A more honest “Like” button. Image: Webmonkey.

Designers tend to hate them, calling them “Nascar” buttons since the can make your site look at little bit like a Nascar racing car — every available inch of car covered in advertising. Others think the buttons make you look desperate — please, please like/pin/tweet me — but there’s a much more serious problem with putting Facebook “Like” buttons or Pinterest “Pin It” buttons on your site: your visitors’ privacy.

When you load up your site with a host of sharing buttons you’re — unwittingly perhaps — enabling those companies to track your visitors, whether they use the buttons and their accompanying social networks or not.

There is, however, a slick solution available for those who’d like to offer visitors sharing buttons without allowing their site to be a vector for Facebook tracking. Security expert (and Wired contributor) Bruce Schneier recently switched his blog over to use Social Share Privacy, a jQuery plugin that allows you to add social buttons to your site, but keeps them disabled until visitors actively choose to share something.

With Social Share Privacy buttons are disabled by default. A user needs to first click to enable them, then click to use them. So there is a second (very small) step compared to what the typical buttons offer. In exchange for the minor inconvenience of a second click, your users won’t be tracked without their knowledge and consent. There’s even an option in the preferences to permanently enable the buttons for repeat visitors so they only need to jump through the click-twice hoop once.

The original Social Share Privacy plugin was created by the German website Heise Online, though what Schneier installed is Mathias Panzenböck’s fork, available on GitHub. The fork adds support for quite a few more services and is extensible if there’s something else you’d like to add.

Photo: Only Sequel/Flickr

Twitter has jumped on the “Do Not Track” privacy bandwagon.

The company recently confirmed that it supports the Do Not Track header, a user privacy tool originally created by Mozilla that is in the process of becoming a web standard. That means if you visit Twitter in any web browser that supports the Do Not Track header, you can opt out of the cookies Twitter uses to gather personal information, as well as any cookies set by third-party advertisers.

Behavioral tracking, as such practices are often called, is a common on the web. Advertisers use cookies to track your clicks, watching which sites you visit, what you buy and even, in the case of mobile browsers, where you go. Often the sites tracking you are not just the sites you’ve actually visited, but third-party sites running ads on those pages.

And it’s not just advertisers tracking your movements, social networks like Facebook and Twitter also follow you around the web. You may not realize it, but Twitter has been tracking your every move for some time. The company doesn’t make a secret of it either. In a blog post announcing Twitter’s new “tailored suggestions system” Twitters Othman Laraki writes, “we receive visit information when sites have integrated Twitter buttons or widgets.”

To be clear, not only is Twitter able to set cookies any time you visit its own domain, whenever you visit a website (like this one) with a “Tweet This” or similar button Twitter can see you there as well. This practice is hardly unique to Twitter; Facebook, Google+ and others are doing the same thing.

Most of the time the information gathered is used to create a better experience for users. In the case of Twitter’s new “tailored suggestions” feature the information is used to build a profile of what you like and then Twitter makes suggestions based on that profile. You can read about exactly what Twitter does with your info and how long it keeps it in the company’s privacy policy.

The problem with such tracking is that it’s necessary for features we want, like smart, targeted suggestions — new users to follow, music you’ll likely enjoy, books you might want to read and so on — but it can also be used for decidedly less friendly purposes. As awareness of the downsides to such tracking become more well known a growing number of people are opting out of the tracking. The Mozilla Privacy blog reports that “current adoption rates of Do Not Track are 8.6 percent for desktop users of Firefox and 19 percent for Firefox Mobile users.”

To take advantage of Twitter’s new Do Not Track feature you’ll need to be using a web browser that supports the header. Currently that means Firefox, Opera 12+, Internet Explorer 9+ or Safari 5.1+. Chrome has pledged to add support for Do Not Track, but doesn’t just yet. For more information on protecting your online privacy, including tools like Ghostery, which go even further, blocking all tracking cookies, see our earlier post, Secure Your Browser: Add-Ons to Stop Web Tracking.

Photo: Only Sequel/Flickr

Behavioral advertising, as such tracking is known, is a common practice on the web. Advertisers use cookies to track your clicks, watching which sites you visit, what you buy and even, in the case of mobile browsers, where you go. Often the sites tracking you are not just the sites you’ve actually visited, but third-party sites running ads on those pages.

Much like the Do Not Call registry, the Do Not Track system offers a way to opt out of this third-party web tracking.

The Do Not Track header began life at Mozilla, but has since moved to the W3C where it was converted into a web standard by the Tracking Protection Working Group.

The Do Not Track header now works in every major desktop browser except Google Chrome, though none of them turn it on by default. Still, for privacy-concerned users savvy enough to enable Do Not Track, the header offers a quick and easy way to tell advertisers that you don’t want to be followed while you browse the web.

Numerous online advertising groups already respect the Do Not Track header and refrain from tracking users that enable it. Today’s announcement means that, starting this summer, you can add Yahoo to the list of companies that will stop tracking you if you’ve enabled Do Not Track in your web browser.

Of course, there are still many advertisers and websites that don’t yet support Do Not Track. If you’re concerned about your online privacy and don’t want to rely on the goodwill of advertisers, there are other, more aggressive steps you can take to limit how your tracked on the web. See our earlier post on browser add-ons that help stop web tracking for more details.

Today’s the day Google’s broad new privacy policy goes into effect. European regulators are claiming it violates data protection laws, but it’s here and it may be here to stay.

There are some not-completely-foolproof ways to hide from Google, but first let’s talk about what’s changed. Prior to today, Google had more than 70 privacy policies for its various products. But with the company trying to create a seamless experience across search, Gmail, Google+, Google Docs, Picasa, and much more, Google is consolidating the majority of its policies down into just one document covering most of its products. This will make it easier for Google to track users for the purpose of serving up personalized ads.

“The main change is for users with Google Accounts,” Google said at the time of its January announcement. “Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you’ve provided from one service with information from other services. In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience.”

An example? Google search results can already bring up Google+ posts or photos that have been shared with the user. “But there’s so much more that Google can do to help you by sharing more of your information with … well, you,” Google said. “We can make search better—figuring out what you really mean when you type in Apple, Jaguar or Pink. We can provide more relevant ads too. For example, it’s January, but maybe you’re not a gym person, so fitness ads aren’t that useful to you. We can provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day. Or ensure that our spelling suggestions, even for your friends’ names, are accurate because you’ve typed them before.”

Today, Google’s official blog reminded users of the change, saying it had been the subject of “a fair amount of chatter and confusion.” 

The updated policy can be read online, and describes how Google collects device information, search queries, cellphone-related data, location information, and collects and stores information on users’ devices with the use of HTML5 technology, browser storage, application data caches, and cookies and other “anonymous identifiers.”

Before the changes, Google was “restricted in our ability to combine your YouTube and Search histories with other information in your account,” Google Privacy Director Alma Whitten wrote in the company blog. Now Google can provide a simpler, easier-to-understand privacy policy to users, and improve its products “in ways that help our users get the most from the web,” Whitten wrote.

Google recently promised to follow Do Not Track guidelines in an agreement with the White House, but those changes won’t take effect until sometime later in the year. With Google’s expanded ability to serve up personalized ads, the company makes certain privacy promises. For example, “when showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.”

The policy does not affect most business customers, those who have a signed contract with Google to use Google Apps for Government, Business, or Education. Those of us with free accounts will be affected, and while there are ways to anonymize your Google usage they’re not universally effective. Google’s privacy policy notes that “You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us.” However, Google was recently found to be serving up advertising cookies to users of Safari and Internet Explorer using methods of circumventing the browsers’ default privacy settings.

So what else can you do? Most browsers today have private surfing modes that you can select. You can visit Google’s “Data Liberation Front” website for instructions in exporting data out of Google products. The Electronic Frontier Foundation also has instructions on removing your Google search history from your account. However, even this is not as simple as it sounds. Disabling Web History in your Google account “will not prevent Google from gathering and storing this information and using it for internal purposes,” the EFF notes.

Google does hand over user data in response to government requests on a regular basis, as noted in the company’s Transparency Report. The EFF notes that disabling Web History “does not change the fact that any information gathered and stored by Google could be sought by law enforcement.”

If your account has Web History enabled, Google will keep the records indefinitely. “With it disabled, they will be partially anonymized after 18 months, and certain kinds of uses, including sending you customized search results, will be prevented,” the EFF states.

For those who are really willing to put some work into staying anonymous, downloading a Tor client may be the right step. Tor encrypts your web traffic and sends it through a randomly selected series of computers, preventing shadowy third parties from learning what sites you visit or where you’re located. The Tor Project even played a role in helping Iranians get back online after a recent government crackdown on Internet usage.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

Photo: Vinoth Chandar/Flickr/CC

Ever wonder who’s tracking your online movements — watching the sites you visit, the links you click and the items you buy? Unless you’ve already taken active steps to stop the tracking, the answer is just about everyone.

Privacy advocates have been working to help raise awareness of the extent to which we are all tracked online. Browser makers like Mozilla have also been working to make consumers aware of what’s happening behind the scenes on the web. Mozilla created and popularized the Do Not Track header, which has now been adopted by all the major browsers. Firefox’s parent company also recently showed off its Collusion add-on as part of the TED 2012 conference.

Collusion is a Firefox add-on that helps you see exactly who is tracking your movements online. It doesn’t stop sites from tracking you, but after Collusion shows you what happens when you browse the web without any tracking protection, you’ll probably want to find something that can stop sites from tracking you.

Not all web tracking is bad. Some services rely on user data to function. For example, if you use Facebook and want to use the company’s ubiquitous Like buttons, Facebook needs to set cookies and keep track of who you are. The problem Mozilla wants to address with Collusion is the fact that most tracking happens without users’ knowledge or consent.

The screenshot below shows the number of websites Collusion found tracking me after I visited the top five most tracker-filled websites according to Privacy Score, namely The Drudge Report, El Paso Times, ReadWriteWeb, TwitPic and Merriam Webster. As a result of visiting just those five sites, according to Collusion, a total of 21 sites were made aware of my visit.

Collusion visualizes who's tracking your web browsing.

That sounds bad, and it is, but it may not even be the full picture. For comparison’s sake I loaded the same five sites and used the Do Not Track Plus add-on, which counted 47 sites with tracking bugs. Want another number? I repeated the test using the Ghostery add-on, which blocked 37 unique sites looking to track me. The variation in number of tracking elements detected is due to several factors, including what each system considers tracking. (Collusion for example, does not seem to count analytics or social buttons, while the others do.)

Even at the low end the numbers remain startling. Visiting five websites means somewhere between 21 and 47 other websites learn about your visit to those five.

If the extent of tracking bothers you there are some steps you can take to stop the tracking. The first would be to head to your browser preferences and turn off third-party cookies. Unfortunately, while that’s a step in the right direction (and you won’t lose any functionality the way you might with the rest of these solutions), some less scrupulous advertisers, including Google, have been caught circumventing this measure.

For a more complete solution you’ll need to use an add-on like Ghostery or Do Not Track Plus, both of which are available for most web browsers. The chief drawback to both of these solutions is that you may lose some functionality. To stick with the Facebook example used earlier, if Ghostery is blocking Facebook scripts then you won’t be able to use Like buttons. Fortunately both Ghostery and Do Not Track Plus allow you to customize which sites are blocked. I recommend blocking everything and then when you encounter something that isn’t working, click the Do Not Track Plus icon and edit the blocking options to allow, for example, Facebook so that Like buttons work (or Disqus so that comments work, etc.). That way you remain protected from the vast majority of invisible tracking, but can still enjoy the web services you choose to trust.

One final note about Webmonkey.com: There are 11 external scripts on this page. Four of them are for the social network buttons at the bottom of most posts. A fifth is for the Disqus comments system. There are also two analytics scripts, one from Google and one from Omniture. In addition to those seven functional scripts there are four ad network scripts from Brightcove, DoubleClick, Omniture and Lotame. (I can’t actually tell for sure what Lotame does, but it definitely collects data.) If you install the add-ons above Webmonkey will not be able to track you. If you don’t, it, like the rest of the web, will.

Fencing in the range with Flickr's new Geofence features

Perhaps the best part of the new Geofence features are how dead simple they are to use — simply draw a circle on a map, choose a geoprivacy setting for that area, and you’re done. Your new fence will apply to any future photo uploads and Flickr will offer to update the privacy settings on any existing images that fall within your new fence.

To get started head over to the Flickr Geo privacy page.

These days geotagging isn’t just something for nerds. In fact, chances are your camera (especially the camera in your phone) is recording location data in your images whether you know it or not. Like other location-aware services, geotagged photos are fast becoming a big part of the current cultural debate about who should be able to see which parts of your life on the web.

“A few years ago, privacy controls like this would have been overkill. Geo data was new and underused, and the answer to privacy concerns was often, ‘you upload it, you deal with it,’” writes Flickr developer Trevor Hartsell on the code.flickr blog. “But today, physical places are important to how we use the web. Sometimes you want everyone to know exactly where you took a photo. And sometimes you don’t.”

Previously, Flickr limited its geotagging options to a simple yes or no — either you shared location data with everyone or no one. Now you can share location data with only those people you trust. For example, you might leave the geodata for your vacation photos visible to everyone, but limit the location data of photos around your house to only your friends and family.

In those cases where there might be overlap between two geofences Flickr will default to the more restrictive of the two. For example, if you draw a circle around your house and limit it to the most restrictive group, “Family,” and then draw a circle around your whole neighborhood and limit that to “Friends,” any areas where the two overlap will still be limited to only the Family group.

Flickr’s new Geofence settings are among the best implemented privacy controls we’ve seen, striking a nearly perfect balance between genuine control and simplicity. And while we’re glad to see Flickr taking the lead, here’s hoping Facebook and others will copy these features into their own privacy controls.

See Also:

• Mining Flickr to Build 3-D Models of the World
• Flickr Goes Native With Windows Phone 7 App
• New Flickr Is Bigger, Wider and Uncut

Mozilla is wasting no time putting its proposed “Do Not Track” HTTP header onto the web. The latest Firefox nightly builds now include support for the new header and it may even make the final release of Firefox 4, due later this month. The new HTTP header, which Mozilla announced last week, is designed to tell online advertisers to stop tracking your web browsing habits.

If you’d like to see how Mozilla has implemented the header, grab the latest Firefox nightly build. There have been a few changes since Mozilla first announced its plan, including renaming the header to simply “DNT.”

To turn the header on, open Firefox’s preferences panel and select the Advanced tab (eventually Mozilla will add the option to the more appropriate Privacy tab). There you’ll see a new option to “Tell websites I do not want to be tracked.” Of course even if you turn the header on today and broadcast “DNT: 1″ to the web, it won’t do anything.

For the header to actually protect your privacy, websites and online advertisers will have to support it. While there’s plenty of debate as to whether they ever will, it definitely won’t happen until the feature is widely available. Mozilla is hoping that including the new header in Firefox 4 will spur advertisers to support it.

For now, broadcasting “DNT: 1″ will be, as Alexander Fowler, the Global Privacy and Public Policy Leader at Mozilla, puts it, “akin to displaying EFF’s Blue Ribbon campaign.”

The current plan is to test the privacy header in the next beta release of Firefox 4 and then, assuming there are no bugs, roll it out with the final release of Firefox 4 later this month.

See Also:

• Mozilla Plans ‘Do-Not-Track’ Privacy Tools for Firefox
• Chrome Add-on Kills Tracking Cookies
• New Privacy Icons Aim to Save You From Yourself
• Warning: This Site May Be Sharing Your Data