If you have Facebook "like" buttons embedded on your website, it could make you liable for breaking GDPR privacy laws, even if it's Facebook doing the illegal stuff:

You can protect your site from legal liability (and protect your users' privacy) by removing all Facebook like buttons.

Please tell your employers/organisations about this ruling, it may help convince them that Facebook is toxic (or at least that embedded like buttons are toxic).

@jaze @switchingsocial Just install ublock origin and you will be safe! Or turn on firefox's Content Blocking 🧐

@jaze @switchingsocial Yup, I'm not (currently) using the container Add-on, but instead running Firefox with Privacy Badger (& Decentraleyes, plus uBlock Origin, ofc. :))

@switchingsocial The only correct way to use these buttons is how Bruce Schneier does, requiring an explicit interaction to load the button code

I hope this becomes a party of the general understanding of GDPR.

I'd like to point out that it was in fact #German publisher #Heise who created the two-click solution back in 2011.


@tfb @switchingsocial
“Unsurprisingly, #Facebook didn't like this change. A spokesperson told the German publication that the way it has implemented the Facebook Like button violates the Facebook Platform Policies”

At Farcebook they must now be wondering why is #karma such a bitch. 😁

@tfb @switchingsocial One large German news website has written a library that does this for share buttons:

Not the case here, but one thing that really irks me is how certain companies (this is more prevalent in #UK) think that consent is a silver bullet.

I point them to § 7.4 of the #GDPR.

That's what happens when you get advice from crap lawyers.

@switchingsocial I like the idea of keeping the button image while deleting all the Facebook code. Does nothing when clicked but makes the user feel better


It is incredible how often this company breaks laws without being punished!

@switchingsocial i'm sure guilt by association isn't going to have any wide reaching ramifications :blobpopcorn:


It's not "guilt by association", it's legal liability due to automatically loading trackers without user consent.

@switchingsocial You can perfectly make a like or share button without their tracking embeds. I think that this is a good thing since everyone should have the right for privacy.

I couldn't view the article, since that website uses Cloudflare, which I block. Cloudflare is a privacy nightmare.

Yeah it's actually quite easy to do the buttons yourself, but people are lazy...


Don't know about “like” buttons but I've done “share” buttons and it's just a hyperlink, as his Timness intended.

But this calls for the question: what about browsers prefetching links all on their own, or #html prefetch hints leading to off-site resources?

What about Google fonts?

What about scripts fetched from a CDN?

@RMW @switchingsocial

@RMW @switchingsocial That may be true, but how (and why, right) have we gotten to the point where browser eco-systems are enabling (via direct integration and not even just by plug-ins any longer) web applications to gain unprecedented access to -some, whatever- data and even the OS in some cases (well, by default that is). It started way back in the days of "Proxomitron". xF

@corlija @switchingsocial Never heard of "Proxomitron", but I do agree that plugins might have been a better way to handle this stuff.

@RMW @switchingsocial Oh, Proxomitron ( is a masterful implementation of a localhost proxy used to filter HTML, JavaScript, it's basically limitless (& wonderful!); from now a late author, unfortunately - and it came for free, when other companies had been charging for the same. A true gem, for example, like Tiny Personal Firewall, later Kerio Personal Firewall 2.1.5 (last ver. b4 discontinuation). :)

@switchingsocial If embedding a Facebook button on your website makes you a "joint data controller", I have to wonder about ReCAPTCHA. :-)

@switchingsocial I have embedded share buttons for several services, including Twitter, MeWe, and Facebook, but no like buttons. I'm not even sure what that would mean. (I don't use Facebook.)

@lexas @switchingsocial With "Facebook Libra" and (also, heh), like, billions of dollars already invested in all of their data centers - it doesn't look like they'll be 'going away' any time soon. Perhaps the better question is, why hadn't we bought shares some 10+ years ago. :P:D (Just kidding)

@switchingsocial This is not specific to "FB-like" - it applies to all third party content (especially trackers). Let's talk about #GoogleAnalytics.

@switchingsocial I'm not sure if it's still working, but there used to be an alternative that allowed to have a number of social network buttons on your page that only called the relevant site when clicked:

Sadly, the website is dead and I'm not sure whether the buttons are still working (also, they would probably need to be updated to include the federated social networks, if possible?).

Does anybody know if there is something like this that is maintained?
@switchingsocial time to cancel fediverse @lain. Not being to control external media on your own instance makes it GDPR incompliant.
[Time to move hosts?]
@switchingsocial I have found something about blocking google analytics…

I have amended my hosts file according to the above, I would rather neither facebook or google track me.

I would assume this stops my local PC from connecting to the google analytic stuff anyone know the correct entries for facebook ? Maybe we can compile a list and share here so others can use.

I would really like to see some wordpress based, easy to install and set up social share buttons for the fediverse, I tried one plugin and it didn't appear to actually do anything or didn't show any share buttons. on my website I have share on diaspora which is about it.

@zleap @switchingsocial (On desktop -Firefox- there's the NoScript Add-on, among a few others - like Decentraleyes, Privacy Badger, uBlock Origin - that can help retain browser functionality, while blocking as much as possible at the same time. Though it still takes configuring to not download web-fonts and a bunch of other stuff, too.)

@switchingsocial Would this also apply to any buttons for Instagram, whatsapp and other services owned by facebook ? If not it will just be a way to backdoor data collection.
@switchingsocial I have sent the link and some text around it to my local children and young people partnership group also sent to my local Linux user group.

@switchingsocial commitstrip uses facebook comments 🤢 I think they should have some instance and toot every new comic to feed and people who comment on toot will be shown on the site :) We should make iframe API for mastodon!!

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.