Facebook Fixes Post Log-Out Cookie Behavior

← Back to Stories (view on slashdot.org)

Facebook Fixes Post Log-Out Cookie Behavior

Posted by timothy on Tuesday September 27, 2011 @05:48AM from the crumble-less dept.

An anonymous reader writes "Over the weekend, self-proclaimed hacker Nik Cubrilovic accused Facebook of tracking its users even if they log out of the social network. The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. Now, Cubrilovic says Facebook has made changes to the logout process, and detailed what each cookie is responsible for."

54 of 80 comments (clear)

Min score:

Reason:

Sort:

I bet they did. by AvitarX · 2011-09-27 05:56 · Score: 1

If I log out, and it's a multi-user computer, it taints the cookie's value.
I doubt it has anything to do with doing the "right thing"

--
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
1. Re:I bet they did. by maxume · 2011-09-27 06:06 · Score: 1
  
  Nah, they just estimated that dealing with the backlash was going to cost them more than losing a little bit of data from the small number of people that begin logging out consistently.
  I highly doubt it was because of a fundamental misunderstanding about what the logged out cookies were good for.
  
  --
  Nerd rage is the funniest rage.
2. Re:I bet they did. by EdIII · 2011-09-27 06:17 · Score: 1
  
  it taints the cookie's value.
  There is nothing right about taint and cookie being in the same sentence, so I agree with you on principle.
3. Re:I bet they did. by Pope · 2011-09-27 06:38 · Score: 1
  
  You just haven't been watching the right pr0n then.
  
  --
  It doesn't mean much now, it's built for the future.
4. Re:I bet they did. by AvitarX · 2011-09-27 06:38 · Score: 1
  
  I don't know, if I were paying for browsing data of facebook users, I'd want it to be accurately attached to a real name.
  Once the news broke, I imagine customers were pissed that they were being sold poor quality data.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
5. Re:I bet they did. by maxume · 2011-09-27 06:52 · Score: 1
  
  I tend to believe Facebook's unequivocal denial that they sell user-tracking information more than I believe your "They do so".
  (It's plenty believable to me that their initiatives to put Facebook content on other sites are simply about getting people to use Facebook more...)
  
  --
  Nerd rage is the funniest rage.
6. Re:I bet they did. by AvitarX · 2011-09-27 07:08 · Score: 1
  
  I really assumed they allowed it to be used for the sake of targeting ads, but keep a buffer between it and their customers.
  But like Google doesn't sell tracking, but they use the data to sell things at a higher rate.
  If I were targeting ads at Facebook users, I would want to be sure it was the right ones, that's what I'm paying for. The increased data has less value, because it is less accurate.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
7. Re:I bet they did. by AvitarX · 2011-09-27 07:34 · Score: 1
  
  I should add, I don't think it was done maliciously, I think it was an over-site. They want accurate data.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
8. Re:I bet they did. by maxume · 2011-09-27 07:40 · Score: 1
  
  The part where that argument falls apart for me is that Facebook can track the behavior for a logged in cookie separately from a logged out cookie. So they can sell both the 'this is what logged in users look like' and the 'this is what users computers look like'. That they would not be using the data in the way that it is most valuable to them is basically preposterous (for a variety of reasons; they are interested in money, they have a large amount of technical talent, etc.).
  I suppose they might have been misrepresenting the data to claim that they had more of it, but like you said, accuracy is more valuable than volume.
  
  --
  Nerd rage is the funniest rage.
Leave it to Zuckerberg by Antisyzygy · 2011-09-27 06:00 · Score: 2, Insightful

Zuckerberg is a fucking asshole, he's not a genius like the show portrays him, and hes has no principals.

--
That brings me to an interesting point, / . is just "the ramblings of socially-inept, technology-literate news-mongers".
1. Re:Leave it to Zuckerberg by fortapocalypse · 2011-09-27 06:05 · Score: 2, Funny
  
  hes has no principals.
  That is because he's not in school anymore.
2. Re:Leave it to Zuckerberg by Antisyzygy · 2011-09-27 06:22 · Score: 1
  
  Apparently he couldn't handle it.
  
  --
  That brings me to an interesting point, / . is just "the ramblings of socially-inept, technology-literate news-mongers".
3. Re:Leave it to Zuckerberg by jhoegl · 2011-09-27 06:23 · Score: 1
  
  Well duh... We've known that for awhile. The real question is...
  Who's worse? markz for building such a shitty product that treats people like crap. OR. all the millions of users who signed up for such a shitty product. And continue to use it no matter what scummyness comes to light....
  I predict humanity will do well in its ventures of continued existence.
4. Re:Leave it to Zuckerberg by ThatsMyNick · 2011-09-27 07:03 · Score: 1
  
  here's the thing... NOBODY CARES ABOUT YOUR DATA, you are not important, you are not special, your browsing habits are not unique, you do not frequent sites that make people care about your data, and even that it wouldn't be FB that cared :)
  Then why track? Care to explain? I see hundreds of sites tracking every click and every mouse-over I make. Hell there are business models that solely depend on tracking people.
5. Re:Leave it to Zuckerberg by Synerg1y · 2011-09-27 07:12 · Score: 1
  
  Statistics, targeted marketing, marketing trends. Traffic, how many people go to amazon after google type stuff. There is a lot more money in selling your product to a targeted market than to the world wide web make sense? It doesn't have your name on it, just your IP, they can't hack you via a cookie, so your IP is essentially useless unless your run open ports on your router w no firewall, but again fb is the least of your concerns at that point.
  It's pretty harmless is my point, ya it's kinda grey area in terms of ethics and accountability (disregard of do not track feature), but at the same time, it's nothing to rile yourself up over, no black suite at a government or fb center is sitting there shaking their head at what porn your looking at (keep it legal).
  Also, you realize google is tracking you WAY worse than facebook is right? Go google it and if your concerned prepare to lose a night's worth of sleep.
6. Re:Leave it to Zuckerberg by shadowfaxcrx · 2011-09-27 07:36 · Score: 2
  
  The issue that I'm having is the reverse of what you guys are talking about. Apparently with the new timeline update or whatever the hell they're calling it, Facebook will integrate with certain websites such that if I go to an enabled site, it's automatically posted to my timeline that I went there.
  Dunno about you guys, but I don't necessarily want all of my fb friends list potentially seeing every site I go to. I signed up for Facebook to keep in contact with people that I don't get to see on a regular basis, not to involuntarily vomit up every minute detail of my life to them.
  So Google might track me, but Google is a faceless entity that doesn't give much of a damn about me personally. There is anonymity in huge numbers. For Google, I'm one of millions. They can't possibly drill down to tracking me as individually as conspiracy theorists are afraid of. On the other hand, Facebook forcing people who actually know me to track me as aggressively as Google does is out of line.
  
  --
  "I disagree with you" does not equal "flamebait."
7. Re:Leave it to Zuckerberg by jo42 · 2011-09-27 07:45 · Score: 1
  
  That's Mr. Douchebagberg to you.
8. Re:Leave it to Zuckerberg by _0xd0ad · 2011-09-27 08:08 · Score: 1
  
  Install AdBlock Plus and add these filters.
  ||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net ||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net ||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net ||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com
  Some Facebook apps might not work correctly unless you add more domain exclusions to these rules. In that case, add the necessary domains, each preceded by a tilde and separated by a vertical bar. You can tell which domains to add by loading the app, checking the blocked items, hovering over one that you want to allow, and looking at the domain listed under "Document source".
9. Re:Leave it to Zuckerberg by shadowfaxcrx · 2011-09-27 08:14 · Score: 1
  
  I don't use facebook apps, so that's not a concern. And I already have ABP installed, though I don't remember putting those filters in place.
  That said, I'm just going to shutter my account at Facebook. I shouldn't have to jump through special hoops to keep Facebook from blabbing details about me that I do NOT choose to share on Facebook. That, and Facebook is quite famous for changing privacy settings, requiring you to make even more changes to opt out of privacy invasions. I have little doubt that once enough people install ABP and add those filters, they'll figure out some way to work around them.
  
  --
  "I disagree with you" does not equal "flamebait."
10. Re:Leave it to Zuckerberg by Caerdwyn · 2011-09-27 08:27 · Score: 2
  
  Amazon sells books and rice-steamers and USB cables.
  Facebook and Google sell YOU. They sell your eyes and your habits and your desires and your prejudices to anyone and everyone to do with as they please.
  One is more nefarious and subject to abuse than the other.
  
  --
  Everybody gets what the majority deserves.
11. Re:Leave it to Zuckerberg by Cutting_Crew · 2011-09-27 09:13 · Score: 1
  
  the problem is, is that I, personally, am going to buy something when I am ready to buy it and only if I have decided that I want it. Seeing an ad(i have firefox adblock, flashblock, noscript so i dont see ads anyway but let's assume that i did) isn't going to make me want to buy a watch that I wasn't intending on buying, buying a watch that I was thinking about buying or buy a watch faster if i know that i really need one and it most likely wouldn't be the same brand watch anyway because i don't buy based on brand.
  
  It is very fascinating on the television side too. A channel like CBS charges advertisers a certain amount of money based on how many people are watching a show yet the advertisers still pay out the butt despite the fact that tons of people do the following when commercials come on: take a dump, put it on mute b/c they dont like commercials, change the channel, browse the web, cook dinner, use software to record and skip past all the commercial mumbo jumbo, etc etc.
12. Re:Leave it to Zuckerberg by Synerg1y · 2011-09-27 11:01 · Score: 1
  
  Yes yes, quite creepy indeed, nobody wants their websites posted, EXCEPT ITS PARTNER SITES
  http://www.facebook.com/help?page=1068
  and I guess we only kind of know what they are after http://www.facebook.com/topic.php?uid=104057282970409&topic=26
  So that porn site shouldn't show up on your timeline according to this.
13. Re:Leave it to Zuckerberg by shadowfaxcrx · 2011-09-27 11:10 · Score: 1
  
  Who said anything about porn sites? If people find out I read Slashdot, they'll beat me up and stuff me in a locker ;)
  
  --
  "I disagree with you" does not equal "flamebait."
14. Re:Leave it to Zuckerberg by Synerg1y · 2011-09-27 11:20 · Score: 1
  
  Until your old enough to have domain admin access over them, then you state "gtf in the locker or i make the systems work 1/2 the time for you preventing you from doing your job causing your delayed termination, you also beat your own ass while your at it". :P
15. Re:Leave it to Zuckerberg by insertwackynamehere · 2011-09-27 12:09 · Score: 1
  
  "Stupid users," I thought. "I have to protect them from themselves." I poured back another shot of bourbon. The moonlight crept through the window of my office. I do a lot of my work at night.
  It had been a quiet day. Some broad had come in begging for me to find out if her husband was cheating on her. Unfortunately, I couldn't take the case. Her husband was a buddy of mine from the force. I told her to look on Facebook. Joe never was too bright, like most of the earthly scum I surround myself with. He'd probably put pictures up of his latest fling expecting Facebook to handle the privacy settings. I couldn't rat Joe out but it sure as hell wasn't my job to protect him from himself. Or was it. I didn't care, I wanted this shrill dame off my back so I could drink alone in peace.
  Besides, only working girls can afford my rates and that's because my rates for working girls are usually on a sliding scale. That is to say, a scale of one through ten. The higher you fall on the scale, the cheaper the work is. The lower you fall, the cheaper the worker is. I struck a match for a cigar before I remembered I was out of cubans. I watched the match burn out before looking down at the melting ice in my empty glass. My senses were close to being unstimulated except for the way the wet ice caught the light and dazzled my drunken mind. Two things were clear. I needed a smoke, and Zuckerberg was behind this. Only one of those things I felt like dealing with right now.
How do so many IT managers master this talk by Riceballsan · 2011-09-27 06:00 · Score: 3, Insightful

First off we never did it, secondly we've stopped doing it. If I am ever taken to court for theft that's what I'll try, "Your honor first of all I never stole anything, secondly I just gave it all back and won't do it again".
1. Re:How do so many IT managers master this talk by ackthpt · 2011-09-27 06:08 · Score: 2
  
  First off we never did it, secondly we've stopped doing it. If I am ever taken to court for theft that's what I'll try, "Your honor first of all I never stole anything, secondly I just gave it all back and won't do it again".
  If a tree falls in the forest and nobody is there to Like it, does it matter?
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
2. Re:How do so many IT managers master this talk by EdIII · 2011-09-27 06:15 · Score: 1
  
  You think that is something?
  Maybe you should watch some of the congressional hearings on C-SPAN. It's mind bending logic and great show. Unfortunately, it's Reality TeeVee.
3. Re:How do so many IT managers master this talk by Cajunfiend · 2011-09-27 14:55 · Score: 1
  
  somebody is always there to "like" it.
Re:meh by bluefoxlucid · 2011-09-27 06:00 · Score: 1

Yeah this looks like FBOOK_SESSION=824475u2#@87uhuanotuhaLFFF and then facebook invalidates the session, you are now logged out. Logging out is that simple: invalidate the session data. Seems like someone decided to mark the session "Logged Out" instead of just deleting it.

--
Support my political activism on Patreon.
If you care so much about being tracked... by fortapocalypse · 2011-09-27 06:02 · Score: 1, Funny

why use the net? I mean seriously- there are satellites and VW bugs watching our house.
1. Re:If you care so much about being tracked... by decipher_saint · 2011-09-27 06:13 · Score: 1
  
  Or Facebook at all for that matter, the sole purpose of the site is to share information about yourself so that people can track you.
  
  --
  crazy dynamite monkey
2. Re:If you care so much about being tracked... by hedwards · 2011-09-27 06:39 · Score: 1
  
  At this point not using the net isn't particularly feasible. And it's getting worse as more and more essential services move to it. It used to be that everything that one legitimately needed to do had an offline equivalent, but the direction things are flowing that might not be the case for much longer.
  And even where one doesn't have to be online to do something, it's often times significantly faster to use the online equivalent rather than doing it offline. Not to mention things like statements where banks are increasingly charging a fee to mail them to you rather than using electronic ones.
Self-Proclaimed? by Anonymous Coward · 2011-09-27 06:03 · Score: 1

Usually when someone is identified as "self proclaimed," it means they aren't what they say they are. It's a de facto insult.
Is Nik not a real hacker?
1. Re:Self-Proclaimed? by somersault · 2011-09-27 06:09 · Score: 1
  
  It means what it says. It doesn't mean it's untrue. It's more likely that whoever wrote the article sees admitting you're a hacker as tantamount to breaking the law, or something stupid like that.
  
  --
  which is totally what she said
Re:meh by kefkahax · 2011-09-27 06:03 · Score: 2

I was just trying to point out the "Hey, hey, look at this huge issue!" (as if you're facebook information wasn't going to leak eventually anyway, doesn't everyone understand that once it's on the internet, it's there to stay?). And, the response, "Oh, no, no. That's not and issue." (Then duck off and go fix it.)

--
Easy BitCoins
Not worried by ackthpt · 2011-09-27 06:06 · Score: 4, Funny

I'll be moving over to Google+, where I know they won't spy on me. ;) ;)

--

A feeling of having made the same mistake before: Deja Foobar
Who cares? by Simon+(S2) · 2011-09-27 06:11 · Score: 1

They don't need cookies anyway. There are a lot of other ways to track you without a cookie. As long as we download all those "like" buttons from the webpages we visit they get to track us. The cookie would just make the tracking a little bit easier.

--
I just don't trust anything that bleeds for five days and doesn't die.
1. Re:Who cares? by poetmatt · 2011-09-27 06:38 · Score: 1
  
  yep. Don't need a cookie, don't need to ever be affiliated with facebook or have ever signed up. If that like button is tracked on a website that also has other personal info associated (maybe even your first name), you just got linked to every other linked website and so on. Basically, advertisers know far more than just "simon S2 visited a website".
2. Re:Who cares? by gorzek · 2011-09-27 07:14 · Score: 1
  
  Exactly. Most people's browsers send up enough information to every site you visit that you can be uniquely identified--or at least narrowed down to a very small sample. Even when you aren't logged in, Facebook can correlate that browser data with known profiles and figure out who you are without much trouble.
  
  --
  Check out my world simulator thingy.
3. Re:Who cares? by Simon+(S2) · 2011-09-27 08:13 · Score: 1
  
  fbcd.net needs to be added there as well.
  
  --
  I just don't trust anything that bleeds for five days and doesn't die.
4. Re:Who cares? by Simon+(S2) · 2011-09-27 08:14 · Score: 1
  
  fbcdn.net
  sorry. typo.
  
  --
  I just don't trust anything that bleeds for five days and doesn't die.
5. Re:Who cares? by _0xd0ad · 2011-09-28 02:40 · Score: 1
  
  AdBlock Plus will do the trick, as long as you block all of Facebook's domains. I posted a list above, but here's a link if you're lazy.
  http://yro.slashdot.org/comments.pl?sid=2448786&cid=37531014
Duh by Moheeheeko · 2011-09-27 06:14 · Score: 2, Insightful

Using a service like facebook for free? news flash: You aren't the consumer, you are THE PRODUCT.
1. Re:Duh by Frosty+Piss · 2011-09-27 06:20 · Score: 1
  
  Using a service like facebook for free? news flash: You aren't the consumer, you are THE PRODUCT.
  Some of us choose to "opt out" of that equation.
  
  --
  If you want news from today, you have to come back tomorrow.
2. Re:Duh by Dunega · 2011-09-27 06:47 · Score: 1
  
  It's not a news flash and most people don't care, for better or for worse...
3. Re:Duh by quacking+duck · 2011-09-27 09:23 · Score: 1
  
  Using a service like facebook for free? news flash: You aren't the consumer, you are THE PRODUCT.
  This isn't limited to just free services.
  Remember the news a few days back about OnStar changing their TOS so they can sell data they collected from current and former customers?
  Yes, you get to pay for the privilege of being a product.
Right... by milbournosphere · 2011-09-27 06:18 · Score: 1

they 'fixed' it. This implies that it was doing something that Facebook didn't want it to do.
1. Re:Right... by _0xd0ad · 2011-09-27 06:35 · Score: 4, Insightful
  
  This implies that it was doing something that Facebook didn't want it to do.
  It was: Generating bad publicity.
2. Re:Right... by AmberBlackCat · 2011-09-27 07:54 · Score: 1
  
  Like being noticeable.
It's an appeasement by jimpop · 2011-09-27 06:27 · Score: 1

It's not a fix if they can, or might, undo it in the future.
Click by ThatsNotPudding · 2011-09-27 07:06 · Score: 1

'Unfollow Nik Cubrilovic' -- Facebook
BleachBit? by tunapez · 2011-09-27 07:13 · Score: 1

Did Fecebook integrate BleachBit into their log-out process?
Oh yeah...Welcome to the Internetz, Nik. Don't take candy from strangers.

--
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
Had Facebook existed in 1987... by wukka · 2011-09-27 08:07 · Score: 1

Pizza the Hutt would have tracked Lone Starr using Pizza-face Book. http://www.imdb.com/title/tt0094012/