Facebook Tracks You Even After Logging Out

by Asher Moses
September 26, 2011

Facebook cookie collection 'could be dangerous'!

A cyberlaw expert says third parties and advertisers

could abuse Facebook's practice - as claimed by a blogger -

of tracking online activity even after users log out of the social network

An Australian technologist has caused a global stir after discovering Facebook tracks the websites its users visit even when they are logged out of the social networking site.

Separately, Facebook's new Timeline feature, launched last week, has been inadvertently accessed by users early, revealing a feature that allows people to see who removed them from their friends' lists.

Facebook's changes - which turn profiles into a chronological scrapbook of the user's life - are designed to let its 800 million members share what they are reading, listening to or watching in real time.

But they have been met with alarm by some who fear over-sharing.

Causing a stir... Australian Nik Cubrilovic first spotted the tracking issue.

Photo: Flickr.com/e27singapore

Of course, Facebook's bottom line improves the more users decide to share.

Reports suggest that Facebook staff refer internally to "Zuck's law", which describes Facebook founder Mark Zuckerberg's belief that every year people share twice as much online - a trend that has caused Facebook's valuation to skyrocket towards $US100 billion.

"Facebook is a lot more than a social network and ultimately wants to be the premier platform on which people experience, organize and share digital entertainment," said Ovum analyst Eden Zoller.

But in alarming new revelations, Wollongong-based Nik Cubrilovic conducted tests, which revealed that when you log out of Facebook, rather than deleting its tracking cookies, the site merely modifies them, maintaining account information and other unique tokens that can be used to identify you.

Facebook founder Mark Zuckerberg shows off

the new Facebook profiles at the F8 conference last week.

Photo: AFP

Whenever you visit a web page that contains a Facebook button or widget, your browser is still sending details of your movements back to Facebook, Cubrilovic says.

"Even if you are logged out, Facebook still knows and can track every page you visit," Cubrilovic wrote in a blog post. "The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions."

Facebook's new Timelines feature

creates a chronological scrapbook of major events in your life.

Photo: AFP

Cubrilovic is working on a new unnamed start-up but has previously been involved with large technology blog TechCrunch and online storage company Omnidrive.

He backed up his claims with detailed technical information. His post was picked up by technology news sites around the world but Facebook has yet to provide a response to Fairfax Media and others.

David Vaile, executive director of UNSW's Cyberspace Law and Policy Centre, said Facebook's changes were a ''breathtaking and audacious grab for whole life data''.

In an email interview he accused the social networking site of attempting to ''normalize gross and unsafe overexposure''.

''While initially opt-in, the default then seems to be expose everything, and Facebook have form in the past for lowering protection after people get used to a certain level of initial protection - bait and switch,'' he said.

Stephen Collins, spokesman for the online users' lobby group Electronic Frontiers Australia, said he did not believe Cubrilovic's revelations would see people turn away from the site in droves but he hoped users became more engaged with the issue.

''Facebook, once again, are doing things that are beyond most users' capacity to understand while reducing their privacy. That's just not cool. I'd go so far as to say it's specifically unethical,'' he said.

Collins said the only reason he still uses Facebook is to help his 14-year-old daughter on the site. He said it took him an hour to lock down his profile to his satisfaction following the recent changes.

''It's just not good enough. The default setting for any site should be 'reveal nothing about me unless I make a specific choice otherwise','' he said.

Others have compared Facebook's changes to Bentham's panopticon - a design for a prison where the guards can see all inmates but where the inmates never know whether they're being watched.

The result, applied to Facebook, is that real-time sharing means we always feel like we're being watched and this then influences our behavior. Cubrilovic said he tried to contact Facebook to inform it of his discovery but did not get a reply.

He said there were significant risks to the privacy of users, particularly those using public terminals to access Facebook.

"Facebook are front-and-centre in the new privacy debate just as Microsoft were with security issues a decade ago," Cubrilovic said.

"The question is what it will take for Facebook to address privacy issues and to give their users the tools required to manage their privacy and to implement clear policies - not pages and pages of confusing legal documentation, and 'logout' not really meaning 'logout'."

The Australian Privacy Commissioner, Timothy Pilgrim, would not comment specifically on Cubrilovic's findings but said generally social networking sites need to clearly spell out when browsing information is being collected, the purposes for which it may be used and whether it will be disclosed to other organizations.

"Good practice would also be to allow for users to opt out of having it collected," said Pilgrim.

The findings come after technology industry observer Dave Winer declared Facebook was scaring him because the new interface for third-party developers allows them to post items to your Facebook feed without your intervention. This has been dubbed "frictionless sharing".

Meanwhile, Facebook's Timeline feature, which shows users a timeline of their activity on the site throughout the years, has not officially been switched on but many are using it already. Instructions can be found here.

But inadvertently or by design, the Timeline feature also lets people see which users had "unfriended" them by following a few simple steps:

Enable the new Timeline feature.

Pick a year in the timeline and locate the Friends box.

Click on "Made X New Friends".

Scroll through the list and when you see an "Add Friend" box, those are the people either you have unfriended or vice-versa.

However, it appears Facebook has now disabled this function, describing it to gadget blog Gizmodo as a "bug".

Finally, security researchers were quick to hose down a hoax that spread through the social network, claiming that Facebook was planning to start charging users for the new features.

Facebook Tracks Your Every Move

...Even After Logging Out
by Ethan A. Huff

staff writer
September 28, 2011
from NaturalNews Website

The social media empire Facebook has unveiled some new "features" on its platform in recent days that many allege are a total and compete privacy-breaching nightmare.

But one hidden feature, discovered by Nik Cubrilovic, an Australian entrepreneur and writer, that few people are aware of is the fact that Facebook now monitors your online activity, even when you are not logged in to the service.

With each new change Facebook makes, users' privacy becomes a little less... nonexistent, if you will. The most recent "News Feed" modifications, for example, display everything you say and do on the site to all of your "friends," and even to the public.

And now, even after logging out of Facebook, permanent "cookies" track all your movements on websites that contain Facebook buttons or widgets.

"Even if you are logged out, Facebook still knows and can track every page you visit," Cubrilovic wrote on a recent blog posting. "The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions".

But how many Facebook users will actually know to do this?

The site has never announced to its users that it is even tracking them in the first place, let alone given them any instructions on how to "opt-out" of this egregious invasion of privacy.

Facebook, of course, has become infamous for simply changing its site setup, including privacy settings, and leaving it up to users to figure out how to contain their breached information after the fact.

It has switched from an "opt-in" approach, where users used to be given the option to "upgrade" to new features, to a much more complicated "opt-out" approach, where Facebook makes drastic changes and leaves it up to users to somehow figure out how to change things back to the way they were (if such an option is even still possible).

"While initially opt-in, the default then seems to be expose everything," says David Vaile, executive director of the University of New South Wales (UNSW) Cyberspace Law and Policy Centre, concerning Facebook's "breathtaking and audacious grab for whole life data."

"Facebook, once again, are (sic) doing things that are beyond most users' capacity to understand while reducing their privacy... the default setting for any site should be 'reveal nothing about me unless I make a specific choice otherwise.'"

Return to Facebook and The Internet