Slashdot Mirror
Facebook Cookies Track Users Even After Logging Out
First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"
dont use facebook
a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
From TFA:
I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?
Attention zealots and haters: 00100 00100
Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....
C|N>K
There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Because it's about privacy, not against social media? You decide what level of privacy you want, and the can use safely Facebook (or whatever)? Facebook privacy concerns are not connected with the usefulness of the site.
unfinished: (adj.)
The end. No tracking, "evercookies" etc. Even blocks google tracking via google-analytics.
Tracking cookies track. This is not news, this is anticipated and expected behavior. This has been the status quo for over a decade.
Cookies have a security feature in that they are accessible only to the websites that placed them, but advertising sites have been using tracking cookies for as long as cookies have existed, and getting around that security by placing a "bug" on third-party sites. They used to (and probably still do) implement this as a 1x1 "spacer" image the same color as the background, or simply by having an ad on the page you are viewing. When your browser requests the image/flash/javascript/whatever, the site it comes from is suddenly allowed to access their cookie.
The solution has also not changed; either don't allow cookies, or delete them constantly. Anti-scripting addons are also helpful, as are black (or whitelists) of websites to disallow (or allow) access to your system. Modifying hosts files has been a semi-successful method, as well, in that requests sent to specific named addresses can be redirected to localhost (and therefore "blocked").
I personally use NoScript and AdBlockPlus for precisely this reason (and to speed up my page loads), and I can't fathom why this information could be conceived to be news to any user with any amount of technical knowledge and a modicum of interest in their own privacy.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
...Facebook.
There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?
To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.
Who is John Cabal?