Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Cookies Track Users Even After Logging Out

Posted by samzenpus on from the sticking-with-you dept.

First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"

18 of 352 comments (clear)

  1. My sure fire plan by Osgeld · · Score: 4, Insightful

    dont use facebook

    1. Re:My sure fire plan by betterunixthanunix · · Score: 4, Funny

      But but but we need Facebook. How else are we supposed to communicate with our friends?

      --
      Palm trees and 8
    2. Re:My sure fire plan by syousef · · Score: 3, Funny

      But but but we need Facebook. How else are we supposed to communicate with our friends?

      Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround!

      Mind-boggling...

      I'd respond to that but I can't find the "Like" button.

      --
      These posts express my own personal views, not those of my employer
    3. Re:My sure fire plan by The+Good+Reverend · · Score: 3, Informative

      There actually is no better way for me to communicate with some groups of friends than Facebook. In a group, some people rely on txts, some on email, some on FB itself. The group can collaborate, share links and between themselves easily, and easily communicate, even if they're not friends with each other.

      Of course there are other ways to do this, and in a business environment most people will all have some software to do this (likely at a price). But if I'm throwing a birthday party or getting my family together, there is no better tool than Facebook.

    4. Re:My sure fire plan by RobbieThe1st · · Score: 3, Insightful

      ...Aside from the fact that as this story proves, they gather *other* information as well!
      Personally, my plan is as follows:
      1. No FB account. Period.
      2. RefControl set to fake referrers for 3rd party sites, which means that any FB image buttons that load won't send back the URL of the page I'm visiting(Instead it'll send back the root of the site, xyz.facebook.com).
      3. NoScript set to block 3rd party scripts by default, which blocks FB *scripts* from running.

      And I *should* be deleting any FB cookies as well... but even if not, *all* they have is a list of the times a FB image has been loaded and my IP.

    5. Re:My sure fire plan by betterunixthanunix · · Score: 5, Insightful

      As a social protest, all it seems to accomplish is annoying your friends and family

      Which, as antisocial as it sounds, I would say is a good thing. The last thing we need is for people to simply assume that everyone has a Facebook account, and since that is what a lot of people assume now, they need to be annoyed and reminded that not everyone is on Facebook. Why should someone like Mark Zuckerberg be able to exert so much control over how people communicate?

      You don't have to "submit to the beast" - just use it for what's convenient.

      Any communication on Facebook is submitting to the beast.

      --
      Palm trees and 8
  2. I though so... by gemtech · · Score: 5, Interesting

    a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.

    --
    Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
    1. Re:I though so... by PopeRatzo · · Score: 5, Insightful

      It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

      You better adjust your attitude, Mr Man. Those are the Job Creators you're talking about and you better start showing a little gratitude by letting them track your movements and have sex with your wife whenever they want.

      Letting corporations fuck your privacy is the 2011 version of droit du seigneur.

      --
      You are welcome on my lawn.
  3. The only winning move is not to play by WCMI92 · · Score: 3, Insightful

    Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.

    This should surprise no one. I block their cookies in my browser and never intentionally go there.

    I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".

    Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...

    --
    Corporatism != Free Market
  4. the crux, I think by Bill+Dog · · Score: 5, Insightful

    From TFA:

    This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

    I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?

    --
    Attention zealots and haters: 00100 00100
  5. Notice by inode_buddha · · Score: 5, Funny

    Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....

    --
    C|N>K
  6. Re:It is even worse than that by jbmartin6 · · Score: 4, Insightful

    There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  7. Ditto by jhd · · Score: 3

    Don't use Facebook with prejudice.
    Avoid it like you would the black plague.
    Purge it from your mind... face-wut?
    It can only make you stupid.

  8. Re:Ghostery by fferreres · · Score: 4, Insightful

    Because it's about privacy, not against social media? You decide what level of privacy you want, and the can use safely Facebook (or whatever)? Facebook privacy concerns are not connected with the usefulness of the site.

    --
    unfinished: (adj.)
  9. FFS it's not that hard by tick-tock-atona · · Score: 4, Informative
    In Firefox:
    • use the requestpolicy addon; whitelist fbcdn.net on facebook.com only. facebook.com is blacklisted for other domains automatically.
    • don't accept third-party cookies
    • set cookies and cache to clear when closing the browser (whitelist a couple of sites like slashdot)

    The end. No tracking, "evercookies" etc. Even blocks google tracking via google-analytics.

  10. Not news. by znerk · · Score: 4, Informative

    Tracking cookies track. This is not news, this is anticipated and expected behavior. This has been the status quo for over a decade.

    Cookies have a security feature in that they are accessible only to the websites that placed them, but advertising sites have been using tracking cookies for as long as cookies have existed, and getting around that security by placing a "bug" on third-party sites. They used to (and probably still do) implement this as a 1x1 "spacer" image the same color as the background, or simply by having an ad on the page you are viewing. When your browser requests the image/flash/javascript/whatever, the site it comes from is suddenly allowed to access their cookie.

    The solution has also not changed; either don't allow cookies, or delete them constantly. Anti-scripting addons are also helpful, as are black (or whitelists) of websites to disallow (or allow) access to your system. Modifying hosts files has been a semi-successful method, as well, in that requests sent to specific named addresses can be redirected to localhost (and therefore "blocked").

    I personally use NoScript and AdBlockPlus for precisely this reason (and to speed up my page loads), and I can't fathom why this information could be conceived to be news to any user with any amount of technical knowledge and a modicum of interest in their own privacy.

    --
    This work is licensed under a Creative Commons Attribution 3.0 Unported License.
  11. You just lost the game by SendBot · · Score: 3, Informative

    On the contrary, I view FB as a venue to advertise myself, my thoughts, and my interests to the world around me. I want to create influence, and if I don't want something to be known to FB I (wait for you mind to be blown...) simply don't post it. Amazing!

    Oh, and that myth about lemmings committing mass suicide by jumping off of cliffs? That's complete nonsense fabricated for a nature film created by (wait for you mind to be blown a second time...) DISNEY! That's right, you've been successfully misled by MouseCorp/ABC.

    You just got chumped, chump.

  12. This is probably much more common than just... by Artifakt · · Score: 5, Insightful

    ...Facebook.
    There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?

    To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.

    --
    Who is John Cabal?