Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Cookies Track Users Even After Logging Out

Posted by samzenpus on from the sticking-with-you dept.

First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"

40 of 352 comments (clear)

  1. My sure fire plan by Osgeld · · Score: 4, Insightful

    dont use facebook

    1. Re:My sure fire plan by betterunixthanunix · · Score: 4, Funny

      But but but we need Facebook. How else are we supposed to communicate with our friends?

      --
      Palm trees and 8
    2. Re:My sure fire plan by E.I.A · · Score: 2

      If I could mod this comment to the moon, I'd do it. I think the Onion explained it better than anyone else: http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/

      --
      Laws are like sausages. It's better not to see them being made. - Otto von Bismarck
    3. Re:My sure fire plan by syousef · · Score: 3, Funny

      But but but we need Facebook. How else are we supposed to communicate with our friends?

      Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround!

      Mind-boggling...

      I'd respond to that but I can't find the "Like" button.

      --
      These posts express my own personal views, not those of my employer
    4. Re:My sure fire plan by The+Good+Reverend · · Score: 3, Informative

      There actually is no better way for me to communicate with some groups of friends than Facebook. In a group, some people rely on txts, some on email, some on FB itself. The group can collaborate, share links and between themselves easily, and easily communicate, even if they're not friends with each other.

      Of course there are other ways to do this, and in a business environment most people will all have some software to do this (likely at a price). But if I'm throwing a birthday party or getting my family together, there is no better tool than Facebook.

    5. Re:My sure fire plan by PNutts · · Score: 2

      the ever useful face to face

      What app is that? Never heard of this protocol, F2F.

      It's like P2P, but I'm better than my friends.

    6. Re:My sure fire plan by RobbieThe1st · · Score: 3, Insightful

      ...Aside from the fact that as this story proves, they gather *other* information as well!
      Personally, my plan is as follows:
      1. No FB account. Period.
      2. RefControl set to fake referrers for 3rd party sites, which means that any FB image buttons that load won't send back the URL of the page I'm visiting(Instead it'll send back the root of the site, xyz.facebook.com).
      3. NoScript set to block 3rd party scripts by default, which blocks FB *scripts* from running.

      And I *should* be deleting any FB cookies as well... but even if not, *all* they have is a list of the times a FB image has been loaded and my IP.

    7. Re:My sure fire plan by The+Good+Reverend · · Score: 2

      Indeed, that's the other big issue here - if you totally remove yourself the internet (from Facebook and similar places), then someone else is in charge of what shows up online about you (unless you've got a great blog presence somewhere).

      It's fine to pretend no one knows your name online, but it takes just one person somewhere to say you're a child molester or shitty employee for that to be the top result for a google search of your name.

    8. Re:My sure fire plan by betterunixthanunix · · Score: 5, Insightful

      As a social protest, all it seems to accomplish is annoying your friends and family

      Which, as antisocial as it sounds, I would say is a good thing. The last thing we need is for people to simply assume that everyone has a Facebook account, and since that is what a lot of people assume now, they need to be annoyed and reminded that not everyone is on Facebook. Why should someone like Mark Zuckerberg be able to exert so much control over how people communicate?

      You don't have to "submit to the beast" - just use it for what's convenient.

      Any communication on Facebook is submitting to the beast.

      --
      Palm trees and 8
    9. Re:My sure fire plan by thegarbz · · Score: 2

      While the parent should have been modded Funny rather than insightful, your post actually completely misses how the various technologies work in social interaction.

      Facebook does not replace Mobile Texting, Phones, or Face to Face.
      Most people despite what the Slashdot crowd may thing do not use IRC.
      Usage of Google MSN AIM ICQ etc has seen a steady downward trend across age groups typically replaced by chat functions in Facebook and the proliferation of free txt messaging and smartphones which treat a txt message as a conversation on display like these chat programs do.
      Email these days is slowly but surely starting to get reserved for formal records only replacing fax and snailmail.

      So for one-to-many communication that is currently in use that really only leaves ... Facebook.

      What use is sending an email when no one reads it? What use is sending a mass txt message to 15 of my friends if my carrier blocks the messages for spamming? If no one is ever on an instant chat program what other way can I arrange for a large group of people to meet face to face? I'll give you a clue, most people under 21 don't know how to use the Outlook Calendar to send meeting requests.

      Facebook.

      It has become the single most convenient way for informal communication, event organisation, and sharing of basic stupidities that we are all thankful don't get passed around as email chain letters. This does not make it optional as the parent's tongue in cheek comment implies. You either use the means off communication that your target audience uses or you risk alienating yourself.

  2. I though so... by gemtech · · Score: 5, Interesting

    a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.

    --
    Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
    1. Re:I though so... by PopeRatzo · · Score: 5, Insightful

      It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

      You better adjust your attitude, Mr Man. Those are the Job Creators you're talking about and you better start showing a little gratitude by letting them track your movements and have sex with your wife whenever they want.

      Letting corporations fuck your privacy is the 2011 version of droit du seigneur.

      --
      You are welcome on my lawn.
    2. Re:I though so... by Kenja · · Score: 2

      They can only keep track of the information you willingly give them. If you really thought Facebook was a charity, thats your own fault. If you realized they are a for profit organization, how did you think they made your money if not with the information you provide them?

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  3. Just Drop Them On Logout by Greyfox · · Score: 2

    You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  4. The only winning move is not to play by WCMI92 · · Score: 3, Insightful

    Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.

    This should surprise no one. I block their cookies in my browser and never intentionally go there.

    I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".

    Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...

    --
    Corporatism != Free Market
    1. Re:The only winning move is not to play by fartrader · · Score: 2, Insightful

      Not anti-customer at *all*. You are NOT their customer.

    2. Re:The only winning move is not to play by insertwackynamehere · · Score: 2

      This. This is it. The ultimate Slashdot post. If Slashdot was a person, this would be the beating heart.

  5. Confused... by Goose+In+Orbit · · Score: 2

    So... facebook.com sets a cookie...

    Site B has Facebook Like button - which presumably is sourced from facebook.com

    And you're surprised that they don't check your cookies when sending the icon???

    Where's the story?

  6. haha, you still have problem by rubycodez · · Score: 2

    don't forget fbcdn.net and fb.com, maybe others

  7. Oh God by DSS11Q13 · · Score: 2, Funny

    I don't want anyone to know I read slashdot

  8. Re:Ghostery by Nethead · · Score: 2

    Why does Ghostery's home page have a "Friend me on Facebook" link?

    --
    -- I have a private email server in my basement.
  9. the crux, I think by Bill+Dog · · Score: 5, Insightful

    From TFA:

    This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

    I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?

    --
    Attention zealots and haters: 00100 00100
  10. Re:Does EasyPrivacy Thwart this? by That+Guy+From+Mrktng · · Score: 2

    How is this news anyway? FB have been doing it since the facebook social plugins took over, more than a year.

    How hard is to set up a Firefox session exclusive for the use of this social media stuff? really? its faster and convenient that stacking layers and layers of blockers in the way of your everyday browsing. Or use different browsers for each task. Suckerberg sure it's amused by the time and effort some people put into staying away from facebook tracking WHILE having a facebook account.

    Protip: The more you try to hide what you do, the more someone would try to see what you're hiding. You think trackers don't have a special table in the database for "tin_foil_subset"? right.

  11. It is even worse than that by frovingslosh · · Score: 2

    I've looked at my web traffic lately and see an awful lot of traffic to Facebook when I go to other sites. And it is not that I'm just "logged out" of Facebook, I don't have a Facebook account and never have (and never will). There is no valid reason for this traffic between me and Faceook. The next step may be to put a bad link for Facebook in my Hosts file.

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:It is even worse than that by jbmartin6 · · Score: 4, Insightful

      There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  12. Notice by inode_buddha · · Score: 5, Funny

    Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....

    --
    C|N>K
  13. Ditto by jhd · · Score: 3

    Don't use Facebook with prejudice.
    Avoid it like you would the black plague.
    Purge it from your mind... face-wut?
    It can only make you stupid.

  14. Re:Does EasyPrivacy Thwart this? by fferreres · · Score: 2

    >How hard is to set up a Firefox session exclusive for the use of this social media stuff?

    I don't know, but that is a great idea: to have a list of sites that you always want to be used in private mode. This calls for not completely separating private mode from normal mode (w/Firefox, it closes all other normal Windows until you stop private mode).

    I imagine this functionality like how IE works. A small icon will tell you if the tab is in "private mode" (or sandboxed), and you can create rules to match the sites you want in this mode.

    I'd really use something like that. I've read about many that trying to avoid being tracked calls for more attention, so better not do it. That point of view is totally flawed. Privacy has nothing to do with hiding, but with others not allowed to spy on you unwarranted. Just like a robot.txt doesn't want indexing. Just like how you use clothes everywhere but your house (or the bath). Just like you don't always use the speakerphone while traveling. If you want privacy, and they find ways around, the analogy is to someone that is using IR cameras to "see behind clothes". It should be punished severely to spy on people.

    --
    unfinished: (adj.)
  15. Re:Ghostery by fferreres · · Score: 4, Insightful

    Because it's about privacy, not against social media? You decide what level of privacy you want, and the can use safely Facebook (or whatever)? Facebook privacy concerns are not connected with the usefulness of the site.

    --
    unfinished: (adj.)
  16. Why use a social networking site if... by MBC1977 · · Score: 2

    Why use any social networking site if your gonna isolate yourself? Don't get me wrong I do use facebook and am fully aware how the tracking system works (I personally enabled it on 20 sites I use this morning). It just seems like a lot of "the sky is falling" mentality. Not trying to troll or flame here, but it seems like if you don't want others to know what your doing, then you should unplug the computer and just use it as a standalone system. Could be just my old man point of view though. lol

    --
    Regards,

    MBC1977,
  17. FFS it's not that hard by tick-tock-atona · · Score: 4, Informative
    In Firefox:
    • use the requestpolicy addon; whitelist fbcdn.net on facebook.com only. facebook.com is blacklisted for other domains automatically.
    • don't accept third-party cookies
    • set cookies and cache to clear when closing the browser (whitelist a couple of sites like slashdot)

    The end. No tracking, "evercookies" etc. Even blocks google tracking via google-analytics.

  18. Not news. by znerk · · Score: 4, Informative

    Tracking cookies track. This is not news, this is anticipated and expected behavior. This has been the status quo for over a decade.

    Cookies have a security feature in that they are accessible only to the websites that placed them, but advertising sites have been using tracking cookies for as long as cookies have existed, and getting around that security by placing a "bug" on third-party sites. They used to (and probably still do) implement this as a 1x1 "spacer" image the same color as the background, or simply by having an ad on the page you are viewing. When your browser requests the image/flash/javascript/whatever, the site it comes from is suddenly allowed to access their cookie.

    The solution has also not changed; either don't allow cookies, or delete them constantly. Anti-scripting addons are also helpful, as are black (or whitelists) of websites to disallow (or allow) access to your system. Modifying hosts files has been a semi-successful method, as well, in that requests sent to specific named addresses can be redirected to localhost (and therefore "blocked").

    I personally use NoScript and AdBlockPlus for precisely this reason (and to speed up my page loads), and I can't fathom why this information could be conceived to be news to any user with any amount of technical knowledge and a modicum of interest in their own privacy.

    --
    This work is licensed under a Creative Commons Attribution 3.0 Unported License.
  19. You just lost the game by SendBot · · Score: 3, Informative

    On the contrary, I view FB as a venue to advertise myself, my thoughts, and my interests to the world around me. I want to create influence, and if I don't want something to be known to FB I (wait for you mind to be blown...) simply don't post it. Amazing!

    Oh, and that myth about lemmings committing mass suicide by jumping off of cliffs? That's complete nonsense fabricated for a nature film created by (wait for you mind to be blown a second time...) DISNEY! That's right, you've been successfully misled by MouseCorp/ABC.

    You just got chumped, chump.

  20. Fix This With Add-Ons by Alphanos · · Score: 2

    This and many other privacy issues can and should be fixed by use of proper Firefox add-ons. Sure we can decry the practice and wish that in an ideal world corporations would not do such things, but that's a waste of time. Use things like Adblock Plus, Ghostery, Beef Taco, NoScript, and Better Privacy.

    I don't even see those Facebook buttons. Since in practice nobody will manually mess with their cookies each time they log out of a site, and may even want to visit other sites while still logged in, this is the only realistic solution.

    --
    Alphanos
  21. My sure fire plan by frozentier · · Score: 2

    My sure fire plan is not to fucking worry about it. FB only posts what I tell it to post. So they know I went to a certain website? Honestly, it doesn't matter. I've never noticed it make a single change in my life other than giving me ads about stuff I'm interested in as opposed to ads I couldn't give a damn less about. Oooo, big bad facebook.

  22. Use Ghostery by The+Zen+Cow+Says+Mu · · Score: 2

    Plugin for most browsers. Blocks tracking cookies, including the multiple ones that facebook uses. An added benefit is that (for me anyway) it speeds up rendering of a lot of slow gawker and gawker-like websites. Probably because they have so many trackers (record is 25). http://www.ghostery.com/

  23. This is probably much more common than just... by Artifakt · · Score: 5, Insightful

    ...Facebook.
    There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?

    To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.

    --
    Who is John Cabal?
  24. Don't get a false sense of privacy here... by rjbrown99 · · Score: 2

    Wiping your cookies, adblock, flashblock, etc - it's all worthless.

    Even if you remove all cookies, the iframe that is the 'like' button will set a new cookie. Facebook tracks these new 'anonymous' cookies centrally, and then when you DO login to your actual account, they can read this cookie and marry up your previous behavioral habits and sites you visited. The advice here leads people to believe you can fight this simply by erasing cookies. The only way to really make that effective is:

    1) Log out of Facebook
    2) Remove all Facebook cookies
    3) Browse around to other sites
    4) Clear all Facebook cookies AGAIN
    5) Log in to Facebook

    Without step #4 the rest of it is not doing you any good.

    The same is true of new signups, where your browsing history (before you even had an account!) is correlated to the new account to help build a profile of your activity.

  25. No bother for me! by Khyber · · Score: 2

    All of my friends have my phone number and e-mail. They've got data plans and smartphones. It's just that simple.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  26. answer by Tom · · Score: 2

    A german magazine has developed an answer to that about a month ago:

    http://www.heise.de/extras/socialshareprivacy/

    Absolutely worth a read, and if you use a "like" button on your page and you're a geek, you should definitely use this.

    --
    Assorted stuff I do sometimes: Lemuria.org