(Difference between revisions)
| Revision as of 02:33, 29 April 2010 Bmearns (Talk | contribs) (→Blocking Facebook's Open Graph) ← Previous diff |
Revision as of 13:52, 30 April 2010 Bmearns (Talk | contribs) (→Blocking Facebook's Open Graph) Next diff → |
||
| Line 4: | Line 4: | ||
| Open Graph is this absurd thing that [[Facebook]] has implemented where other sites can access all sorts of information about you if you're currently logged onto Facebook in the same browser. To work, it relies on the fact that your browser will send your facebook login cookies to some secondary resource (an IFRAME or script or something, not sure of the details). You can use privoxy to block this by scrubbing away cookies if the referrer is not Facebook itself. This way, when remote sites reference this Facebook resource, privoxy will block the cookies, but when you access Facebook directly, the cookies will be sent as usual because the referrer will be Facebook. | Open Graph is this absurd thing that [[Facebook]] has implemented where other sites can access all sorts of information about you if you're currently logged onto Facebook in the same browser. To work, it relies on the fact that your browser will send your facebook login cookies to some secondary resource (an IFRAME or script or something, not sure of the details). You can use privoxy to block this by scrubbing away cookies if the referrer is not Facebook itself. This way, when remote sites reference this Facebook resource, privoxy will block the cookies, but when you access Facebook directly, the cookies will be sent as usual because the referrer will be Facebook. | ||
| - | Put this in your .filter file (e.g., default.filter) | + | Put this in your .filter file (e.g., user.filter, if you've got user.filter listed in your config file): |
| <pre> | <pre> | ||
| ################################################################################# | ################################################################################# | ||
| # referrer-set: This applies a tag "referrer-set:<referer>" to requests when the | # referrer-set: This applies a tag "referrer-set:<referer>" to requests when the | ||
| # referrer header is set. | # referrer header is set. | ||
| - | # Among other things, this is used in conjunctionn with | + | # Among other things, this is used to block Facebook Open Graph |
| - | # refferedByFacebook to block Facebook Open Graph stuff, and | + | # stuff, and provide an escape hatch for when no referrer is set. |
| - | # provide an escape hatch for when no referrer is set. | + | |
| ################################################################################# | ################################################################################# | ||
| CLIENT-HEADER-TAGGER: referrer-set Tag requests where the referrer is set. | CLIENT-HEADER-TAGGER: referrer-set Tag requests where the referrer is set. | ||
| s@^Referr?er:\s*(\S.*)$@referrer-set:$1@i | s@^Referr?er:\s*(\S.*)$@referrer-set:$1@i | ||
| - | |||
| - | ################################################################################# | ||
| - | # referredByFacebook: This applies a tag "referredByFacebook:facebook.com" to | ||
| - | # requests when the referrer is Facebook. Used for blocking | ||
| - | # Facebook Open Graph. | ||
| - | ################################################################################# | ||
| - | CLIENT-HEADER-TAGGER: referredByFacebook Tag requests where the referrer is facebook | ||
| - | s@^Referr?er:\s*(?:https?://)?.*\.?(facebook.com)(?:/.*)?$@referredByFacebook:$1@i | ||
| </pre> | </pre> | ||
| - | Then put this in your .actions file (e.g., default.action) | + | Then put this in your .actions file (e.g., user.action) |
| <pre> | <pre> | ||
| ############################################################################# | ############################################################################# | ||
| + | # BPM | ||
| # This is used for blocking Facebook Open Graph stuff, where third party | # This is used for blocking Facebook Open Graph stuff, where third party | ||
| - | # sites include resources from Facebook2. | + | # sites include resources from Facebook. |
| ############################################################################# | ############################################################################# | ||
| #See if the referrer is ever set. | #See if the referrer is ever set. | ||
| {+client-header-tagger{referrer-set}} | {+client-header-tagger{referrer-set}} | ||
| .facebook.com | .facebook.com | ||
| - | |||
| - | #If it is, see if the referrer is facebook. | ||
| - | {+client-header-tagger{referredByFacebook}} | ||
| - | TAG:^referrer-set: | ||
| #If a referrer was set, block cookies. | #If a referrer was set, block cookies. | ||
| Line 45: | Line 33: | ||
| #Except if it was referred by facebook, make sure we allow the cookies. | #Except if it was referred by facebook, make sure we allow the cookies. | ||
| {allow-all-cookies} | {allow-all-cookies} | ||
| - | TAG:^referredByFacebook: | + | TAG:^referrer-site:^(?:https?://)?.*\.?(facebook.com)(?:/.*)?$ |
| </pre> | </pre> | ||
Revision as of 13:52, 30 April 2010
Blocking Facebook's Open Graph
Open Graph is this absurd thing that Facebook has implemented where other sites can access all sorts of information about you if you're currently logged onto Facebook in the same browser. To work, it relies on the fact that your browser will send your facebook login cookies to some secondary resource (an IFRAME or script or something, not sure of the details). You can use privoxy to block this by scrubbing away cookies if the referrer is not Facebook itself. This way, when remote sites reference this Facebook resource, privoxy will block the cookies, but when you access Facebook directly, the cookies will be sent as usual because the referrer will be Facebook.
Put this in your .filter file (e.g., user.filter, if you've got user.filter listed in your config file):
################################################################################# # referrer-set: This applies a tag "referrer-set:<referer>" to requests when the # referrer header is set. # Among other things, this is used to block Facebook Open Graph # stuff, and provide an escape hatch for when no referrer is set. ################################################################################# CLIENT-HEADER-TAGGER: referrer-set Tag requests where the referrer is set. s@^Referr?er:\s*(\S.*)$@referrer-set:$1@i
Then put this in your .actions file (e.g., user.action)
#############################################################################
# BPM
# This is used for blocking Facebook Open Graph stuff, where third party
# sites include resources from Facebook.
#############################################################################
#See if the referrer is ever set.
{+client-header-tagger{referrer-set}}
.facebook.com
#If a referrer was set, block cookies.
{+crunch-outgoing-cookies}
TAG:^referrer-set:
#Except if it was referred by facebook, make sure we allow the cookies.
{allow-all-cookies}
TAG:^referrer-site:^(?:https?://)?.*\.?(facebook.com)(?:/.*)?$
A side effect is that actual links to Facebook from other sites will have cookies blocked as well. To get around this, just stick your cursor in the address bar and hit enter. This should resend the request, but as a direct access, so the referrer won't be set. Once you've configured your system, you can try it out: http://www.facebook.com. This link should not have you logged in, but if you hit enter in the address bar, it should work.
