I didn’t know about this extension but now I do. Thanks FB lawyers.

I lived on Zumirez Drive when this happened (well, actually, on the corner of PCH and Zumirez). I was super-excited to show CaliforniaCoastline.org to all of the neighbors, telling them, “isn’t this cool? We can see our beach on here!” I guess some of the neighbors weren’t as thrilled...

That neighborhood was really special and weird. Streisand got a lot of negative press for what she did, but she was also legitimately afraid of stalkers and crazy people. It was a really sad situation to observe. I’ll write something about this at some point, after the other 100 strange stories in the queue.

I didn't know what Barbra Streisand's Malibu residence looked like, but now I do.

Ah yes, the Streisand Streisand effect, the effect of being the Streisand referred to in the Streisand effect and having your private details brought up in metaconversations

it's very satisfying to me that the Streisand Streisand effect is an example of the Streisand effect. It's like F(F(x)) = F(x).

“The Streisand effect is idempotent”

Only on HN

Works at least for F(x) = c and F(x) = x (∀c ∈ ℝ)

(this is not legal advice)

If 'x' is a vector, then it works for a lot of other functions as well (all the projections into a lower-dimensional vector space).

Streisand should counter with a super-injunction, to complete the circle.

Re: Streisand effect effect vs Streisand Streisand effect. They both work, I thought of it as Streisand (possessive of specific person) "Streisand effect" (concept). Also the doubling on the left seems beneficially sillier

Beautiful view from her house but how do you get down to the beach?

The public can walk there from Paradise Cove, which you can access from PCH after Bob Morris lost his big lawsuit.

The combination of over-tourism (accelerated by way too many Airbnbs), social media and rising sea levels means that this beach isn’t the beautiful secret it used to be, so ... have a nice time visiting!

There's typically stairs somewhere in the area for beaches like that.

You my friend, haven't been invited to parties at fancy places a lot, have you?

My first impression is that if you need a program to help you unfollow, you seem to have a problem already…

I don’t think anyone is arguing with that. It’s just that the problem is not rare (unfortunately)

Not really. With the confusing interface Facebook introduced (even the Activities Log where I used to find logged actions more easily), it has become more difficult to find the list of people/pages followed. It's not surprising that they would often look for tools that can simplify the process instead of finding a needle in Facebook's own haystack.

Chrome doesn't require extensions to be signed? Or hasn't revoked the signature?

The linked instructions involve loading the unpacked extension in developer mode. There isn't really a way of preventing that without crippling the ability of extension developers to develop their own extensions.

Well, Firefox prevents that unless you download a separate developer version that doesn’t update, and Mozilla insists that’s for security.

My Firefox Developer Edition updates just fine by itself. Maybe a (corporate) firewall is blocking the update server on your machine/network and your corporate software repo is only installing the enduser Firefox?

I haven't checked it in a while and haven't tried, I've just been going by what I remember from the last time I tried to get around this restriction, and what someone brings up every time Dev Edition is suggested as an alternative. I guess it's worth trying out again.

If Mozilla has unbroken the Developer edition, and it's available to everyone, great! Firefox is almost back to the functionality it had in 2016!

In any case, no, I'm not on a corporate firewall, you were kind of jumping to (oddly specific) conclusions there. And firewalls don't work like that.

It's always worked for me.

I think the unbranded version doesn't update. Or used to not update. But that's not developer.

The greatest security threat is that browser vendors become increasingly untrustworthy, so a signed app doesn't really say it doesn't exploit you to the maximum of its ability.

Oh agreed, I hate Mozilla’s thinking on security.

How so? I’m on FF 91 (not dev ed) and can load from a self-built zip file just fine

I could be wrong, but I think you can side-load any extension locally. About 3 years ago Google made it impossible to have users click a link on your website and install that way (which some people referred to as side-loading), but I think you can still enable dev mode and side-load a downloaded file.

At least as of 2 years ago, you could go to chrome://extensions, click a "Dev Mode' toggle in the top right, and sideload a downloaded crx (I know from installing https://adnauseam.io/ every time I had to use a Chromebook, it’s banned from the webstore for adding obfuscatory privacy enhancements designed as research by Daniel C. Howe and Helen Nissenbaum to gorhill's great µBlock Origin).

I recommend avoiding all browser extensions unless they come from well-known developers (eg 1Password) and they’re downloaded and installed through official channels.

Browser extensions have a lot of access to your browsing activity and can phone home as well. One of the reasons this extension was sent a C&D was that it was sending some data home to the author’s server. That might be what the install instructions above are hinting at with the warning to examine the JS and remove any phone-home code. The original author defended the data collection as just enough to make sure the plug-in was working, except for study participants who apparently submitted much more information through the plug-in. Either way, I wouldn’t rush to install a plug-in that was caught sending any of my social media data to a 3rd-party server.

I certainly would not install a browser extension from an unknown 3rd-party website just to spite Facebook, regardless the claimed origin of the code.

No extension is needed. (I never use extensions for anything.) Unfollowing all friends is not complicated and can be done in a couple of lines of shell script, or using whatever programming language or HTTP client one chooses. Obviously, curl would work. There are a hundreds of ways to send HTTP requests. It is a very simple protocol. No POST requests are even necessary, only GET.

1. Log in to Facebook

2. Open "Developer Tools" (F12), select the "Network" tab, locate "Request Headers", Alt-click on "Cookie:" and select "Copy value". Use this in each HTTP request. Do not log out yet.

The URL for the Friends list is

   https://mbasic.facebook.com/friends/center/friends/?ppk=1

where 1 is the page number.

Using m.facebook.com as the domain will also work. There 10 friends per page.

3. Extract the UID for each friend from the HTML and create the new "unfollow" URLs.

   grep -o "uid=[^&]*" 1.html|sed 's>uid=/https://mbasic.facebook.com/a/subscriptions/remove?subject_id=>'

4. Log out.

Done.

Correction

Unfortunately we need a GFID in addition to the UID, so more steps are required

3. Extract and GET hovercard URLs.

   grep -o "/friends/hovercard/mbasic/?uid=[^\"]*" 1.htm|sed 's/%3D/=/g;s/%3A/:/;s>%2F>/>g;s/&/\&/g;s/%26/\&/g;s/%3F/?/;s>^>https://mbasic.facebook.com>'

4. Extract and GET profile URLs.

   grep -o "href=./[^*\"]*" 2.htm|sed '/?/d;/data\/manifest/d;s>href=.>https://mbasic.facebook.com>'

5. Extract and GET "unfollow" URLs

NB Making too many requests for profiles too close together may draw a temporary, limited block.

   grep -o "href=.[^\"]*" 3.htm|sed -n '/subscriptions/s>href=.>https://mbasic.facebook.com>p'

6. Log out.

Done.

The five Facebook cookies needed are:

c_user xs fr sb datr

Further reading:

https://techexpertise.medium.com/facebook-cookies-analysis-e...

https://cookiedatabase.org/cookie/facebook/

https://www.facebook.com/policy/cookies/

Guess who is going to be banned from Facebook ;-)

The next research group that tries to study the effects of Facebook on it users (and anyone who helps such research groups).

I don’t have Facebook installed, but assuming the process is the same on instagram, I reckon I could unfollow 1 person per second with the app.

Even after step 3 three above, I have to enumerate and curl each unfollow url, at some undefined rate limit.

So maybe 5 minutes of work to complete all the steps? ~300 followees to make scripting the chore worth the effort?

I tried to remove myself from all of Facebook's Audience-Based Advertising lists - the ones where companies upload lists of people that they want to target with ads.

https://www.facebook.com/adpreferences/ad_settings

I'm on over 300 lists. Removing myself from each one took 6 clicks. I tried to automate it with Selenium, but their bot detector caught it and banned my device from opting out of any lists (!)

I’m reminded of the infamous Dropbox comment. Chrome, for example, shows cookies on a tab (Application) other than Network for a while now. I have 7 cookies set, which should I choose?

The Devil is in the detail, and writing that script is far more work than installing an extension, which is just a convenient form of a script anyway (and one with details taken care of).

You cant select and copy all five cookies at once in the Applications tab, but you can in the Network tab. Personally I dont rely on Developer Tools, I capture cookies from the wire or from local proxy logs. I monitor traffic to/from my computers and my network, as many HN readers do.

I always thought that Dropbox comment was related to people trying to predict successful startups. No one can do that, certainly not HN commenters. Most VC investments are losses. Im an end user. I really dont care for discussion of startups or what makes software popular. Ive never used Dropbox, and I never will.

The Dropbox comment is a reference to how quickly devs will say "that's easy, just use X, Y, Z…"

I see you've already needed to post another comment to correct yourself, and now you've replied to me with more humps in the road. What next? Kubernetes set up on a Raspberry PI with a transparent proxy that uses a WebAssembly binary knocked up in Rust…

Perhaps it would be easier to install the extension and accept that sometimes it's easier to follow the well trodden path. YMMV.

UNIX is a well-trodden path. Older and more trodden than web browsers, Javascript, and "extensions".

The instructions I linked to have examining the javascript and removing all phone home stuff as step one. Considering this is hn I didn't feel like I had to point that out again.

Quite a few extensions have source available; you could survey the code and build it locally and load it from zip (Firefox) or crx (Chromium)

And yet on this thread no one seems to have taken a look at some of the... interesting things in the extension in question.

Sure, the extensions ecosystem is a cesspool, but you know you can use Chrome without extensions?

If you see bad behaviour from an extension, I would flag it on Chrome store.

As an extension developer, yes please do this. I get constant offers to "purchase" my extension from shady marketing companies, and it's obviously quite lucrative for them based on some of the offers they're making.

If extensions were shut down quickly for shady behavior there wouldn't be a market for it.