Facebook beacons
I was on Ancestry.com and went to download a GEDCOM file from my family tree work. I had developer tools turned on by coincidence, and noticed that when I clicked the download file button, a network communication was sent to Facebook! Appears to be a 5.6Kb 'beacon'. I don't see that behavior from Chrome. Why is Firefox telling Facebook what I'm up to on Ancestry.com?
All Replies (8)
Additional info: Enhanced Tracking Protection is on, and the status shows that www.facebook.com social media tracker is blocked.
The https://www.facebook.com/tr/ address is used for "Facebook Pixel" tracking and analytics. If Ancestry doesn't use FB tracking in Chrome, it may be using Google Analytics there instead.
Judging from bug reports going back about a year, the fbevents.js script referenced as the source of the request in your screenshot -- which historically loaded from connect.facebook.net -- is supposed to be blocked. Is it possible it somehow got accidentally unblocked in a recent change?
I wonder whether there is a public site (no login required) to check how well Tracking Protection is working against FB Pixel -- that would be helpful for testing.
Ti ṣàtúnṣe
Thanks for the feedback. Yes, when I use Chrome I've seen Google Analytics called, but not for this particular button press action. I went back on Chrome and took another look. When I navigate from Ancestry tree settings to display tree, amongst the avalanche of network requests, I see a call from fbevent.js. As I move around the site, I see loads of Facebook tr/ stuff (again, in Chrome). I'm not a privacy zealot, but this seems a bridge too far to track what I'm doing inside my Ancestry account. I don't see anything in Ancestry's policies about this sort of tracking with Facebook; They only mention Analytics. I have a paid Ancestry account - they don't show me ads. So for them to say having the advert cookies improves the ads I'm shown seems a bit disingenuous. Anyhow, in their cookies section, which you can't seem to get to without wading through two levels of support docs to get the link, I've turned off the generic 'advertising' and 'analytics' cookie tracking options and the tr calls seem to have gone away. Would be better if the browser's "Enhanced" Tracking Protection picked up on it. I don't see doing this for every site I visit. Regards.
Thanks for the more detailed testing. If we can find a simple demo pages for the developers to target, it would be a good idea to file a bug report. Even if it's a sealed container not actually linked to your regular FB account cookie, it would be good to have that clarity.
Ok, so when I loaded the Ancestry site without being logged in, I got the whole rogues gallery of trackers. I enabled Strict Enhanced Tracking Protection and that took care of that. They're mostly all blocked. (A few odd ones are still in there like pinterest, bing.com, ispot.tv, and civicscience.com.) I wonder, is Facebook tracking (or Google Analytics for that matter) so critical that it needs to be in the Strict category?
Oh, yes. I should have thought of that.
An important difference between Standard and Strict is that Standard only blocks tracking scripts in private windows, while Strict blocks them in both regular and private windows.
There also is a difference related to cookies, but I don't think those are the main issue here.
I think what threw me was I thought Firefox's blocking of Social Media Trackers would have taken care of this issue, but it does not. Apparently, it is covered in the Tracking Content category, but only in strict mode (or in private windows) as you've highlighted.
Ti ṣàtúnṣe
Yes, the page doesn't have the best description because "Social media trackers" refers to cookies. Someone should fix that...