Privacy groups ask FTC for Facebook investigation too

Privacy groups ask FTC for Facebook investigation too

Summary: 10 consumer and privacy groups have asked the Federal Trade Commission (FTC) to investigate Facebook. This is the second request to the FTC for a probe of the social network this week.


10 public-interest groups have asked the Federal Trade Commission (FTC) to investigate Facebook's various business practices. This demand comes right after two similar ones this week: two US congressmen asked the FTC to investigate how Facebook's cookies behave, and Ireland's Data Protection Commissioner has agreed to conduct a privacy audit of Facebook. Given that the social network's international headquarters is in Dublin, the latter is the more serious one as the larger majority of the site's users could be affected.

The consortium of US consumer and privacy groups wants the FTC to look into allegations that Facebook tracks its users even after they log out of the social network, an issue the company says it has since fixed. They are also concerned about its "frictionless sharing" feature that is available on the newly launched Ticker and the upcoming Timeline and Open Graph rollout announced at f8 last week. Last but not least, the agency is being told to examine whether the new Ticker and Timeline features boost privacy risks for users by combining biographical information in an easily-accessible format.

If you want more information, one of the members of the group, the Electronic Privacy Information Center (EPIC) is hosting the full 14-page letter (PDF) that was collaboratively written to the FTC. Alternatively, this excerpt from the introduction should give you the general gist:

Facebook's tracking of post-log-out Internet activity violates both the reasonable expectations of consumers and the company's own privacy statements. Although Facebook has partially fixed the problem caused by its tracking cookies, the company still places persistent identifiers on users' browsers that collect post-log-out data and could be used to identify users. "Frictionless sharing" plays a leading role in the changes Facebook announced at the recent f8 development conference, and works through the interaction of Facebook's Ticker, Timeline, and Open Graph. These changes in business practices give the company far greater ability to disclose the personal information of its users to its business partners than in the past. Options for users to preserve the privacy standards they have established have become confusing, impractical, and unfair.

The Electronic Privacy Information Center ("EPIC"), The American Civil Liberties Union, The American Library Association, Bill of Rights Defense Committee, The Center for Digital Democracy, The Center for Media and Democracy, Consumer Action, Consumer Watchdog, PrivacyActivism, and Privacy Times recommend that the Commission investigate whether the changes recently announced by Facebook are consistent with the policies and representations that were in place when consumers provided their personal information to Facebook or whether they constitute unfair and deceptive trade practices, in violation of consumer protection law in the United States.

This past weekend, self-proclaimed hacker Nik Cubrilovic accused Facebook of tracking its users even if they log out of the social network. He explained that even after logging out of the service, whenever he visited a website that had a Facebook plugin, information including his account ID was still being sent to Palo Alto.

The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. The company explained that it does not track users across the Web and its cookies are used to personalize content. As for the logged-out cookies, Facebook said they are used for safety and protection.

After a long technical discussion, Cubrilovic confirmed Facebook made changes to the logout process, and that the cookies in question now behave as they should. They still exist, but they no longer send back personally-identifiable information after you log out. The company also took the time to explain what each cookie is responsible for.

Cubrilovic offered the following conclusion to the whole fiasco:

Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc. I would still recommend that users clear cookies or use a separate browser, though. I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and to take initiative in remaining safe.

Facebook engineer Gregg Stefancik made this concluding statement in a comment on this blog:

I'm an engineer who works on these systems. I want to make it clear that there was no security or privacy breach. Facebook did not store or use any information it should not have. Like every site on the internet that personalizes content and tries to provide a secure experience for users, we place cookies on the computer of the user. Three of these cookies on some users' computers included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won't include unique information in the future when people log out.

I have contacted Facebook for more information about this issue and will update this article if I hear back.

See also:

Topic: Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Privacy groups ask FTC for Facebook investigation too

    For some reason Facebook attacked for privacy concerns not microsoft or other sites. After this point it's hard to think any illegal activity may be thought together with <a href="">Facebook</a>. It's probably the most successful site ever done yet on web history. People protest only because they afraid of Facebook getting bigger and use it's power position to enslave people.
    • RE: Privacy groups ask FTC for Facebook investigation too

      Well, Facebook login apps, comment apps, and like/dislike apps are everywhere on the net. It's too pervasive.

      Anybody who's not carefully paranoid about internet privacy and just goes along with FB, can have his/her comments and activity tracked by FB.

      Microsoft does have its Microsoft Sign-In functionality, but I haven't seen it much in use on the net, compared to FB. And also, most things MS does is already under a magnifying glass by the authorities.
  • RE: Privacy groups ask FTC for Facebook investigation too
  • RE: Privacy groups ask FTC for Facebook investigation too

    Good! fb just PI**ES me off. Having to opt out of being "spied" on, having to opt out of almost everything so that your "friends" don't think that you are endorsing some B.S. product or scam. The 1st clue should have been that Zuckerberg's former partners were suing him left right & center.
  • RE: Privacy groups ask FTC for Facebook investigation too

    Here's a hard to find link. It's a way to actually DELETE your account on Facebook, not just allow it to continue to exist until you log back in. The hard part now is going through with it (I know I haven't yet).<br><br><a href="" target="_blank" rel="nofollow"><a href="" target="_blank" rel="nofollow"></a></a><br><br>You have to admit... it's a 'put your money where your mouth is' opportunity.
  • RE: Privacy groups ask FTC for Facebook investigation too

    [i]Earth to EPIC and FTC[/i]: Hi! Nice to meet you!
  • RE: Privacy groups ask FTC for Facebook investigation too

    If you want all your digital files safe checkout They let you store photos, video, music and documents. Full streaming UI, the best I've ever seen and 10gb of free storage to boot.
  • RE: Privacy groups ask FTC for Facebook investigation too

    Privacy is a grave issue facing us all online today and the simplest route to <a href="">success</a> for the user/provider relationship is for the provider to offer a simple option form so the user can choose between showing their material to a select few or the whole world. However, the issue with Facebook is that they are cashing in by selling users' personal data as demographic advertising opportunity and basically their entire revenue model is based on selling the data users enter to join for free, to advertisers worldwide.
  • RE: Privacy groups ask FTC for Facebook investigation too
  • RE: Privacy groups ask FTC for Facebook investigation too

  • RE: Privacy groups ask FTC for Facebook investigation too

    ==== <a href="" target="_blank"></a> ====
  • WHY???

    I mean it's a freebie and no one is twisting anyone's arm to join the silly thing. So folks just NEED something to whine about.
  • I am curious

    I wonder how many of these groups have suddenly done this at Google's request?

    Tim Cook
  • RE: Privacy groups ask FTC for Facebook investigation too

    Earth to EPIC and FTC: Hi! Nice to meet you! <a href="">banyo dekorasyon</a>