Tuesday, September 27, 2011


Cookies have been a feature of the web for as long as I can remember. In many cases they are a useful feature to have as they remember your preferences and limit the amount of times you need to login to a service you have signed up for. But there is a dark side to cookie use in the form of them tracking where you go.

The advice to anyone concerned about tracking through cookies is to use a good cookie clean-up utility and log out of sites you believe to be tracking you around the web. But in the case of Facebook it turns out that logging out of your account is not enough–Facebook continues to track you.

This is possible because when you log out of Facebook the associated cookies are not deleted off your machine. So, any site you visit that has a connection to Facebook e.g. the Like button that is now so common, will proceed to check if you have a Facebook cookie. If you do, it can pick up the information and know you’ve visited that site. This logged out tracking was discovered by the Australian writer and hacker Nik Cubrilovic and confirmed logging out is no longer enough.

On Nik’s post where he detailed his findings, Facebook engineer Gregg Stefancik took the time to respond in the comments section. The point he made is that yes, Facebook does track logged out users, but it has good reason to do so. When you log out, the remaining Facebook cookies become a different tool for the social network. Stefancik states they are useful for blocking spammers and phishers, stopping underage users from re-registering with a fake birth date, continuing to keep login approvals and notifications secure, keeping track of shared computer logins, and as a way of helping in the recovery of hacked accounts.

So while Facebook “tracking” when logged out of your account may seem like cause for concern, it in fact turns out to be part of a wider security effort for the social network. Stefancik also states that logging out of Facebook does delete “account-specific cookies” and those that are left do not allow for personal identity tracking. Stefancik’s main point is that Facebook does not share or sell the information it gathers, nor does it use the information for its own advertising or partners. In fact, he states that Facebook does not carry out any tracking at all, at least not in the usual way.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.