His follow-up post describes Facebook’s response, but the ‘tracking’ cookie to which I was referring has not been removed. According to Nik’s post, Facebook admit this will remain after logout to track the browser, but for ‘safety and spam purposes’.

According to this WSJ article, ‘not all of the data is logged’. That’s good.

The bottom line for me is that Facebook are so powerful that they need to be as answerable to their populous as a government. That means a certain level of transparency and being clear about their intentions. If they go back on their word, who holds them accountable? Are our laws even adequate? Should Facebook be audited, or should we just trust them?

I don’t expect I’d be too happy about having my servers audited, but I’m not Facebook. When nearly half a billion people log into your site each day to give you their data, you have a serious amount of responsibility on your shoulders.

Appendix

As it happens, I couldn’t replicate Nik’s findings. He found that the user ID cookie was not deleted at log out and continued to be sent to Facebook. I can’t explain that; but regardless, my issue was with an anonymous tracking cookie that remains today.

Here’s a quick technical explanation of how this tracking would be possible.

The cookie I refer to is an anonymous identifier with the name datr. This is set when you visit facebook.com, regardless of logging in. Once you do log in, its value does not change. Crucially, when you log out the value does not change either. This means that subsequent Like button impressions could be associated with your account despite your user ID no longer being sent along with it. If the full dataset was stored it would be trivial to associate this anonymous browsing data with your account.

Wow.

This adds a “Health and Wellness” Life Event to your Timeline.
(Timeline is new Zuckspeak for Wall, and Wellness is American for, erm.. Health)

Why would you tell a company that sells data that you were ill? … seriously, why?

I’ve already written my theories about what markets Facebook could enter with this kind of data at their disposal. I wrote about it on my own blog, and later a much shorter piece for NMA.

Previously I wrote about the problem of extrapolating this data from ‘noise’ and how the technology to do that doesn’t seem to have arrived yet. A nearer-term solution would be to get people to voluntarily participate in medical history form-filling in order to to structure that data. The Timeline seems like the perfect vehicle.

I’m staggered to see this so quickly. It seems like a very bold addition and I’m wondering whether the appearance of Google+ has caused Facebook to act more hastily than usual. They’ve been nudging us for years, but they seem to have suddenly given us a rather big push. Some will revolt, but will it put a dent in their 800 million? Unlikely, but never say ‘never’.

“If you don’t like it, why don’t you quit?”

This morning I read Chris Applegate’s post about quitting Facebook. As much as I sympathise, I’m not quitting. Here’s why.

It’s ‘normal‘

I don’t want to be absent from Facebook any more than I want to be without a telephone. Quitting Facebook is – to me – opting out of a societal norm. There are serious limits to the practicality of this.

For all my nerdy ramblings about privacy and such, I want be normal as much as anyone. If the vast majority of society are on Facebook, then that’s where you’ll find me. If that makes me a sheep then fine – throw one at me.

In terms of the day-to-day, I don’t want to miss out on things such as event invitations, or holiday photos. When meeting new people, saying “look me up Facebook” has become almost as common as swapping phone numbers.

Internet ID

You can’t get a job without a fixed address and these days it’s almost impossible to sign up for anything without an email address. What’s next? What if not having a Facebook account was suspicious? If Facebook ends up becoming some sort of Internet ID (I’m not joking) then being absent could be problematic.

Facebook seems to be very keen on your real identity to the point that it’s against their terms of use to have multiple, personal accounts. Eric Schmidt has referred to Google+ as an identity service, but Facebook are many miles ahead.

You might be against such a concept, but if 800 million other people don’t agree with you, then how feasible is your opting out going to be?

Move to Google+?

The only purpose of Google+ at the moment appears to be keeping Facebook on their toes. We don’t really know what role Google+ will play in future – whether it will house Facebook refugees, or whether the two will coexist with differing, even complementary roles. All I know now is that it’s not a satisfactory alternative if I were to quit Facebook.

I’m in control

At least I assume I am.

If I don’t want to upload my baby photos to my Timeline, I don’t have to (and I won’t). Of course I don’t want to see ex girlfriends in my Timeline, but I won’t; I’ve already removed them. I don’t have to read the Guardian inside a frictionless Facebook app so everyone can see what I’m looking at, I’ll just go to their site (for now).

While I still have these choices I’m relatively happy and will simply manage my account as I see fit. If these actions somehow become inescapable, then perhaps I will think again, but for now I see no immediate reason to delete my account.

Another F8, another set of powerful new features, and yet I’m not surprised by any of them. I’m not saying I predicted them (I didn’t) but the announcements are typical of what I see as a clear pattern in Facebook’s evolution.

Without discussing specific features, the pattern of Facebook’s ‘progress’ typically adheres to these traits:

1. More connections;
2. Less friction;
3. Deeper integration.

That’s Facebook marketing language. I interpret these traits follows:

1. More data;
2. Less opportunity for users to think;
   
3. Placing Facebook at the centre of the Web.

Yes, I’m a cynic. Did you not know?

1. More connections, more data

You are the product. Increasing connections increases Facebook’s yield. The more demographic and behavioural data the company can collect, the more valuable and powerful they become. This is their business model. We know this.

I’m comfortable with the arrangement, because I feel as though I’m in control. However, the data from others is just getting too noisy for my liking. The new Graph connections (compounded by the following point) could result in realtime information overload. Is there any limit to what can be connected? “Tim W opened his fridge door”.

2. Less friction, less thinking

This is where Facebook excel. Their subtle UI changes over the years are quite ingenious. Adding your face next to a comment form below every item encourages us to contribute more. Increasing our engagement while increasing their yield. I bet it was a very successful tweak.

I noted today that the new Guardian app doesn’t have the standard permissions dialogue explaining that the app will post to your wall. Instead the Connect button says “Log in and add to Timeline“. The user will give less thought to what data they are publishing.

This could be considered good UX (and it is) but it’s also another nudge towards absolute complacency.

3. Facebook at the centre of the Web

Of course this is a figurative centre – What I mean is that Facebook are increasingly a platform on which everything else is merely a ‘social app’ (in Zuckspeak). Facebook define themselves as THE social layer of the Web, much as the Web is THE media layer of the Internet.

So, if everything on the web were social, then Facebook would be everything, right? Zuckerberg said at F8 that some things, such as Healthcare and Finance, would not be social “for a while”. That man has goals.

Prophesying aside, the fact that today major brands advertise their Facebook page on television rather than try to drive traffic to their own URLs demonstrates how effectively Facebook have manoeuvred themselves into this position over the past few years.

This is a powerful position to be in. Fortunately there is competition. Facebook will have to fight Google for the centre of the web. That’s a topic for another post. It’s going to be an interesting couple of years ahead.

I firmly believe that if any company can dethrone Facebook, that company is Google. But from what I’ve seen of Google+ so far, I can’t quite imagine a MySpace-style emigration happening just yet.

I’ve recently been asking Google+ fans to give me a good reason to use it. By far the most popular answer to my question is that it provides better privacy and filtering options.

Circles is great. It’s about as simple to use as it can be, but I don’t believe it’s anything like a game-changer.

Facebook already has friend lists

In terms of who you share with, Facebook has had ‘friend lists’ for some time. Not only does Facebook have these, but it also allows ad hoc exclusions for individual posts. I can share something to my ‘Family’ list, but exclude Mum if I choose to. As far as I can see, G+ doesn’t support this. Of course Google can add it in future, but my point is that the Circles concept is not a USP; it’s just centre-stage and has a better UI.

Nobody knows about friend lists anyway

Facebook friend lists appear to be a little-known, or at least little-used feature. This is possibly due to being somewhat hidden, and this in turn is possibly because Facebook don’t really like you to be particularly private.

Facebook have already reacted to G+ by surfacing these features through an improved UI. If they think they’re likely to lose users to G+ on account of Circles then they can bring Friend Lists into greater prominence. They’re in a strong position to do so; they already have the infrastructure and I doubt that most of their audience even know about G+ yet.

It’s complicated

I’ve used lists a lot. I have lists of people who live near me, lists of my closest friends, list of people I have professional connections with; even lists of people I follow on Twitter. Managing these lists is not just time consuming, but it’s much more complicated that it sounds. As soon as you opt to conduct yourself in this way you start seeing how difficult it really is.

Life is more complicated than putting people into neat little pigeon holes with labels on them. Have you ever tried to throw a party and only invite people from a certain corner of your life? There’s always a guest you have to invite for ‘political’ reasons, or a guest who won’t come unless some other person is there; or isn’t there. You probably like some of your work colleagues while thoroughly disliking others. It’s never as straight-forward as you’d hoped.

And then there’s the great ‘offline’ loophole. Maybe I want to share something with just the boys, but my brother is checking Facebook while sat next to his wife. All the privacy settings in the world can’t get around that.

So, I gave up. I only maintain a single list nowadays.

If something really needs to be hidden from people then you probably shouldn’t be writing it on the Internet anyway. (not that I take my own advice).

But Circles filters your Stream too.

This is a good feature. I prefer it to Facebook’s obscure Edgerank algorithm, or whatever mysterious methods they’re currently using to filter your News Feed. References to ‘top stories’  (or ‘highlights’ as they seemed to be called last week), or News Feed vs Most Recent feeds – it’s all rather confusing and I think Facebook need to sort it out.

The point is that they can sort it out. If Facebook users start adopting friend lists in greater numbers, then perhaps Facebook will support lists in the News Feed settings. Perhaps they’ll make these settings more prominent too, as they’re currently hidden at the bottom of an infinitely scrolling page, such that you have to hit the ‘End’ key to reach it.

All of this is solvable by Facebook, and what’s more they can learn from what the early adopters say about G+ before the majority of their user base are even aware that it exists.

Do people even want privacy?

This is the ultimate question in my mind. Social networks offer privacy features because enough of us demand them, but I’m not convinced that privacy is so important to the average Facebook user that they’d jump ship to improve it. If Facebook friend list adoption doesn’t increase after some UI changes, then perhaps it’ll be because people aren’t that interested in the feature, or have found it as complex as I have. Even if people say they want this functionality, will they actually use it?

I’d like to eat my own words on this front, but I see little evidence that orthodox privacy concerns are of much importance to ordinary users. Perhaps Google would do well to observe how teenagers appropriate their own privacy techniques regardless of the tools designed for them by adults.

Circles isn’t a killer feature

It’s not like Google aren’t innovative. In addition to their wide range of indispensable services, they will eventually have a the browser, the mobile and maybe even the desktop sewn up. But a social hub that ties all of this together is going to need a killer USP to start a Facebook exodus, and I don’t think we’ve seen it yet.

Whether Circles is better than Facebook’s privacy model or not, I think Google need to get better at coming up with social features we actually want, even before we know it ourselves. This is one of Facebook’s great strengths and I’m not sure Google are too great at it.

I love this. The simple idea that yesterday’s wall posts are yesterday’s news. Not only may they be irrelevant, but once forgotten who knows how they may come back to bite you? They’re still there, discoverable by other users and of course by the API.

These insights challenge my assumption that the next generation of adults won’t care about privacy. Teenagers may not have quite the same concerns as I do about these issues, but it’s fascinating to see how a website (designed by adults) leaves them to solve their own problems their own way.

The paranoid bit

Whitewalling in particular got me thinking about the notion of digital permanence. That the data we pump into the Internet is quite possibly going to live forever, or at least as long as we do. That raises questions about what it could be used for in a future we don’t yet know.

Fast forward to some advances in artificial intelligence and changes in the law: suppose ten years of Facebook wall posts could psychologically profile you such that your credit rating is affected, or an insurance company won’t insure you. Worse still, suppose you got into trouble with the law – even accidentally. How might this profile affect your chances of a fair trial? I know I sound paranoid, but if this data serves you no purpose then you may as well delete it while you can.

The personal bit

I was at a dinner party last week discussing my personal life. The previous two months had been a disaster – I wanted them erased. What was standing in the way of that? A permanent record of everywhere I’d been, what I was thinking/saying, and to whom – all nicely supported with photographic documentation.

“.. his Myspace page still says “Status: Horny”
30 Rock – 3.13

It wasn’t just the social corpus either. It was how status updates and comments between people were used to exemplify a situation – to infer what people might be doing, or thinking. The number of times Facebook came up in conversation was sickeningly profound. Despite being in our 30s, we sounded like a bunch of teenagers.

“.. she just changed her status from ‘working on it’ to ‘weirdsies’.”
30 Rock – 4.8

The bit where I try Whitewalling

Four years of verbal diarrhoea is a lot of data to delete by hand. As a developer I figured there must be a quick way to do this. First of all I tried to build a Facebook app to wipe my wall back to the day I joined Facebook, but it turned out to be technically impossible. So, I started deleting posts by hand, one at a time; sometimes requiring up to three clicks. I conquered a year in about two hours and gave up for fear of RSI. I’ll do the rest later… probably.

It was quite a trip down memory lane. And along the way I found examples of exactly why it was a good idea. Comments about people who at the time weren’t on Facebook; who became friends later on. Comments from ex-girlfriends that could jeopardise future relationships.

It wasn’t just posts to my own wall either; it was comments on other people’s content which was most time-consuming. Deleting these would mean not just deleting the post, but clicking through first and deleting the comment. What a nightmare.

The bit at the end

If there was any point to this post at all, it was to say: This data will live forever. You don’t know how technology, law and privacy will change in the future. So whether you welcome or fear your Zuckerbergian future, just remember that this data is yours, and you still have power to delete it if you choose to do so.

]]> http://timwhitlock.info/blog/2011/01/20/whitewalling-and-digital-permanence/feed/ 1 http://timwhitlock.info/blog/2011/01/07/is-facebook-tracking-your-web-browsing-history/ http://timwhitlock.info/blog/2011/01/07/is-facebook-tracking-your-web-browsing-history/#comments Fri, 07 Jan 2011 19:24:43 +0000 tim http://timwhitlock.info/?p=1016 I recently saw this paper: “Facebook Tracks and Traces Everyone: Like This!”
(download the PDF)

Short version

Zuckerberg's 'open' and 'connected' world

Every time you merely visit a site that displays a Like button, data is sent to Facebook which includes the address of the site you are visiting. Assuming you’ve also logged into Facebook, they have all the information they would need to associate these external page views with your Facebook identity.

What are they actually doing with this data? Possibly nothing, but I don’t see any statement saying “Don’t worry, we don’t store web page URLs you view, even though we could“. The usual guff about ‘anonymized’ data and cookies being required for functionality doesn’t quite cut it with me. This is Big Brother stuff, and they need to be crystal clear about what they could do and what they are doing.

Long version

I can’t say I’ve thought about this until now, and it’s nothing particularly new on the surface anyway. Banner ads have historically been able to track your browsing history. Each advert sets a cookie in your browser, (just a simple identifier). When you visit another site with ads served by the same provider, this cookie will be sent back with the referring URL.

Bingo! The ad provider knows a portion of your browsing history. Of course the ad serving company may have no idea who you are – you’re just a number. But the same can’t be said of Facebook.

This privacy leak with display advertising is easily plugged by your browser refusing third party cookies. It knows that the ads aren’t what you’re really visiting for – these cookies probably don’t enable any useful functionality, so they may as well be blocked – no harm done.

So all good then, just block third party cookies and Facebook can’t track you? Not quite!

The Like button is different to dumb display advertising because the ‘third party’ is a site you’re actually going to visit. As a Facebook user, even if you’re blocking third party cookies, you’re still going to be sending back this data.

Here’s a bit of techie explanation of how Facebook gets around third party cookie blocking -

The third party cookie loophole

If you visit facebook.com directly (nevermind logging in – just visit) the tracking cookie will be set in your browser, because it isn’t [in this instance] third party. To avoid this, you’d have to set your browser to completely reject all persistent cookies. This is problematic and most browsers don’t provide very good options for this.

The upshot of this is that after visiting Facebook, the tracking cookie will still be sent to Facebook when any Like buttons are loaded on other sites, regardless of third party cookie blocking settings. This actually makes sense, because this is exactly what cookies are designed to do.

I tested this in Chrome, Safari and Internet Explorer and they all render third party cookie blocking useless once you’ve visited facebook.com. Interestingly, my version of Firefox seems to be extra strict – it recognises that this cookie was originally third party and refuses to send it. (This actually breaks the like button, because it doesn’t know when you’re logged in to Facebook).

Even if you log out of Facebook, the tracking cookie is still sent, because the cookie has a two year expiry. The only way to avoid this is to delete all Facebook cookies from your browser, or surf in your browser’s incognito/anonymous mode.

What next?

First of all, I wouldn’t be surprised if we started seeing Facebook-served advertising outside of Facebook.com. This would give Google AdWords some serious competition. (I’d welcome that in itself). They just got a nice bit of pocket money to get cracking on a project like that.

But there’s still this invasion of privacy to deal with. We can debate the small print all day, but I don’t see any clear statement from Facebook that they aren’t associating passive browsing data with specific Facebook accounts, and I doubt very much that the average Facebook user is aware they have this power.

Facebook in your pocket

I’ve half joked about this numerous times – The likelihood that Facebook will produce a physical device that carries your ID; a device that allows you to make payments, sign into other devices, etc.. A quick Google shows I may not be completely insane after all – Facebook flirts with RFID.

The images to the right are the product of my questionable Photoshop®­­ skills and paranoid imagination. But am I crazy?

We (the UK) are a country that said “no to ID” . If asked, most of us will probably say we dislike the concept of a Big Brother state, and yet we are more than happy to surrender our identity to Silicon Valley in exchange for some neat sharing tools. Facebook is aggressively collecting mobile phone numbers, and credit card numbers. They know your name, your location, your employer, your family and friend connections, and obviously what you look like. They already have the foundation of a virtual currency and [I'd imagine] have enough data on most of us to run a pretty decent credit check.

So, do we really object to the concept of carrying around identification? I’m willing to bet that if Facebook incentivises us to carry our ID around on a physical device, we’ll lap it up. Incentivising us to use features we didn’t know we needed is something that they’re rather good at.

I’m aware that this smacks of the various RFID conspiracies coming out of America, and whatever you do, don’t Google “Facebook CIA”. I’d better digress before the black vans come.

Death of the address bar

I’ve said it before and I’ll say it again: the URI is on its way out as a way for normal people to interact with the web.

If you want an indication that there is a trend in this direction, take a look at the top search terms of 2010. “Facebook login” is up seven places on last year, from ninth to second-most searched term. What does this mean? It means people in general do not want to use the URI as a user interface. It also means most people don’t use bookmarks, even for something they use every day.

Sir Tim Berners-Lee defines the World Wide Web as an application that runs on the Internet. A useful distinction, but it seems it isn’t destined to remain an application that humans use as directly as they have in the past. Abstraction will continue to creep in. There has been [for some time] an application running on top of the web – it’s called Search, and it has won.

We can debate whether this user-friendliness is for our benefit, or whether it’s just the corporations dumbing us down, so we increasingly depend upon them. But I shan’t bother to argue that, because I feel it’s inevitable anyway – there’s no fighting progress.

So my prediction for 2013 is that the address bar will be at most an optional feature of the next generation of web browsers, a feature only used by developers and old fogeys, like me.

Consumer OS

When I first started using the Web (in the late ’90s) the distinction between being online, and being offline was very clear. Firstly, you had to sign into your ISP, and secondly you had to launch a web browser program (as we more-or-less still have to). It was also very clear when you were accessing data or applications on your local system, and when you were accessing data, or applications on the Internet.

This distinction is eroding. And we are at a pretty significant cross-roads.

Google, above all other consumer-facing technology firms, seem to be making the strongest moves to obliterate the distinction between browser and desktop. Chrome OS takes away the “headaches of [using] ordinary computers” (thank God).  Not only does this (along with Apple’s Mac App Store) move the proprietary app store trend along from being strictly ‘mobile’, but it points to some other pretty incredible paradigm shifts too. How about a persistent social layer for your browser? In fact, why bother signing in and out of Google at all? Why even be concerned with whether you’re ‘on Google‘, ‘on the Internet‘, or even ‘in a browser‘? – you’re just living your life. We all use multiple devices  nowadays, but even the iPhone seems archaic with its manual syncing rigmarole. How great if  “your stuff was just there”? (There Google, you can have that slogan for free).

This seems a natural progression of consumerised computing, which has been going on for decades. The word ‘Cloud’ is already being drummed into consumers’ heads, despite it being in its infancy even in the IT industry. Microsoft’s “To the Cloud” ad campaign has hit UK television screens, and the word ‘Cloud’ itself [with all its meaningful meaninglessness] continues to be an irritating marketing buzz word.

So my prediction for 2013 – Desktop machines (assuming we still want those) will ship with a choice of totally locked down operating systems from Microsoft, Apple, or Google (at least there’s choice). Installing software from their proprietary stores will make installing your own software (from a DVD, or dodgy download site), look seriously Cyberpunk! It seems unlikely that even Google will create a social network to rival Facebook, so I expect all these offerings will have persistent, transparent Facebook integration.

1. Facebook announced their new messaging system. Project Titan, ‘Gmail killer’, etc..
2. A series of fake Twitter accounts sprung up, offering invites to Facebook’s new system.

Zuckerberg (referring to the ‘problems’ with email) drops in the phrase “cognitive load”. Translation: “thinking too much”. Why have a subject header, for example? There are reasons of course, but largely to do with context, and Facebook is a different context – one that requires less thinking, naturally.

Shortly after the Facebook announcement, I spotted two Twitter accounts fb_com and FBeMail, offering invites to the new messaging system in exchange for retweets and follows. Not an uncommon practice, but if you stop to think for a moment, you might decide that they look a little suspicious. Those with industry knowledge and technical know-how might spot numerous flaws, but the average user only has their common sense. And that’s the problem – Common sense isn’t enough for most people to notice that these accounts are fake, and most likely scams.

This got me thinking [as I often do] about the darker side of companies making technology easier for us.

Progress

Ever since computers entered our homes, most progress has involved making things simpler for the end user. Companies like Microsoft have abstracted the complexities of computing such that we don’t need to worry about them. Simplification is synonymous with good user experience, and who could argue that this is a good thing?

This progress continues today. Google have simplified the address bar in Chrome – You don’t have to worry about that nasty “http” bit anymore, and if you don’t know the address you want, it acts like a Google search too. I imagine the ugly, technical nature of the URL will eventually be hidden completely; you will trust your machine implicitly as to whether a site is legitimate and secure.

With Apple’s iOS, you don’t have to cope with the danger, and complexity of installing software. It’s all packaged up for you in a nice, safe abstraction. I expect this model will be common in desktop computers before very long.

Think less, depend more

I’m not arguing that a simple, low-friction user experience is a bad thing, but that doesn’t mean there isn’t a flip side to this as the general direction of progress. We have been raised on computers. But we have been raised to be ignorant, complacent and dependent. The software giants have transformed our lives [arguably] for the better, but have left us insufficiently empowered to cope with rogue elements when they strike. Phishing attacks succeed for this very reason, as do the Twitter scams I mention above.

Ironically, as technology companies rush to solve these problems, they leave us even less able to understand and deal with the problems ourselves. Dependency is the price we pay for progress, and it had to happen this way. The speed of progress is accelerating and corporations aren’t gong to hang around for us to understand technology. All that can happen now is that we will be wrapped in more cotton wool.

To create this badly photoshopped image for my DevNest talk, I took Facebook’s Connect dialogue and spliced it with Twitter’s new design for their Anywhere platform.

Take in its beauty, and then I’ll explain …

This image is a mock-up – it is not Twitter, or TweetDeck official. (just covering my back, ok?)

Extended permissions

Note the icons on the left, particularly where it states you are granting permission for the developer to access your direct messages and tweet from your account. Does the app you’re accessing need to do perform these actions? If it needs to do one thing, should it be able to do all things? I caused a minor storm when I pointed out that any application you authorize can read your DMs. This is why Twitter (if they want to conquer the mainstream) need to follow in Facebook’s footsteps.

Facebook call this approach ‘extended permissions‘. Currently the Twitter API only supports two access levels: read-only, or read+write. For example: Read access would be required to access your direct messages. Write access would be required to send them from your account.

This access level decision is taken by the developer, not the consumer, and it’s currently very badly expressed to the connecting user via the UI. It’s worth noting that extended permissions are not a part of the OAuth spec itself, rather they are an extra layer on top that is specific to the vendor. Perhaps it should be a part of the spec.

Whether anyone questions an application’s need for write access is an issue in itself, but this is compounded by the fact that write access basically means maximum access. My site TwitBlock needs write access to report spam, but I don’t need (or want) to be able to tweet from your account any time I like.

Reporting applications

Note the ‘report this application’ link in the mock-up – Remember Twifficiency? Not the first auto-tweeting app I’ve grumbled about. Regardless of the case specifics, application developers need to be responsible for what their application does.

OAuth means that Twitter can trace any API access back to the application owner, and revoke access. A good start, but it’s not easy [enough] to report a Twitter application. Facebook have a ‘report’ button on connect dialogues and application profile pages. Twitter require you write out a support ticket. How many people know how to get to that page?