Social media behemoth Facebook is in damage control after a deluge of criticism that it is invading the privacy of members by tracking their internet activity. Facebook Chief Executive Mark Zuckerberg described the sites new features as creating ‘frictionless sharing‘ Oops
Facebook admits it went too far. The social network is quietly retracting a cookie that continued to report your Facebook user ID even after you “logged out” of the site. But it’s not sorry about five other cookies that persist after you sign off. What, you didn’t think Facebook would ever let you actually for real seriously 100 percent sign out, did you?
When Australian programmer Nik Cubrilovic blogged on Sunday about how Facebook logout didn’t seem to actually, um, well - log out! Facebook wen into immediate damage control mode, claiming that:
“The logged out cookies are used for safety and protection including: identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of ’keep me logged in‘ . We don’t use our cookies to track you or to target ads or sell your information to third parties”
Blah Blah Blah, except that Facebook has a tracking feature its CEO literally calls ‘Facebook Across the Web‘ Which does exactly that, track you across the internet, anyplace you go, Facebook goes with you (calm down! clearly only if you login to your Facebook account, or use Facebook on your mobile device )
In Australia, the office of the Privacy Commissioner says it has begun a preliminary inquiry into Facebook’s conduct.
Meanwhile Mr Cubrilovic has updated his blog http://nikcub.appspot.com/ with the following snippet:
To help better understand the cookie data that we have collected, I have formatted it into a table that displays the lifetime of each cookie across a number of different web requests. The table can be found on a separate page here. You can find the raw output from my Firefox session here.
The rows of the table represent each cookie found throughout the debugging session. The first column is the name of the cookie. Each subsequent column shows how the value of the cookie was altered (or not) throughout the following four page requests:
- A logged in request to
- A request to the ‘logout’ action within Facebook
- The immediate request of the Facebook homepage
- A subsequent request to the Facebook homepage after restarting the browser
The table is color coded so that it is easier to see which cookies are altered and which cookies never change.The data shows that five cookies retain value after the logout procedure and a browser restart, while a further two survive the logout procedure and remain as session cookies.
Mr Cubrilovic has graciously inclued a fix for the crooked cookies, once again; check his blog >http://nikcub.appspot.com/
Facebook has built a living off of gathering information about its users. The advertising dollar is the main thrust of their particular value, but Facebook’s real asset has been their ability to attract more personal information about an individual user. Facebook now has access personal information that other social media sites like twitter and google plus don’t, information like date of birth, real name, email, geographic location, this is information that advertising gurus pay an arm and leg for.
It turns out one cookie wasn’t used for “safety and protection,” as a Facebook engineer has admitted to Cubrilovic now that the press storm is subsiding. One cookie, “a_user,” continued to report your user ID back to Facebook after you logged out, until you shut down your browser entirely. The cookie was only visible to Facebook, but the site could have used it to track your visits to other sites if it wished, since a great many websites feature “Facebook Connect” widgets that load content from facebook.com — transmitting cookies to Facebook each time they do so.
The features that are causing all the fuss where unveiled by Facebook last week, and according to Mr Zuckerberg are part of a services that make it easier for its 800 million users to share more information about themselves and their lives online. The social networking service showed off a dramatic redesign of users’ profiles, a timeline that charts in chronological order all the information users have shared in the past. Facebook also said that third-party applications would — with users’ consent — automatically share every action users take, such as the songs they listen to or the videos they watch.
Facebook did not respond – at time of publication – to a request for comment.