[Periodic]

The part that scares me is that we, as web designers/developers/owners, are complicit in this. We are the ones who are putting social buttons on every page. We love this functionality, but they aren't giving it to us for free. We are trading them our user's information and browsing habits.

I'm not worried about the ethics of Facebook. I don't think a site like Facebook should be prevented from doing this openly. I'm worried about whether I can ethically include all these social plugins knowing that they will, in my opinion, invade my users' privacy.

[mike-cardwell]

Proud to not be a part of this "we". These social buttons are a plague on the web. They take something which is beautifully decentralized, and then create a single point of failure, and allow companies to create massive databases of private information from it as well.

You can host an image locally, and create a link using it. You don't need to hand over the browser of all of your visitors to one or more AD companies by letting them execute arbitrary JavaScript on your pages.

[ceol]

I think your parent post was talking about the Facebook Like/Google+ +1 buttons. In order for those to work, I believe they need to be loaded on the page via an iframe.

Things like Facebook's "share" and Twitter's "tweet" buttons don't execute any arbitrary (i.e. not specified by the developer) JavaScript.

[umarmung]

Am I the only one who,

1. Doesn't have a Facebook account.

2. Runs NoScript to whitelist scripting and site trust.

3. Runs Cookie Whitelist to whitelist cookies.

4. Runs BetterPrivacy to wipe Flash/LSO cookies.

5. Runs Adblock Plus to prevent viewing ads wherever possible.

?

That said, at least some like Heise.de, have put in place solutions that do not add to the underlying problem.

[pork]

Um...ad networks have been doing the same thing with 1px images since the mid 90s. The social buttons are not a new concept in tracking; it's just visible to users now.

[icebraining]

Use one of those proxy buttons which only load the actual Facebook button when the user clicks/hovers. Unfortunately I can't find it right now, but I think it was posted here on HN a while ago.

EDIT: Here is a Slashdot discussion[1] about a German newspaper who did that, and here's[2] the link to their jQuery plugin who does just that: only load FB code when the user clicks on the button. It's in German, but translation services are good enough nowadays.

EDIT2: And here's[3] the HN discussion.

[1]: http://slashdot.org/story/11/09/03/0115241/Heises-Two-Clicks...

[2]: http://www.heise.de/extras/socialshareprivacy/

[3]: http://news.ycombinator.com/item?id=2957119

[wl]

I'm not a web dev so I'm a bit puzzled by the social buttons everywhere. How often do people actually click them? To what extent can they drive traffic to your site? I've often wondered if they're a bit like QR codes in that a small portion of people are enamored with them but few people actually use them.

[jka]

They serve a few purposes - I'll try and illustrate from various points of view.

* As a site operator, particularly if you're keen on 'organic' and free traffic, you need to keep on top of the latest in search engine and social marketing. Facebook and other social networks are becoming more important as traffic sources, as 'recommendations' from friends become more trusted. Bing and Facebook reached a deal to prioritize some results based on social recommendations ('likes'), and Google is rolling their own solution, so site owners have incentives to include the links.

* As a user, you generally want to see the most trusted results you can, and occasionally may want to recommend sites to your friends. Facebook's verbs 'like' and 'share' work well here - Google's '+1' is a little more opaque to most web users I'd suspect, but they're trying to convey the same intention.

* As Google/Facebook, you want as much data as possible about the behaviour of web traffic - search, engagement/interaction, conversion rates, even raw traffic figures. Even if people aren't interacting with these widgets, they are still often served up by AJAX from the source. This implies that Google/Facebook/etc see an incoming HTTP request, and sometimes associated cookies/referers. Add a little GeoIP and other user analysis, and you have very valuable data on aggregate.

All these generally seem like 'wins' for the parties involved - and that's usually the sign of good business taking place. For me, the main concern is that all this data belongs not to the general public, but to the widget providers, and large information disparities in any situation can be abused.

[steve-howard]

Definitely. I rarely bother with Facebook any more, but when I want to share something, copy and paste is not hard. The "social buttons" don't solve a problem, IMO.

actually, what started the decline was the very subject of this article. I don't like Facebook watching where I go, and I started putting Facebook in another browser; naturally, I'm on Facebook less because it's harder to get to.

[cpeterso]

> I started putting Facebook in another browser

In theory, using a separate browser is not adequate protection from tracking. The Flash Player's "Shared Objects" (aka Flash cookies) are stored in a common directory, so the same Flash data is accessible from any browser running as the same user. I do not believe Facebook's tracking is this nefarious, but the method would be quite easy to implement.

[billiamram]

Disable flash in the browser that runs only facebook?

[ams6110]

I've gone a step further and disabled it across the board.

[chunkyslink]

Relevant. The Evercookie.

http://samy.pl/evercookie/

[101001011]

Yup. You are making your own future. As the enablers, your choices are guiding what these companies can do. Zuckerberg's ethics (lack thereof) are well-known. But the upper management of Facebook, their lawyers, their financiers, the folks who buy access to the personal data, they cannot write code. You are not just some code monkey drone, following instructions from your boss or taking feature requests from naive end-users, _your_ choices, _your_ ethics, make a difference.

What was it that Dennis Ricthie said about his move to Bell Labs? Something like "It was 1968 and working on military projects just didn't feel right." He went on to make an enormous contribution and, we hope, preserved his peace of mind at the same time. You will never regret taking the high road. Just an opinion.

[cpeterso]

I am reminded of Pigdog's 2002 open letter/rant to the Sony engineers who wrote the CD DRM code that would brick iMacs.

WARNING: STRONG LANGUAGE! ;)

"d00d, Quit being a FUCKING ASS": http://www.pigdog.org/auto/software_jihad/link/2581.html