predates the internet by decades.

Whether you take reasonable steps to make something private does influence the degree of legal protection it gets.

[akerro]

>This seems like a dangerous precedent. So if we can block surveillance attempts and we don't try, then it's our fault?

If I can save your life, but choose not to, it's your fault.

[sametmax]

Your confusing "letting somebody being harmed because he/she doesn't protect his/herself" and "taking advantage of the fact that somebody is being harmed because he/she doesn't protect his/herself".