Facebook and the droppings of a male cow

A couple of weeks ago, I mentioned that Facebook had reacted to a Belgian privacy ruling by blocking access to any Facebook page to anyone in Belgium who isn’t signed in to their Facebook account. And now I have actually been affected by this.

We decided, for various reasons, that a takeaway would be a good idea and agreed on which takeaway to go to. Not being particularly familliar with the restaurant in question, I looked them up on Resto and clicked through to their website to see if I could find a menu.

Their “website” turned out to be a Facebook page, so what I was presented with was this.

Sorry, this content isn’t available right now. We have implemented additional security features that require you to log in to Facebook to view this page from Belgium. Learn why.

Being curious, I clicked on the Learn Why link. And here’s what I learned:

Keeping your account secure is extremely important to us.

But I don’t have a Facebook account. And the reason my access is blocked is because I don’t have a Facebook account. So to claim that this is to keep my account secure seems disingenuous at best.

Because of demands made by the Belgian Privacy Commission, we recently had to limit our use of one important security tool, the datr cookie. Please read on to learn how this tool works and why we’re no longer showing public Facebook pages and other content in Belgium to people who don’t have Facebook accounts.

I’m reading…

This cookie is a security tool we’ve used for more than 5 years around the world to help us tell the difference between legitimate visits to Facebook by real people and illegitimate ones (by spammers, hackers trying to access other people’s accounts, or other bad actors).

This cookie can help us secure Facebook by providing statistical information about a web browser’s activities, such as the volume and frequency of requests. Our security systems analyze this browser data to help us tell the difference between regular people logging into their accounts and potential attackers.

So what Facebook appears to be telling me is that they need to suck up my browser history in order to work out whether or not I’m a legitimate visitor.

And, it turns out that this is exactly what they are saying.

The Belgian Privacy Commission, however, has required that we stop using the datr cookie when people without Facebook accounts in Belgium interact with Facebook. In the absence of this tool, we have to treat any visit to our service from an unrecognized browser in Belgium as potentially dangerous and take additional steps to help keep you and other people secure on Facebook.

Really? You can’t just serve up a static page?

I believe that Facebook is written in PHP, in which case the pages are generated on the server and served as HTML. If I’m not logged in, I can’t — and wouldn’t expect to be able to — access any dynamic content and a plain old HTML file is about as secure as you can get.

We recognize that these measures unfortunately may limit and interrupt your experience on Facebook.

I’m sure you do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s