The article is pretty long so please check the link for complete information<br><br><a href="http://webappsecblog.com/TrackingBySocialNetworks.html">http://webappsecblog.com/TrackingBySocialNetworks.html</a><br><p>
In this blog post I analyze methods of user tracking
which are performed by popular social network websites such as
<b>Facebook</b>, <b>Twitter</b>, <b>Xing</b>, and recently <b>Google+</b>.
</p>
<p>
Each of these social networks have buttons (called <i>Like</i>, <i>Tweet</i>, <i>Visitors</i>, and <i>+1</i>
buttons) which are installed on numerous websites.
I try to put some light on the actions performed by
those buttons and how they track users around the web, even when they
don't click those buttons.
</p>
<p>
All these buttons have one thing in common: they are
embedded in websites all around the web and load resources (scripts,
images, etc.) which are
fetched from the social networking website or their
content delivery partners. The website operator embedding these buttons
does not have the
complete control over what content is loaded in the
context of the user's browser viewing the website.
</p>
<p>
In the next paragraphs I show some details about the
code of these buttons and what happens when users view the
webpage located at <code><a href="http://www.example.com/shop.jsp?product=4711">http://www.example.com/shop.jsp?product=4711</a></code>. Let's assume that this is a popular shopping
site and the URL points to the product page of a certain product (identified by the parameter in the URL).
</p>
<p>
I differentiate
between the following three cases for each social network
while analyzing their abilities to track users surfing the web:
</p><ol><li>The user <b>is logged in</b> at the social network site.</li><li>The user <b>is not logged in</b> at the social network site.</li><li>The user <b>is not participating</b> in the social network and has therefore <b>no account</b>.</li>
</ol><br><br>