I just looked at an article on the Washington Post’s Web site, and on the right side of the page it showed me “Friends Activity,” a listing of articles that some of my Facebook friends have shared on their Facebook pages.
While many people might think this is cool, I’m annoyed at the intrusion into my privacy. (Yes, I know there’s no such thing as privacy any more. What can I say? I’m an old fart with old fashioned ideas.)
How did washingtonpost.com get my Facebook friends list? I don’t recall giving them specific permission, or liking anything on the WP site, or anything like that. And how can I stop it?
The WaPo has a bit of code embedded on it that is served up by the Facebook server. Since it comes from the Facebook server, it has access to your Facebook cookies. Your Facebook cookies can tell the Facebook cookies who you are, and in turn who your friends are.
WaPo isn’t getting any of this information - it doesn’t know who you are on Facebook. Facebook isn’t intruding on your privacy so much as regurgitating information you have already given it access to.
If you want to stop it, delete the Facebook cookies from your browser before you go to the WaPo site. They will come back the next time you visit Facebook, tho. You should be able to block your browser from accepting Facebook cookies, but I am not sure how well Facebook will work for you if you don’t accept cookies from them.
It’s really hard, or maybe impossible, to do Javascript across domains unless the domains have been given specific permission.
I have a site that has an iframe in it whose contents come from a different domain (much like how the Facebook widget works on the WaPo site) and Javascript won’t even allow me to know the size of the content on the page I’m calling, because I am calling it from a different domain.
Facebook’s whole model is based on being able to collect a lot of information about people and their relationships. They are not going to put out a widget for sites to use that is vulnerable to the stealing of that information.
Unless WaPo is capturing the HTML output of the page you are on, as well as capturing the HTML of the Facebook widget, then parsing out all of the HTML to end up with the data that "Facebook User ID 123455533 is friends with the following Facebook User IDs … " then, no. That would be an incredible waste of time and money, and leave the WaPo with a bunch of useless info.