Facebook Cookies Track Users Even After Logging Out

First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"

My sure fire plan

[Osgeld]

dont use facebook

The only winning move is not to play

[WCMI92]

Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.

This should surprise no one. I block their cookies in my browser and never intentionally go there.

I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".

Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...

the crux, I think

[Bill Dog]

From TFA:

This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?

Re:I though so...

[PopeRatzo]

It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

You better adjust your attitude, Mr Man. Those are the Job Creators you're talking about and you better start showing a little gratitude by letting them track your movements and have sex with your wife whenever they want.

Letting corporations fuck your privacy is the 2011 version of droit du seigneur.

Re:The only winning move is not to play

[WCMI92]

LOL. Moderated down by a Facebook lemming in denial no doubt. Go get your personal identity stolen. Go get your computer infected by a virus. The only thing Zuckerberg cares about is making as much money as he can off your information. Which is why he doesn't give a damn about security or keeping viruses off their web pages.

Re:My sure fire plan

[leoplan2]

smoke signals?

Re:It is even worse than that

[jbmartin6]

There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.

Re:My sure fire plan

[Truekaiser]

normal email, im(google, msn, aim.), irc, mobile texting, phones, and the ever useful face to face. :P

Re:The only winning move is not to play

[fartrader]

Not anti-customer at *all*. You are NOT their customer.

Re:Ghostery

[fferreres]

Because it's about privacy, not against social media? You decide what level of privacy you want, and the can use safely Facebook (or whatever)? Facebook privacy concerns are not connected with the usefulness of the site.

Re:My sure fire plan

[RobbieThe1st]

...Aside from the fact that as this story proves, they gather *other* information as well!
Personally, my plan is as follows:
1. No FB account. Period.
2. RefControl set to fake referrers for 3rd party sites, which means that any FB image buttons that load won't send back the URL of the page I'm visiting(Instead it'll send back the root of the site, xyz.facebook.com).
3. NoScript set to block 3rd party scripts by default, which blocks FB *scripts* from running.

And I *should* be deleting any FB cookies as well... but even if not, *all* they have is a list of the times a FB image has been loaded and my IP.

Re:My sure fire plan

[betterunixthanunix]

As a social protest, all it seems to accomplish is annoying your friends and family

Which, as antisocial as it sounds, I would say is a good thing. The last thing we need is for people to simply assume that everyone has a Facebook account, and since that is what a lot of people assume now, they need to be annoyed and reminded that not everyone is on Facebook. Why should someone like Mark Zuckerberg be able to exert so much control over how people communicate?

You don't have to "submit to the beast" - just use it for what's convenient.

Any communication on Facebook is submitting to the beast.

This is probably much more common than just...

[Artifakt]

...Facebook.
There is a lot of data that's exceptionally valuable for marketing, which companies can only get if they do tracking way beyond visits to their own web pages. That added value is perceived by advertising execs as literally enormous, so it should be assumed anyone who can implement this thinks they have a strong incentive. It's like, how common would bank robbery be if the penalty was 10 days in jail and the potential reward was a million dollars?

To see how, lets take an example. A company may pay a few cents per for a list of valid e-mail addresses. Now, link one of those addresses to the information that the possessor of that address definitely orders things on-line, and it's a little more valuable. Add that the things ordered on-line include prescription drugs, and it's worth more. Now how much is it worth linked to the information that the person is not yet ordering any antidepressants, but has just spent several hours searching several terms relating to depression? A list of e-mail addresses that fit those criteria is generally estimated to be worth about $ 250 US per entry by the pharmaceutical firms. With the right combinations of information sources, essentially a matter of asking the right questions, this sort of data is at least perceived to be the holy grail of targeted advertising. Personally, I assume that any for-profit that isn't looking for this sort of data is only avoiding it because they doubt the American Advertising Council's estimates of how much business it can drive, and not because they have a moral objection. Yeah, maybe some of them are genuinely being ethical, but I recognize that the sheer scope of the temptation is bound to make many of them cross the line, and it's time to be a little paranoid about privacy.