US congressmen ask FTC to investigate Facebook cookies

US congressmen ask FTC to investigate Facebook cookies

Summary: Edward Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, have asked the Federal Trade Commission (FTC) to investigate how Facebook's cookies behave.


Two U.S. congressmen today asked the Federal Trade Commission (FTC) to investigate recent accusations that Facebook tracks its users even after they log out of the social network, an issue the company says it has since fixed. Edward Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, want the FTC to take a closer look at Facebook's business practices.

You can read the full two-page letter yourself: FTC Facebook Letter – September 28, 2011 (PDF). I've also typed up the relevant excerpt below:

Facebook has admitted to collecting information about its users even after its users had logged out of Facebook. Facebook was able to obtain this information when users visited websites that connect with Facebook, including websites with "Like" buttons. There are an estimated 905,000 sites that contain the "Like" button.

As co-Chairs of the Congressional Bi-Partisan Privacy Caucus, we believe that tracking user behavior without their consent or knowledge raises serious privacy concerns. When users log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities. We believe this impression should be the reality. Facebook users should not be tracked without their permission.

This past weekend, self-proclaimed hacker Nik Cubrilovic accused Facebook of tracking its users even if they log out of the social network. He explained that even after logging out of the service, whenever he visited a website that had a Facebook plugin, information including his account ID was still being sent to Palo Alto.

The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. The company explained that it does not track users across the Web and its cookies are used to personalize content. As for the logged-out cookies, Facebook said they are used for safety and protection.

Yesterday, Cubrilovic said Facebook made changes to the logout process, and that the cookies in question now behave as they should. They still exist, but they no longer send back personally-identifiable information after you log out. The company also took the time to explain what each cookie is responsible for.

Cubrilovic offered the following conclusion to the whole fiasco:

Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc. I would still recommend that users clear cookies or use a separate browser, though. I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and to take initiative in remaining safe.

Facebook engineer Gregg Stefancik made this concluding statement in a comment on this blog:

I'm an engineer who works on these systems. I want to make it clear that there was no security or privacy breach. Facebook did not store or use any information it should not have. Like every site on the internet that personalizes content and tries to provide a secure experience for users, we place cookies on the computer of the user. Three of these cookies on some users' computers included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won't include unique information in the future when people log out.

See also:

Topic: Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Law Enforcement Tool?

    Its likely that deviant cookie behaviors has been a beneficial tool for law enforcement and forensics.

    The question is, what benefit does face book (and others yet to be discovered) get out and how much money they make with covertly tracking its users, once they are logged out?
    • RE: US congressmen ask FTC to investigate Facebook cookies

      @databaseben@... I sure wish I knew the answers to the questions. In the meantime, I am once again going to disable my FB account...for at least the twentieth time. What is even more disturbing to me is that fact that I never found a way to delete the account, totally removing it from the ether. I am not an IT engineer or tech; I'm a disenchanted user who has grown very weary and wary of the constant changes that confuse users about who see what, who uses what of the material they see, etc., etc. I'd gladly give any legit law enforcement officer access to anything on my facebook account, but I am getting angry about the entire world being able to do, apparently, whatever they care to with it.
      • RE: US congressmen ask FTC to investigate Facebook cookies

        Well, if you have nothing to hide...I'll be the first one to bake you a fresh batch of oatmeal raisin cookies, or maybe with coconut?
      • RE: US congressmen ask FTC to investigate Facebook cookies

        @OldGrayWolf <br><br>I agree whole-heartedly, but not sure why exactly. I know that sounds like a contradiction, but it's not and here's why. If I, or anyone knew exactly just how far my personal information would be spread, just so I can take advantage of a really cool social experience, then I'd know if it was even worth it. As it stands, no one knows what future damage could be caused by it. So, it must be limitless as to where my personal information may spread, and that includes interactions or statements that may be momentary or off-the-cuff being solidified and maintained in a holistic database for the rest of eternity. With that as the set limits, very few if any people could hold up against the limitless scrutiny that could be imposed upon our character. It's not a case of, if you're a good person, you have nothing to worry about... it's more like, if you have even a moment of indiscretion, a sideways joke, what have you, you will be accountable to that forever. Change your mind? Doesn't matter. So let it be written, so let it be shared, so let it be stored.
  • RE: US congressmen ask FTC to investigate Facebook cookies

    It's about time somebody got on their case. I think Facebook is liabale and therefore should make good. Any time, any organization grows too fast, it is more of reason to find what fueled the growth. <br>Facebook is undenieably the fastest growing socialization network, but I think when you look into their practices you will find more than cookies used to fuel the growth.

    It is bad enough that big brother is always looking over your shoulder with cookies, we don't need other companies doing the same.
  • RE: US congressmen ask FTC to investigate Facebook cookies

    The average facebook user would consider the timeline changes as more "stalker-friendly" as far as making it SO much easier for people to browse everything on your profile by month, year, event, etc. I just activated my Timeline yesterday to be prepared for when the changes do happen next week. It's an EXTREME invasion of privacy not only for other facebook users to see but a gold mine of information. Facebook has always tracked all links you click on the site as well as after you log off as well--this is no new news.

    The only site out there that is offering users the UTMOST privacy on a social network is ONLYMEWORLD. Absolutely NO personal information is asked. I have had an account w/ this site since May and as Facebook keeps "upgrading" the more amazing OnlyMeWorld is in comparison.
    • RE: US congressmen ask FTC to investigate Facebook cookies

      @erichuhai It's one thing to track the data and quite another to share it. I'll check out ONLYMEWORLD immediately. Thx