A couple of weeks ago, I mentioned that Facebook had reacted to a Belgian privacy ruling by blocking access to any Facebook page to anyone in Belgium who isn’t signed in to their Facebook account. And now I have actually been affected by this.
We decided, for various reasons, that a takeaway would be a good idea and agreed on which takeaway to go to. Not being particularly familliar with the restaurant in question, I looked them up on Resto and clicked through to their website to see if I could find a menu.
Their “website” turned out to be a Facebook page, so what I was presented with was this.
Being curious, I clicked on the Learn Why link. And here’s what I learned:
Keeping your account secure is extremely important to us.
But I don’t have a Facebook account. And the reason my access is blocked is because I don’t have a Facebook account. So to claim that this is to keep my account secure seems disingenuous at best.
Because of demands made by the Belgian Privacy Commission, we recently had to limit our use of one important security tool, the datr cookie. Please read on to learn how this tool works and why we’re no longer showing public Facebook pages and other content in Belgium to people who don’t have Facebook accounts.
This cookie is a security tool we’ve used for more than 5 years around the world to help us tell the difference between legitimate visits to Facebook by real people and illegitimate ones (by spammers, hackers trying to access other people’s accounts, or other bad actors).
This cookie can help us secure Facebook by providing statistical information about a web browser’s activities, such as the volume and frequency of requests. Our security systems analyze this browser data to help us tell the difference between regular people logging into their accounts and potential attackers.
So what Facebook appears to be telling me is that they need to suck up my browser history in order to work out whether or not I’m a legitimate visitor.
And, it turns out that this is exactly what they are saying.
The Belgian Privacy Commission, however, has required that we stop using the datr cookie when people without Facebook accounts in Belgium interact with Facebook. In the absence of this tool, we have to treat any visit to our service from an unrecognized browser in Belgium as potentially dangerous and take additional steps to help keep you and other people secure on Facebook.
Really? You can’t just serve up a static page?
I believe that Facebook is written in PHP, in which case the pages are generated on the server and served as HTML. If I’m not logged in, I can’t — and wouldn’t expect to be able to — access any dynamic content and a plain old HTML file is about as secure as you can get.
We recognize that these measures unfortunately may limit and interrupt your experience on Facebook.
I’m sure you do.