• Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

Trainsplit sending data to Facebook?

Status
Not open for further replies.

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,691
Location
Scotland
Could they not associate it with your IP address which they might use in ways I can't even imagine.
Unlike CSI, there really isn't much one can do with an IP address other than get a vague idea of what part of the world a device might be in. If that.

For example, right now using a IP to location database any advertiser would get that my PC is located in DD1 but little more than that. At the same time, if I was to access the site from my phone it would believe that I am in Gloucester.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,691
Location
Scotland
Like other sites on the Internet, we receive info about the web page you're visiting, the date and time and other browser-related info. We record this info to help us improve our products.
For example, a log line from my web server:
Code:
92.240.205.203 - - [07/Feb/2020:18:00:37 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
Tells me that someone from Pakistan accessed my homepage using (possibly) a Mac. Very little more than that.
 

Skie

Member
Joined
22 Dec 2008
Messages
1,067
Facebook has these widgets on millions of sites, so they most definitely can figure out your browsing habits and then sell that onto an advertiser. Even if you don’t have a FB account they can use cookies and all sorts of other ways to track you and compile a profile. The advertisers will have cookies on your machine that let them target you.
 

DaleCooper

Established Member
Joined
2 Mar 2015
Messages
3,507
Location
Mulholland Drive
For example, a log line from my web server:
Code:
92.240.205.203 - - [07/Feb/2020:18:00:37 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
Tells me that someone from Pakistan accessed my homepage using (possibly) a Mac. Very little more than that.

A single instance won't tell you much but if you had access to thousands of examples of that IP address being used it might be a different story.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,691
Location
Scotland
A single instance won't tell you much but if you had access to thousands of examples of that IP address being used it might be a different story.
The most that Facebook could get (and this is highly theoretical) is a partial list of sites which had been accessed from that IP address. And, with increasing use of CG-NAT that is less and less useful pretty much every day.

In other words, it really isn't something to be worried about, despite the likes of Symantec trying to sow fear in order to sell gullible people 'security' products that they really don't need.

Edit to add: I've been in IT most of my life, and have decent understanding of tech. Do I use a VPN? Yes. Is it to hide my personal data from the big tech companies? No. You have *much* more to fear using free WiFi in a pub than you do from what Facebook or Google might do with the data you share with them. They are just trying to sell some targeted ads for something you might actually be interested in, the dodgy guy down the other end of the bar is trying to empty your bank account.
 
Last edited:

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,691
Location
Scotland
Forgive my ignorance but if an IP address can't be used for anything undesirable why do you need a VPN.
To encrypt my data while it's transiting over networks that I don't trust - mainly free Wifi access points - as well as to access UK-based services when I'm not in the UK. Plus to get around content blockers on said networks deciding what is and is not appropriate content for me to view. (Not that I want to view anything particularly dodgy, but I've seen way too many examples of the Scunthorpe problem where content blockers are concerned).
 

DaleCooper

Established Member
Joined
2 Mar 2015
Messages
3,507
Location
Mulholland Drive
To encrypt my data while it's transiting over networks that I don't trust - mainly free Wifi access points - as well as to access UK-based services when I'm not in the UK. Plus to get around content blockers on said networks deciding what is and is not appropriate content for me to view. (Not that I want to view anything particularly dodgy, but I've seen way too many examples of the Scunthorpe problem where content blockers are concerned).

As none of that applies to me I suppose I'm OK as I am.
 

Paul Kelly

Verified Rep - BR Fares
Joined
16 Apr 2010
Messages
4,130
Location
Reading
Tells me that someone from Pakistan accessed my homepage using (possibly) a Mac. Very little more than that.
That's a good example of the some of the information that will be sent, but I don't think it's so relevant to the discussion here because you're not Facebook! Or in a bit more detail, because:
  • the request is for your homepage so it seems likely the access of your site is intentional, and therefore it is much more likely that the average user would expect you to have a record of their visit, unlike the average visitor to TrainSplit, who I dare say would be surprised that the same information is sent to Facebook as a result of their visit
  • you don't have pixels embedded in millions of other sites like Facebook does, so you can't build up a picture of the more general web activity of the user(s) with that same IP address and web browser version; it doesn't mean as much to you as it does to Facebook
  • you (I'm guessing) don't set cookies every time a visitor requests a page or image from your site, so it's probably harder for you to track them across multiple visits if you're relying on the IP address being the same
Specifically what PII would they get by an image being loaded? Specifically.
As well as the IP address and web browser version details as noted above, any cookies that Facebook has previously set will be sent. If you were logged into Facebook at the time (or, I think, have been recently logged in and not cleared your cookies since), they'll know its you from these cookies.

Even if you have never had a Facebook account, they'll be giving you some sort of random identity through these cookies and building up a picture of the websites you visit and the sort of stuff you're interested in. So maybe not personally identifiable, but enough to stereotype or pigeon-hole you, or at the very least identify which websites you have previously visited, and thus serve you targeted advertising. I certainly find targeted advertising very useful, but I still think it's a bit creepy.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,691
Location
Scotland
So maybe not personally identifiable, but enough to stereotype or pigeon-hole you, or at the very least identify which websites you have previously visited, and thus serve you targeted advertising. I certainly find targeted advertising very useful, but I still think it's a bit creepy.
Exactly. No personal information.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
506
An example of how someone may be affected by this:

Person has an outwardly heterosexual Facebook profile but travels by train to places that hold Pride street events.
Facebook notes that the travel patterns match those of people who have been categorised as queer street protestors, so also categorises this person as a queer street protestor.

The person may be shown harmless ads relating to this. However there is also potential for other countries to obtain the data, and the person could run into problems when travelling to places that dislike queer people and activists.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
506
https://www.washingtonpost.com/technology/2020/01/28/off-facebook-activity-page/ said:
The Washington Post says it stopped using the Facebook tracking pixel, along with some other social-networking trackers, on content pages as of Oct. 24.

Can we ask the same of Trainsplit?
 

SickyNicky

Verified Rep - FastJP
Joined
8 Sep 2010
Messages
2,772
Location
Ledbury
You can indeed. We stopped using the shareit toolbar about two weeks ago, which should have stopped all Facebook tracking.

Thanks to all on this forum who flagged it up.
 

miami

Established Member
Joined
3 Oct 2015
Messages
3,164
Location
UK
You still have this on the front page
Code:
    <!-- Facebook Pixel Code -->
    <script>
        !function (f, b, e, v, n, t, s) {
            if (f.fbq) return; n = f.fbq = function () {
                n.callMethod ?
                    n.callMethod.apply(n, arguments) : n.queue.push(arguments)
            };
            if (!f._fbq) f._fbq = n; n.push = n; n.loaded = !0; n.version = '2.0';
            n.queue = []; t = b.createElement(e); t.async = !0;
            t.src = v; s = b.getElementsByTagName(e)[0];
            s.parentNode.insertBefore(t, s)
        }(window, document, 'script',
            'https://connect.facebook.net/en_US/fbevents.js');
        fbq('init', '2125394971084886');
        fbq('track', 'PageView');
    </script>
    <!-- End Facebook Pixel Code -->
    <!-- Yieldify tag -->


For anyone concerned, I'd recommend people use something like ublock origin, DuckDuckGo privacy extensions, firefox's facebook container etc to make it harder for facebook and google to track you


ddg.pngddg2.png
 
Last edited:

SickyNicky

Verified Rep - FastJP
Joined
8 Sep 2010
Messages
2,772
Location
Ledbury
What URL are you using please? Are you using trainsplit.com or a sub domain? Some sub domains have their own stuff embedded and it looks that that's one of them.

Thanks.
 

miami

Established Member
Joined
3 Oct 2015
Messages
3,164
Location
UK
https://www.trainsplit.com

Code:
$ curl https://www.trainsplit.com 2>/dev/null|grep -A15 Facebook
    <!-- Facebook Pixel Code -->
    <script>
        !function (f, b, e, v, n, t, s) {
            if (f.fbq) return; n = f.fbq = function () {
                n.callMethod ?
                    n.callMethod.apply(n, arguments) : n.queue.push(arguments)
            };
            if (!f._fbq) f._fbq = n; n.push = n; n.loaded = !0; n.version = '2.0';
            n.queue = []; t = b.createElement(e); t.async = !0;
            t.src = v; s = b.getElementsByTagName(e)[0];
            s.parentNode.insertBefore(t, s)
        }(window, document, 'script',
            'https://connect.facebook.net/en_US/fbevents.js');
        fbq('init', '2125394971084886');
        fbq('track', 'PageView');
    </script>
    <!-- End Facebook Pixel Code -->

    <!-- Yieldify tag -->
   
    <!-- End yieldify tag -->

   

   
    <script type="text/javascript">

        function pageLoad(sender, args) {
            $(".loader").fadeOut("slow");

            $('#main_content_TextBoxFrom').autocomplete({
                source: function (request, response) {
 

SickyNicky

Verified Rep - FastJP
Joined
8 Sep 2010
Messages
2,772
Location
Ledbury
Well, that shouldn't be there! I'll dive into it tomorrow. Thanks for the heads up.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
506
You still have this on the front page
Code:
    <!-- Facebook Pixel Code -->
    <script>
        !function (f, b, e, v, n, t, s) {
            if (f.fbq) return; n = f.fbq = function () {
                n.callMethod ?
                    n.callMethod.apply(n, arguments) : n.queue.push(arguments)
            };
            if (!f._fbq) f._fbq = n; n.push = n; n.loaded = !0; n.version = '2.0';
            n.queue = []; t = b.createElement(e); t.async = !0;
            t.src = v; s = b.getElementsByTagName(e)[0];
            s.parentNode.insertBefore(t, s)
        }(window, document, 'script',
            'https://connect.facebook.net/en_US/fbevents.js');
        fbq('init', '2125394971084886');
        fbq('track', 'PageView');
    </script>
    <!-- End Facebook Pixel Code -->
    <!-- Yieldify tag -->
Thank you. What does that do?

For anyone concerned, I'd recommend people use something like ublock origin, DuckDuckGo privacy extensions, firefox's facebook container etc to make it harder for facebook and google to track you
DuckDuckGo as a browser or as a search engine?
 

AlbertBeale

Established Member
Joined
16 Jun 2019
Messages
2,690
Location
London
It's a search engine.

I mostly use Duck Duck Go for searches (with their Privacy Essentials turned on) - I never under any circumstances go near Google - and occasionally use Startpage or Ecosia.

My Firefox browser has Facebook Container installed, and depending on the machine I'm using I have various other odd privacy/security extensions added to Firefox too, like Privacy Possum.

And while I'm at it, I generally access the net via a free VPN - and I always do this if out and about using pubic wifi.
 

some bloke

Established Member
Joined
12 Feb 2017
Messages
1,561
trainscanbecheaper.info also has the Facebook Pixel Code (on Firefox for Windows, right-click and View Source).
 

miami

Established Member
Joined
3 Oct 2015
Messages
3,164
Location
UK
Thank you. What does that do?

Curl connects to a webpage and shows the "code" that makes the page up. The grep line only picks out the part of the page with Facebook embedded into it

DuckDuckGo as a browser or as a search engine?

Anyone interested in privacy won't be using chrome, and are probably using Firefox. This addon blocks most trackers (not just facebook and google, but things like scorecardresearch and chartbeat - both found on the BBC News website)

https://addons.mozilla.org/en-GB/firefox/addon/duckduckgo-for-firefox/
 

TUC

Established Member
Joined
11 Nov 2010
Messages
3,564
I do hope Facebook, and many other apps, gathers intelligence about what I am interested in. After all, who wouldn't much rather have offers and adverts targeted at things they are interested in rather than something random and irrelevant?
 

dtaylor84

Member
Joined
14 Apr 2013
Messages
128
I do hope Facebook, and many other apps, gathers intelligence about what I am interested in. After all, who wouldn't much rather have offers and adverts targeted at things they are interested in rather than something random and irrelevant?

I'd rather have totally irrelevant ads, as it's less likely to persuade me to spend money on something I don't want.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
506
Apps communicating with Facebook have been in the news again after apps like Spotify failed yesterday. Apparently it's to do with Facebook Software Development Kit (SDK).

I checked and TrainSplit has still been sending data to Facebook. I admit I am still confused as to what's innocent data-sharing and what isn't.
 
Status
Not open for further replies.

Top