Facebook have been under fire this week for tracking logged out users. The company released an ‘emergency’ patch to remove this tracking feature. It would appear that Facebook claim it is a ‘bug’.
Nik Cubrilovic said that he found out that Facebook were loading personally identifiable cookies from logged out users when they visited other sites.
A Facebook spokesperson told tech news site thinq that they don’t track users. “Facebook does not track users across the web. No information we receive when you see a social plugin is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.”
Thinq have said that their claims are not accurate however, they add “Sadly, it appears that Facebook’s blanket denial wasn’t quite accurate – or, to put it another way, was a bare-faced lie.”
They then detail how Cubrilovic loaded a particular cookie held on logged out users systems which contains their full user ID. This in turn will allow the company to record when a user visits a third party site, even if they are logged out of Facebook at the time.
Nik’s blog page adds “I wrote a post two days ago about privacy issues with the Facebook logout procedure which could lead to your subsequent web requests to third-party sites that integrate Facebook widgets being identifiable and linked back to your real account. Over the course of the past 48 hours since that post was published we have researched the issue further and have been in constant contact with Facebook on working out solutions and clarifying behavior on the site.
My goal was to both identify bugs in the logout process and see that they are fixed, and to communicate with Facebook in getting some of the unanswered questions answered so that the Facebook using public can be informed of how cookies are used on the site – especially with regard to third-party requests.”
Kitguru says: Bug or genuine tracking?