Facebook tracks you online even after you log out
Summary: Think logging out of Facebook means the social network can't track what you're doing online? Think again.
Update: Facebook denies cookie tracking allegations. The original article is below.
Facebook has had privacy issues for a long time, and while the company has been working to improve its image, today's episode will likely set it back once again. Thanks to a modified cookie, Facebook allegedly knows what you're doing online even when you're not logged in.
At least that's what self-proclaimed hacker Nik Cubrilovic claims. After running a series of tests analyzing the HTTP headers on requests sent by browsers to facebook.com, he discovered that Facebook alters its tracking cookies the moment you log out, instead of deleting them. Since your uniquely identifying account information is still present in these cookies, Facebook can continue to track you, Cubrilovic argues.
This means that if you log out of Facebook, you're not really doing much. If you then head to a website that contains a Facebook plugin, your browser will continue to send personally identifiable information back to Palo Alto. Here's Cubrilovic's explanation:
With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. The only solution to Facebook not knowing who you are is to delete all Facebook cookies. You can test this for yourself using any browser with developer tools installed. It is all hidden in plain sight.
So how do you get rid of these Facebook cookies in a way that will still let you use the service? Well, you can delete them every time after you log out of the website. Alternatively, Hacker News user buro9 says you can use the following AdBlock Plus rules:
facebook.com^$domain=~facebook.com ~facebook.net|~fbcdn.com|~fbcdn.net facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
This will supposedly limit your usage of the social network to just facebook.com. If you need to use it on another website, you can temporarily whitelist it with the AdBlock switch.
If what Cubrilovic found today ends up being true, this could be a serious problem for Facebook. I have contacted Facebook for more information on this issue.
This is actually similar to the scrutiny Facebook has faced in Germany, especially recently. See the links below for full coverage.
See also:
- German minister tells colleagues to avoid Facebook
- Facebook agrees to sign voluntary privacy code in Germany
- German website creates two-click Like button, Facebook not amused
- Germany: Facebook Like button violates privacy laws
- Germany: Facebook facial recognition feature violates privacy laws
- Facebook offers new privacy policy for regular people
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
;)
RE: Facebook tracks you online even after you log out
Spooky.
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
When did Google becomes a 'trustworthy' company??? Did I miss a memo?
RE: Facebook tracks you online even after you log out
This is why I use adblock, Ghostary, and noscript.
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out
You are 100% correct.
My friend and I were only discussing this yesterday.
Someone needs to tell advertisers that all of their crappy noisy ads are being blocked.
If they only used the old school static ads, people might actually see them instead of blocking them.
Of course instead of demanding that sites use static ads, they'll demand that more garbage js routines be added to pages.
Therefore the "arms race" (advertisers vs users) will continue to escalate.
@jollygreenguy@
I'm not demanding a free lunch.
I just don't like being continuously blasted with ads for offensive garbage at 100dB+.
RE: Facebook tracks you online even after you log out
Also please know that also when you're logged in (or out) we don't use our cookies to track you on social plugins to target ads or sell your information to third parties. I've heard from so many that what we do is to share or sell your data, and that is just not true. We use your logged in cookies to personalize (show you what your friends liked), to help maintain and improve what we do, or for safety and protection.
RE: Facebook tracks you online even after you log out
I believe what you're saying, but I think the thing that worries people is that Facebook [i]could[/i] use the cookies for tracking purposes. Even if the tracking is benign, it's still more tracking than people seem willing to accept (at least some people).
RE: Facebook tracks you online even after you log out
Yes I understand the concern, and there are so many memes about us tracking to sell data, which are completely false and so hard to dispel. My hope here is that by being transparent about what we do with these cookies and systems that people will better understand so they can make the informed decision that works best for them. We do make all of our work on this thinking about the people who use Facebook.
If it helps another engineer in the team, Gregg, posted more technical details at Nik's blog: http://nikcub-cache.appspot.com/logging-out-of-facebook-is-not-enough
RE: Facebook tracks you online even after you log out
RE: Facebook tracks you online even after you log out