Is it possible that Facebook is tracking your web browsing activity, even when you are logged out? According to Australian hacker and writer Nik Cubrilovic, Facebook could know that you are reading this article, simply because we, like most sites nowadays, have a Facebook share button. Cubrilovic ran a little test involving
Is it possible that Facebook is tracking your web browsing activity, even when you are logged out?
According to Australian hacker and writer Nik Cubrilovic, Facebook could know that you are reading this article, simply because we, like most sites nowadays, have a Facebook share button.
Cubrilovic ran a little test involvingcookies and found that logging out of Facebook does not mean that Facebook can’t still know every page you visit on the same browser.
Is it possible to be both private and social? Is privacy a long lost cause because of social networking like Facebook? Let us know what you think.
On his blog post on Sunday, he shows what cookies are sent during a logged-in Facebook user’s visit to Facebook.com compared to a logged-out user’s visit to Facebook.com. Logging out is apparently supposed to prompt the deletion of certain identifiers, but that doesn’t happen, says Cubrilovic.
The primary cookies that identify me as a user are still there (act is my account number), even though I am looking at a logged out page. Logged out requests still send nine different cookies, including the most important cookies that identify you as a user
This is not what ‘logout’ is supposed to mean – Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.
This means that whenever you visit a page online that has a Facebook share button, like button or any other related widget, all of this pertinent information is being sent to Facebook. That’s how they can know where you are going on the web.
This shouldn’t be news to anyone. It’s right there in the Facebook Privacy terms -
We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin). This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.
But the revelation here is that this information is available even when you are logged out, as the cookie experiment notes. And people might wonder what all of this data does for Facebook -
The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.
Apparently, Cubrilovic has been sitting on this information for a while, and has reached out to Facebook without any substantial response. He says that he was prompted to share this information due to the renewed privacy discussions happening across the internet regarding all of Facebook’s upcoming Open Graph changes and “frictionless sharing.”
That “frictionless sharing” phrase is one that Mark Zuckerberg used quite a bit in his f8 keynote. He explained that it meant users can share their activities across the web to Facebook without having to really think about it. The melding of Facebook and everything else, per say.
Some have privacy concerns, fearing that since applications will be allowed to post things to Facebook regarding your actions without explicit opt-in authorization, users might share stuff on Facebook that they really don’t want to share.