“Facebook was not an uninvited interloper to a communication between two separate parties; it was a direct participant,” the company said in a legal filing.
There's gotta be some existing legal doctrine on what constitutes a "direct participant", right?
Suppose I visit the website of Company A intending to do business with them (perhaps this is the only way to contact them). Their website contains the Facebook "like" button somewhere on the page. Is Facebook really a "direct participant" if I have no way to know that their widget is even on the site until I visit it, at which point they have already participated and I have no way to avoid it?
Likewise, does the law/precedent on "expectation of privacy" have anything to say about who specifically I should/shouldn't expect privacy from?
Hm, it's challenging because of the new medium but maybe we could discuss a real world analogue:
You walk in to a home expecting to meet your friend, when you enter there is a man from the TV network there. You didn't expect him, his intention is just to watch you and your friend talk about television shows.
Perhaps an example that gets closer to the crux of the problem:
You're at a restaurant with a friend, and an unrelated stranger nearby can overhear the conversation. Not a participant, right? Now imagine they were sent to listen to you, and report back to the TV networks. I would say that, they have a very clear intention to participate in the conversation.
What if the "man from the TV network" is really a "man from Amazon" only it isn't a man. It's a Ring doorbell, clearly labeled when you came through the front door. Or it's a little Echo in the corner of the room.
Does that mean Amazon was invited to the conversation? Should you as a visitor to the home expect that every logo you see in the house means that you agree to have that company present in your conversations during the visit?
Does a Facebook icon or a Google icon or an Amazon icon on a webpage give them the right to participate in your conversation? Does a Windows logo in the corner of your screen give Microsoft the same right?
Is it ok if they don't record audio or video, just metadata?
In most states and federally, one party consenting to a recording is sufficient, so in those cases it doesn't matter that you, the visitor, give consent.
In states with two party consent laws, I think you're required to have signage or other explicit message that declares recording is in progress (this may be different for residential properties): a Ring logo may not be sufficient.
There’s usually an option to not record audio in the software because in the states that require consent of all parties, audio recording is usually still not allowed without explicit consent of everyone in a non public location even if a notice is placed.
> Does that mean Amazon was invited to the conversation? Should you as a visitor to the home expect that every logo you see in the house means that you agree to have that company present in your conversations during the visit
In short. Yes. Some states only require the _owner_ of the device to consent to being recorded. PDF download below
It's not. In e.g. Germany, security cameras may not film public areas, or anything outside of your own property (and also not private streets leading up to your mailbox).
Additionally, they must always be clearly labeled, clearly visible, and before getting into the range of them you'll have to have a visible sticker warning about them, and having a clear GDPR privacy policy as well as contact data for whom to contact to retrieve or delete the footage in case it might contain you.
Consider this though: you walk into a casino and start gambling, and the casino hires a third party company to watch its security cameras. No one seems to have any issue with that arrangement; is this really so different? I think the key to understanding the situation is that the establishment makes the rules; the establishment put the like button there.
I think you are using "public" differently here than a lot of people would. A public bathroom is still "public" in that it's available to anyone and doesn't require specific information about you to use. However, most people would still consider it a private place, and expect their privacy to be respected while using it.
That's a good distinction. If the casino sent someone to listen at an unaffiliated restaurant that is different to the casino having agents in it's own premises.
You have an expectation of privacy in your own home - but you can't take back what you shared to your friend when you discovered he writes down every conversation on his blog. Intent isn't super relevant.
For the purpose of the wiretap act, 'participant' is unrelated to intent.
Interesting, I didn't realize "expectation of privacy" was related to (and dependent on) the 4th Amendment. Seems like a gap in our laws; expectation of privacy from people who aren't the government.
I mean, society won't function if you have to give everyone outside of your home consent to look or speak at you. Unless you plan on blinding and deafening the whole world, there's going to have to be a line somewhere about what we are allowed to learn about the people around us.
You walk in to a home expecting to meet your friend, when you enter there is a man from the TV network there. You didn't expect him, his intention is just to watch you and your friend talk about television shows.
Maybe the analogy should be: you go to meet a local contractor, and a representative from the cable company is there to help advise on the work. Neither of you are aware that he is recording the whole conversation, and that will use that information to send you targeted junk mail.
The analogy wasn't really about that though, I was trying to explore whether or not the third party is considered a willing participant or not, which changes the implications of the data collection.
A stranger in a restaurant can't help that they heard you talk about something private, but it was entirely the fault of the person sent to intentionally record a conversation so you could say they willingly participated in the ordeal.
Backing out of the analogy, Facebook willingly collected the data, it was entirely their intention to collect the data. So the responsibility of that data collection is theirs, and they were an active participant. I think it's important to set that precedent, because we all know the technology was entirely indifferent to what it was collecting, but we can't use the inadequacies of a technology and process as a way to excuse companies from responsibility. Holding them accountable would force them to get better processes and improve the technology so it doesn't happen again.
You come to a restaurant to eat dinner with your friend, who arrived early. Unbeknownst to you, your friend arranged for one of their acquaintances, who you don't know, to sit at the next table and secretly record the whole conversation.
I'd go a step farther, because I think it's what should really be relevant in this case.
You come to a restaurant to eat dinner with your friend, who arrived early. Unbeknownst to you, your friend arranged for one of their acquaintances, who owns a business, to observe and document your arrival, from a concealed location, behind a sign for that business.
What's relevant in this case should be that a reasonable person, upon observing a Facebook "Like" button on a page, comes to the conclusion that "that button exists for me to interact with, and interact with Facebook, related to this business."
More specifically, a reasonable person would not come to the conclusion that a Facebook "Like" button allows Facebook to load arbitrary code into your session with the business, the purpose of which is to track you and compile information on you.
It's unreasonable to expect people to choose to opt out of what they don't even understand.
Since we are stretching to find analog analogies, the Facebook case is more like:
You are communicating with your friend, but instead of talking directly, you write a note, hand it to Mr. Facebook, who opens it, reads it, then closes it and hands it to your friend, who in turn writes back, handing it to Mr. Facebook first. That’s more how communication happens on FB. FB acts as the mediator of the communication, a middle man whom both of you interact with to have the conversation. They are not spying from afar—you are directly giving them your communications.
Famous people and their paparazzi followers probably know all too well that when you are anywhere an eye can see from a public location you can be recorded.
As I understand it (and IANAL) there is a pretty well-established legal distinction between people whose job or avocation inevitably involves being famous and noticed, and just ordinary citizens. If you become a politician, singer, actor, etc. it is assumed that your expectation of privacy is different than for most people. Again IANAL, but my understanding is that just because photographers are allowed to hound famous actors, doesn't mean they can do it to someone who isn't newsworthy or otherwise in a public profession. IANAL.
Public Figure Doctrine in the US. According to it, if you are a public figure libel and defamation have much higher burden's of proof whereas if you aren't a public figure you don't. And there are concepts like "Limited Purpose Public Figure" (as distinct from 'all purpose public figures'). All purpose public figures- people who are in "positions of such persuasive power and influence that they are deemed public figure for all purposes"- like movie stars, sports stars, and politicians, have essentially an impossible time winning any court case bringing libel or defamation (they need to prove "actual malice" on the part of the person doing the defamation). LPPF's are people who make themselves public figures on a single controversy or issue, and have a hard time proving defamation on that topic, but are still private citizens for other purposes. Say, an otherwise unremarkable person who is the named defendant in a Supreme Court case- for the issue that went before the Supreme Court they will have a hard time proving defamation but in terms of the rest of their life they have the same protections that anyone else holds, and a lower burden of proof for damages.
All of this was worked out in the 1960's and 1970's, and I don't keep up on it so I'm not sure how courts have mapped Limited Purpose Public Figures onto modern social media: is an Instagram influencer a LPPF or a all-purpose public figure or a regular person?
> My understanding of the rule that has emerged from prior decisions is that there is a twofold requirement, first that a person have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as "reasonable."
In this already murdered analogy, they aren't even paying all of the rent. There is a rumour they paid a server once but nobody has ever seen them. You have to bring your own food and wine and cook it, but you're encouraged to share with other tables. Some of those tables were paid to be there. There is also a stream of bored looking people wandering round, occasionally one of them will drop a snack on your table.
The only people you can see that your friend hired are interacting with these snack droppers, telling them which tables to go to. It's unclear if this is very effective.
I'd say it's more like, VendorA gives VendorB special buttons (like they kind you pin to your shirt) that promote VendorA, analogous to the "like" buttons.
You visit VendorB for private financial counseling (like an https web session). VendorB is wearing the button during the session.
Unbeknownst to you (and probably VendorB), the button is recording some metadata of your encounter: when you went there, for how long, how loud your voices were, and VendorA periodically scans the button for this data and collects it.
Just like on the web, you were never aware of the implications of the VendorB button, and had no chance to opt out before the recording began.
I think this is the whole crux of everything. Trying to look back on past analogues really don't make much sense in my opinion. The fact is the old decisions were made in the past environment they were a part of. That environment has changed dramatically. The surveillance possible today simply wasn't possible in the past. Sure someone could setup a wiretap or a directional microphone, but the shear ubiquity of easy surveillance by so many different actors makes the environment fundamentally different at the application of past analogues pretty much pointless (in my opinion anyway).
I understand that legal precedent is built into the US legal system, but I think its applicability is often over emphasized. These are new times. Trying to apply past logic when the game has so completely changed is a fool's errand.
There are real world examples of ad tracking that are more similar. Bluetooth trackers in physical retail, digital billboards. For the TV if you're using Roku or similar they are probably running content ID and know what you are watching.
A problem with all of the responses here is that they swing and miss at trying to find an allegory that matches this situation, and then conflate their allegory as truth, losing any of the nuances of the Facebook situation.
You can skew these examples to make your point stronger, too. (The Radio in the restaurant is listening to me!)
The only situation that matches is the exact one at hand: Facebook tracked user information in their share/like widgets. Is that ok under the law? It wouldn't surprise me if it was, but I don't I think the laws should be tightened up on this as well.
Really, we can expect this to go all the way to the Supreme Court, and I would not be at all surprised if one of the reasons that the Supreme Court did not quash it is that they know they will have to provide guidance (in the form of a precedent) for lower courts on expectations of privacy in internet situations, but they want to let every court below them kick the tires on this case first so that they can benefit from all of that investigation and discovery before they have to issue a ruling on it.
Every shop you walk into has a secret camera that tracks everything you do. The cameras are all owned by a private advertising company that uses them to build a very detailed profile on you. On the plus side, the goods in the shop are often free.
"Suppose I visit the website of Company A intending to do business with them (perhaps this is the only way to contact them). Their website contains the Facebook "like' button somewhere on the page. Is Facebook really a "direct participant" ..."
The term "direct particpant" is not from the statute. Those are the words of Facebook's defense lawyers.
The statute provides an exemption for a "party" to communication, but it does not define the term "party".
The 1st and 7th Circuits, when faced with cases similar to this one involving third party "tech" companies that subsist on internet advertising, have interpreted the term "party" to exclude third parties such as Facebook. The 3rd Circuit however has interpreted it to include them. The 9th Circuit on hearing Facebook's case followed the 1st and 7th Circuits. Facebook wants the 3rd Circuit's interpetation to be the law of the land. The Supreme Court denied Facebook's appeal.
As such, the hypothetical requires some more facts. Where is Company A domiciled? Where do they do business? What state do you live in?
Some states allow "one party consent" to recordings of communications (ie, phone calls). Extending that, as long as Company A is aware of FB's practices, then your wishes are irrelevant as far as the law is concerned.
I have no idea what California's laws are regarding the matter, or the laws governing any of the other participants. I'm just speaking in the general case, that some states allow it, and the argument that could be made.
"California's wiretapping law is a "two-party consent" law. California makes it a crime to record or eavesdrop on any confidential communication, including a private conversation or telephone call, without the consent of all parties to the conversation."
Two-party consent is a funny thing. It's empowering to individuals in their interactions with corporations, but in this case it's clearly disempowering to individuals.
Is "asymmetric" one-party consent a thing in any jurisdiction?
One-party consent seems far more empowering to me. It lets me record any conversation I'm a party to whether the other party likes it or not.
In a two-party consent state, the corporation just has a message that the call may be monitored or recorded and me staying on the line qualifies as 'consent'. I'm not provided with an option to talk without being recorded and for many functions companies won't deal with you except through these specific phone numbers.
However, if I tell the company I want to record them, they have very little reason to humor me. In practice, this means I'm almost always being recorded anyway, but I can't generally record them back. It looks to me very much like corporations get one-party consent, and I don't.
I've heard it argued that "This call may be monitored or recorded..." can be interpreted as consent, but I'm not sure how that works out in practice, especially since I'd be recording the individual employees (who may have consented to their employer, but haven't to me).
> However, if I tell the company I want to record them, they have very little reason to humor me. In practice, this means I'm almost always being recorded anyway, but I can't generally record them back.
I’m pretty sure you’re allowed to record calls if a company plays that message. It’s implicit that if they are notifying you the call is being recorded, that they are also aware and agree to being recorded.
One tactic that seems legal is to play a similar message while the company’s robot is playing their message. Since the company doesn’t disconnect it means consent.
Not aware of this being legally tested but seems like a stupid hoop to meet the two party consent jurisdictions.
The message itself ("this call may be recorded") has given you consent the record the call, without needing to play your own version. The point was that this doesn't mean the employee themselves has consented.
Then again, the caller could use similar reasoning of saying their assistant placed the call and waited on hold, and only then did they get on the line. Or really any phone conversation where a new party comes on the line after the recording has started.
I think the call center employee would have a pretty hard time arguing some expectation of privacy regarding your recording, when their employer has made it clear that the call can be recorded. I'd be interested in any precedents to the contrary though.
However, talking in terms of "consent" might just be a red herring. A company hasn't actually obtained your consent by playing a notice that they are recording the call. What they have done is destroy your expectation of privacy.
I used to support a call center. One of the things we did was monitor that the call agents gave the disclosure for each call. One sticky point was that if we had to get a 2 borrower on the line, we had to give the disclosure AGAIN.
Each person you talk to needs to hear the disclosure.
Recording provides power to the weaker entity because they can expose the more powerful entity. The ability to expose is the only equalizing power a weaker entity has.
For example, an employer with power over an employee can ask the employee to do something unscrupulous without worrying about being exposed if the law forbids the employee from being able to expose the employer.
For a large corporation versus small individual, I don’t see what the small individual would ever have to lose by being recorded (or gain by not being recorded). The small individual is never going to be in a position where they can twist the large corporation’s hand into doing something wrong, and if they were, then I would say the large corporation is the weaker party in that interaction.
Hm, I see what you mean. I worry about that - I think generally you don't record a large corporation, you record another person (or people). Those people might be in a position of authority, sure, but being able to publish highly out of context footage is potentially far more power than anyone should have used against them.
Not so. Only 12 states require two-party consent to record conversations. Federal law is one-party. There are caveats and rules around all of it, but on a board scale, most of the country only requires single party consent.
Presumably - if states are defining 1-party vs. 2-party consent laws, then doesn't the 10th amendment imply that this matter shouldn't be handled federally?
The key here for the purpose of the Wiretap act is that the website was the participant - they wanted the Facebook like button there. And the argument will likely revolve around whether the companies were cognizant of the implications of adding Facebook scripts to their site.
No one’s asking me to, but I’d testify that I absolutely didn’t know the implications back when I had share buttons on my site. It was a fun thing that almost everyone was doing, for the sole intention of making it more convenient for visitors to share my content that they enjoyed. Period. It absolutely wasn’t so that I could make it easy for FB and friends to track my visitors.
It all seems so obvious in retrospect, but at the time there wasn’t a lot of pushback from people explaining why it was a terrible idea.
> whether the companies were cognizant of the implications of adding Facebook scripts to their site.
I’m inclined to believe Backblaze were not cognisant of the implications of adding Facebook scripts to their site, given the speedy (~12hr) turnaround on resolving once brought to their attention.
If tech companies are unaware, what are the odds that the majority of other companies are?
The lawsuit only applies to 2011, Although in Backblaze's case it looks like a situation where their web team made a mistake building a custom Facebook tracking pixel. They are 100% intending to send tracking information to Facebook.
>Is Facebook really a "direct participant" if I have no way to know that their widget is even on the site until I visit it, at which point they have already participated and I have no way to avoid it?
If you meet someone at some office for an interview or a negotiation or something, and a third party is there whose presense was not announced beforehand, aren't they a "direct participant"?
And didn't you also had "no way to know that they would even be there" until you visited that location?
In the example you gave, I have the opportunity to interact with this third party, demand to know why they're there, and may choose to leave, with my privacy intact, if I don't like their presence. This is all part of the process of informed consent.
Clearly this analogy, particularly with respect to "informed" and "consent", does not apply to a Facebook widget on a site.
There are of course ways to avoid sending a HTTP requests to Facebook, but not within the confines of the expectations of web developers where the user is expected and even prodded to use a browser deployed by an advertising company or one that tries to match it feature for feature. These browsers are ideal for serving ads.
You could check for the "Like" button by first retrieving the page from an alternate source, with Javascript disabled, e.g., the Internet Archive.
Even if you retrieve the page from Company A's site, unless you have Javascript enabled and use a browser that automatically loads resources, you can check for the "Like" button poiting to Facebook's servers by inspecting the contents of the page. (Note I have seen some websites host a Facebook "Like" button image on their own servers.) Checking for things in the contents of a page can of course be automated.
But putting technical solutions aside, it is worth reading the 5th Circuit case that suggested Google was a "party" under the Wiretap Act.^1 In that case Google tricked iPhone Safari users into believing third party cookies were being blocked. Meanwhile they disabled third party cookie blocking in Safari by sending a cookie from a hidden form in an iframe.^2 The 5th Cir Court of Appeals noted that using fraud to become a "party" to the communication has no effect on the Wiretap Act exemption. If law enforcement can use deception to become a "party", Google can too.
This is not to suggest Google was innocent of malfeasance. When Google's behaviour was first disclosed by a Stanford grad student in 2012,^2 the WSJ picked up the story.^3 This attracted the attention of the DOJ who filed a complaint. Google ended up paying a $22.5M civil penalty. State AGs also filed a complaint against Google. Google settled for $17M with 38 states. It was only when private lawyers in multiple states attempted to bring a class action suit on behalf of users that the Wiretap Act claims failed.
>In its appeal to the Supreme Court, Facebook said it is not liable under the Wiretap Act because it is a party to the communications at issue by virtue of its plug-ins.
That would be kinda scary if allowed. I would think / hope that as an individual that I would need to actually know that someone is a party to the conversation... the idea that Facebook could just say "well you logged in this one time so now we're party who god knows what ..." would be pretty horrible if legally accepted.
Granted, from a tech standpoint, that's also kinda how it is :(
The same logic applies to "Let's make sure that other party chooses the worst possible candidate, thus compeling everyone to vote for the candidate we prefer in the general election."
Or "let's present our boss with two options, the correct one and also an absolutely awful one, thus ensuring that they will select the correct option."
I'm not sure how telling Facebook (or Google) "you can't spy on people just because a page has a link to your widget" is even remotely the same as gaming an election?
Possibly. I'm ok with that too. If a site wants that info they can pay for it (vs trading their own visitor's data for the service).
IANAL, IMO, etc.... in terms of how I feel personally about the use of my browsing data, a lot depends on the scope of what/where/who I'm visiting. I don't have much expectation of privacy for simply visiting a site - some unique tracking ID gets passed around, ok, I can live with that. To me, the meatspace equivalent is a neighbor telling another neighbor they saw me at the supermarket.
But, once I start actively engaging on the site - buying things, entering PII for some reason, posting in a forum - my expectation of privacy is higher (even if the reality isn't the case). I don't want that info traded without my consent.
This is a textbook false dichotomy. We could change the laws around digital privacy to reflect an infinite combination of policies, it is not a choice between two options. The point is that Facebook's position should not be the default policy.
What makes this case particularly exciting to me is that it feels like a step in the direction of bottoms-up protections for citizens, as opposed to top-down regulation of corporations, which I believe is the better path forward.
> The same logic applies to "Let's make sure that other party chooses the worst possible candidate, thus compeling everyone to vote for the candidate we prefer in the general election."
Interestingly, wikileaks dumps revealed that exactly this occurred in 2016. Google "pied piper strategy" for the relevant coverage. Spoiler alert: didn't work out quite as they expected.
The two situations are entirely separate. What you, essentially, wrote is that there is no difference between gaming an election and the privacy afforded by a wiretapping statute.
Typically when you hear "This call may be recorded for quality assurance" you don't hear the brand name of the telephony product used to record the call, or the system that might transcribe the call, or the regulatory auditing system that takes those transcripts and makes them searchable across users for words that might raise red flags. Nor would you expect to.
But therein lies the slippery slope: where does that system end, which places people into buckets based on the content of those calls, and a system begin where data sharing between these "wiretapped calls" is used for ad targeting?
If you extend this to the web - must every site where clickstream data ends up in a hosted version of Snowflake, visually display that it uses Snowflake? We can use intuition to "call it when we see it" but that's very hard to ensconce into law in a consistent and predictable way, without ending up in a situation where there's an even worse overload of disclaimers than American drug commercials. And nobody wants that.
I think it's less about the data, but more about the consent regarding the usage of that data.
At least the call message is honest about its intent, so you know what you're consenting to. The Facebook button, however, doesn't state that it's there to track your interests to advertise to you more effectively.
"The company stopped its nonconsensual tracking after it was exposed by a researcher in 2011, court papers said."
Did Facebook stop tracking non-users though? Maybe that particular method was ceased but Facebook still slurps up all the data it can on anyone and everone. Case in point: the recent Facebook login SDK for mobile was tracking non-users.
Well, the Supreme Court is the fallback method. In reality, Congress is the branch that's supposed to say, "whoa, that new technology opens some new questions about privacy and such, let's pass a law clarifying the situation". But, in practice, our fallback method appears to be resorted to at least as often as the intended method.
I found hidden Facebook buttons and pixel on the portion of my apartments website where tenants were forced to pay rent. The apartment stopped accepting checks and/or money orders and the only other way of paying your monthly rent was to go to a Walmart and pay and extra fee.
There was no mention of Facebook anywhere in the privacy policy of the website and an employee of the company that ran the website stated she also could not find any mention of Facebook in their privacy policy or terms and conditions.
This was first reported in 2011. Note how long it took to get to the point where Facebook is being legally compelled tell the truth.
IMO, this also highlights the difference between tracking as one issue and what a company may do with collected data as another. Arguably the second issue is the most important. It is easy enough to discover the presence of tracking, but discovering what companies do with collected data is more difficult, and perhaps requires compelled discovery in the context of legal proceedings.
When talking about Facebook, keep in mind that this is the company whose founder literally called its own userbase "dumbfucks" for trusting him with their data [1]
It doesn't seem a very serious comment. I think it's just the obvious reaction to starting a website at your university where, mysteriously, you end up with thousands of your peer's details.
I think these kinds of data lawsuits are going to be the new tobacco/opioids lawsuits. People seem to be figuring out how to quantify harm and damages and remediations. Once a few of these start paying out, I can see some really massive class action lawsuits and then state lawsuits.
I think it will be bigger than tobacco and opioid because of the ability for key insiders to be able to target lawsuits and highlight things that were illegal or caused some sort of harm.
> Four individuals filed the proposed nationwide class action lawsuit in California federal court seeking $15 billion in damages for Menlo Park, California-based Facebook’s actions between April 2010 and September 2011. The company stopped its nonconsensual tracking after it was exposed by a researcher in 2011, court papers said.
If I understand correctly, for over a year Facebook would track users to web services that had Facebook integrations installed. It's not super clear what was different for "consensual tracking", but I presume this coincided with their privacy center?
> “Facebook’s user profiles would allegedly reveal an individual’s likes, dislikes, interests and habits over a significant amount of time, without affording users a meaningful opportunity to control or prevent the unauthorized exploration of their private lives,”
The Wiretap act seems like a bad precedent here. The problem isn't that that data was unwillingly intercepted (otherwise even things as simple as server logs would count as a wiretap), it's that people object to the way their information is being collected and aggregated. And there's no good law to really apply here without making a new one.
> If I understand correctly, for over a year Facebook would track users to web services that had Facebook integrations installed.
Facebook tracks users across websites. This is of course still happening. I thought this is common knowledge. This is happening because both Facebook and other websites benefit from this kind of tracking.
The suit only covers between 2010 and 2011. So unless their tracking opt-in dramatically changed, I believe the issue of the lawsuit was the lack of consumer privacy options in this period.
Isn't the behavior in question simply loading the like button image from Facebook's (or Twitter's, or Pinterest's, or ...) servers, where it is logged and matched to your profile by IP address?
It seems like the only thing that separates what Facebook is doing from most other ad and tracker networks is just sheer volume.
It’s insane how many trackers ‘modern’ websites embed that exist to track you around the web. A typical site may have several trackers doing the same thing depending on advertiser agreements and sanity checks if there’s discrepancies in volume.
As someone whose transitioned to working more in media now, I still struggle to see the benefits many of these trackers promise.
I’m at the point now where I only allow a few sites to set and store cookies, while I run a Pihole, Noscript and Ublock. Even then, stuff manages to leak through.
Personally, I think the privacy cases that this Supreme court hears will probably be what it is most remembered for in the future. I suspect this particular lawsuit will be settled now for an undisclosed sum to the plaintiffs as it seems that it will be allowed to proceed in the lower courts and that means discovery and all sorts of things which Facebook would likely want to avoid.
There's gotta be some existing legal doctrine on what constitutes a "direct participant", right?
Suppose I visit the website of Company A intending to do business with them (perhaps this is the only way to contact them). Their website contains the Facebook "like" button somewhere on the page. Is Facebook really a "direct participant" if I have no way to know that their widget is even on the site until I visit it, at which point they have already participated and I have no way to avoid it?
Likewise, does the law/precedent on "expectation of privacy" have anything to say about who specifically I should/shouldn't expect privacy from?