[deadbytes]

>goes to show you have to encrypt EVERYTHING at rest, even file names

Or just block all third-party javascript.

Facebook code shouldn't be running anywhere aside from facebook.com