Facebook Connect – To What?

image

I’m trying to work out why this irritates me so much: Visit The Insider and you’ll be continually pestered by a popup (for some reason not caught by the pop-up blocker in Firefox) inviting me to install The Insider’s Facebook application.

This is the much-touted Facebook Connect – a successor to the disastrous Beacon thing, that upset users because it drew their activity on other sites and published it to their Facebook feed. Facebook Connect enables you to use your Facebook log-in to access other sites, and to bring your Facebook friends with you as you visit those sites—in other words, insteading of building separate communities for each site you frequent, you have one: Facebook.

I’m not going into the pluses and minuses of this right now. What concerns me is how it touts itself.

First off, there’s no way to stop the pop-up window coming back: Click cancel and it’ll come back a few pages later; hit the x in the top right hand corner and the same thing happens.

Secondly, The Insider knows who I am:

image

I have no Facebook windows open in Firefox. So I can only assume that The Insider is reading my Facebook cookies. Is there any other way? So somehow the Facebook Connect third party site is able to connect my login ID to my name and email address, even when no Facebook session is in progress?

It’s irritating, but it’s also a source of some concern. If Facebook Connect proliferates, are we going to get these popups at every site? Why is there no way of blocking this and future intrusions, should I so wish? And why are Facebook Connect partners getting access to my Facebook signon and name without my say-so?

02. October 2008 by jeremy
Categories: Networks, Privacy | Tags: , , , | 3 comments

Comments (3)

  1. Jeremy,

    Use the free NoScript plugin (http://noscript.net/) to block these kinds of “popups”.

    I don’t think The Insider reads your Facebook cookies (doing so would violate the browser’s security model.) Rather, that part of the window is rendered by Facebook, invoked via JavaScript and Facebook’s API. Amazon’s Honor System uses a similar technique to show your name on 3rd party sites.

    The annoying “popup” frame itself comes from The Insider. It’s not a real popup which is why Firefox doesn’t block it. NoScript blocks the generating script by default.

    The “popup” script comes from a CBS domain called “dotspotter.com”, which you can permanently block.

  2. ade, thanks for explaining.

  3. To block these popups, simply sign out of Facebook. Go to http://www.facebook.com and click sign out. Then there will be no way for 3rd party applications to access your contact details and show you those annoying popups. I tested it and it works.

    For those who’re technically inclined and want to know how these cross domain communication work via cookies, read the official facebook explanation. 3rd party applications use IFrame to communicate with Facebook, who reads your current facebook cookie, and pass the information back to the application using another IFrame. That is some sort of hack, so to outsmart them, simply remove your Facebook cookie by logging out from Facebook itself.