search

mozilla / contain-facebook

Facebook Container isolates your Facebook activity from the rest of your web activity in order to prevent Facebook from tracking you outside of the Facebook website via third party cookies.
Mozilla Public License 2.0
965 stars 176 forks source link

Facebook still shows advertisements related to my external web activity #697

Open thimalw opened 3 years ago

thimalw commented 3 years ago

Actual behavior

Facebook displays ads related to external websites I have visited even though I've never interacted or expressed any kind of interest in those websites or their related Facebook pages directly within Facebook. This happens quite frequently. 2 websites I can recall this happened with recently are hubspot.com and elegantthemes.com

Expected behavior

Facebook to not be able to track, or be difficult to track my web activity outside of the Facebook Container.

Steps to reproduce

  1. Visit a website with a Facebook Pixel + targeted Facebook advertisements for their visitors.
  2. Visit Facebook.

Notes

I only use Facebook through the Facebook Container. I've checked and I'm not logged into Facebook outside of the container. I've also been using this extension for several months now.

I am using 2 computers, both with the Facebook Container installed. I'm not sure whether this creates some sort of a bug.

I also have a question about the way this extension handles Facebook Pixels. Is the Pixel loaded through the Facebook Container? If so, doesn't that make it easy for Facebook to make the connection between my account and the website I'm visiting because the Pixel has an ID that's unique to each website or Facebook page?

exiledonamarginalisland commented 3 years ago

I noticed the very same behaviour.

I only use Facebook in the container. If I do searches on google in Firefox, when I log in to Facebook trough the container, Facebook presents me with adverts related to my searches on google. If I use Brave with private windows enabled, that does not happen. Is the container leaking?

Tested with Firefox 83 on Ubuntu 20.04.1 LTS and on MS Windows 10.

Any test you need, do not hesitate to ask, I am happy to run it.

ModQuadWarren commented 3 years ago

I started noticing this recently as well. Are we getting a response from support on this? Would rather not use a 3rd party tool if at all possible for obvious reasons.

thanks!

Morodar commented 3 years ago

What Facebook Container protects you from

The Facebook Container Add-on blocks Facebook Pixel and App Events.

App Events requires a sdk.js which is loaded via connect.facebook.com - this is being blocked by the extension. Facebook Pixel requires a fbevents.js also loaded via connect.facebook.com - this is being blocked by the extension. The Facebook Pixel 1x1 gif is loaded via www.facebook.com/tr - this is beeing blocked by the extension.

More about Facebook Pixel here More about App Events for Web here

What Facebook Container won't be able to protect you from

Facebook URLs

If you browse on Facebook clicking any URL in Facebook allows Facebook to track you which website you are visiting.

For example https://www.strenger.de/jobs becomes https://l.facebook.com/l.php?u=https%3A%2F%2Fwww.strenger.de%2Fjobs%3Ffbclid%3DIw.... [omitted because it's a very long URL]

Conversion API

Facebook Container is not able to protect you from Facebook's Conversion API. From https://developers.facebook.com/docs/marketing-api/conversions-api

The Conversions API allows advertisers to send web events from their servers directly to Facebook. 
Server events are linked to a pixel and are processed like browser pixel events. 
This means that server events are used in measurement, reporting, 
and optimization in the same way as browser pixel events.

Facebook Container can't prevent tracking by this technique because it's server side.