dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
15318
share rss forum feed


Khaine

join:2003-03-03
Australia

1 edit

Facebook Cookie Tracks Users Even When They are Logged Out

quote:
Dave Winer wrote a timely piece (see »scripting.com/stories/2011/09/24···gMe.html) this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.

The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.
From »nikcub-static.appspot.com/loggin···t-enough

quote:
To block Facebook from following you, you need to delete all Facebook-related cookies after logging out. You may also be able to use AdBlock Plus to block Facebook, with the following rules, as reported on Hacker News:

facebook.com^$domain=~facebook.com ~facebook.net|~fbcdn.com|~fbcdn.net
facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

Scary stuff


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..

Re: Facebook Cookie Tracks Users Even When They146;re Logged Out

That is scary. A conspiracy theorist would be suggesting that Facebook is nothing more than a government coverup to tract its citizens -- and those of the world -- movements on the internet.

Well, really couldn't say I'd 100% agree on that. If you have to use a different browser for Facebook...not good.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein



Khaine

join:2003-03-03
Australia

said by J E F F:

That is scary. A conspiracy theorist would be suggesting that Facebook is nothing more than a government coverup to tract its citizens -- and those of the world -- movements on the internet.

Big data is big business these days. See »papers.ssrn.com/sol3/papers.cfm?···=1926431


state
stress magnet
Premium,Mod
join:2002-02-08
Purgatory
kudos:6
reply to Khaine

Re: Facebook Cookie Tracks Users Even When They are Logged Out

Did you see the comments from a 'Facebook Engineer'?

I’m an engineer who works on login systems at Facebook. Thanks, again for raising these important issues. We haven’t done as good a job as we could have to explain our cookie practices. Your post presents a great opportunity for us to fix that. At the same time, your post reaches some incorrect conclusions that I hope to clarify.

Generally, unlike other major Internet companies, we have no interest in tracking people. We don’t have an ad network and we don’t sell people’s information. As we state in our help center (»www.facebook.com/help/?..., “We do not share or sell the information we see when you visit a website with a Facebook social plugin to third parties and we do not use it to deliver ads to you.”

Said more plainly, our cookies aren’t used for tracking. They just aren’t. Instead, we use our cookies to either provide custom content (e.g. your friend’s likes within a social plugin), help improve or maintain our service (e.g. measuring click-through rates to help optimize performance), or protect our users and our service (e.g. defending denial of service attacks or requiring a second authentication factor for a login from a suspicious location).

The logged out cookies, specifically, are used primarily for safety and security protections, including:
- Identifying and disabling spammers and phishers
- Disabling registration if an underage user tries to re-register with a different birth date
- Helping people recover hacked accounts
- Powering account security features, such as login approvals and notifications
- Identifying shared computers to discourage the use of “Keep me logged in.”

Most of the cookies that you highlight have benign names and values. For example, the “locale” cookie is simply user’s language and country. I do understand some of the confusion around the ‘act’ and ‘lu’ cookies. The poorly named ‘act’ cookie is a UNIX timestamp with milliseconds and a sequence number that we use to measure and optimize the speed of the site (‘act’ is an abbreviation for “action”). We use the ‘lu’ cookie to identify public computers and discourage the checking of the keep me logged in box. On single user computers, we use the ‘lu’ cookie to prefill your facebook e-mail address on the login screen if you have *not* explicitly logged out.

We also maintain a cookie association between accounts and browsers. This is a key element of our phishing protections. However, contrary to your article, we do delete account-specific cookies when a user logs out of Facebook. As a result, we do not receive personally identifiable cookie information via HTTP Headers when these users browse the web.

Finally, we’ve confirmed that we don’t, and never have, used cookies to suggest friends. If you send us the user IDs of the test accounts you created, I’m happy to investigate further.

Again, my apologies that your previous concerns were not addressed. Since your reports, we’ve introduced a bug bounty program to streamline and reward whitehat security reports (»www.facebook.com/note.p.... I hope this more secure and reliable channel will be useful for you. We really hope you’ll continue to let us know about issues you see.

I hope these clarifications were helpful. Please let me know if you’d like to discuss further.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

And you believe that crap? That is total BS. Of course, Facebook tracks with cookies. Facebook is the most evil site on the net.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5
Reviews:
·Comcast
reply to Khaine

As far as I know all cookies track, the data gathered is usually written in the TOS though the ones that read security advisers a lot would realize some actually gather more. Facebook is taking it one step further by publishing the data gathered. I wonder about session cookies?


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 recommendation

reply to Mele20

said by Mele20:

Facebook is the most evil site on the net.

More evil than, say, websites that exist to recruit people to the terrorist cause?


state
stress magnet
Premium,Mod
join:2002-02-08
Purgatory
kudos:6
reply to Mele20

said by Mele20:

And you believe that crap?

I never said that, but I thought it was an interesting rebuttal. Specifically the "logged out cookies", and to what extent they actually help with the security countermeasures he mentions.


CS AnonStyle

@verizon.net
reply to Khaine

»support.microsoft.com/kb/278835/EN-US

Guys, get a life. They're cookies, not the Plague...



carpetshark3
Premium
join:2004-02-12
Idledale, CO
reply to state

How much of this does Noscript block?
facebook.com^$domain=~facebook.com ~facebook.net|~fbcdn.com|~fbcdn.net
facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

I rarely use FB, but only see one Facebook and one FBCDN listed in the Noscript menu. I have to allow, then forbid when through.


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to Mele20

 

Yes it sure is!!!!!

People say "they are scared??"

WELL THEN,STOP BEING BRAINWASHED AND GET OFF THAT STUPID SITE!!!!!!!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Khaine

Re: Facebook Cookie Tracks Users Even When They are Logged Out

Facebook: 'We don't track logged-out users'

quote:
Facebook has attempted to shoot down claims that it leaves cookies on users' machines even after they log out of the social network. The response came after an Australian blogger alleged the site can still snoop on your web surfing after you've signed out.

Nik Cubrilovic, concerned about Facebook's approach to privacy, said that logging out doesn’t make a blind bit of difference, adding that Facebook still has ways to potentially track your behavior.

Cubrilovic’s conclusion after examining the behavior of Facebook’s cookies is simple: “Even if you are logged out, Facebook still knows and can track every page you visit.”

This is because instead of telling browsers to remove cookies when users log out, Facebook merely "alters" the state of those little parcels of data – including the cookie that stores your account number.
More


Skipdawg
The Original
Premium,ExMod 2001-03
join:2001-04-19
Mount Vernon, WA
reply to Khaine

shoot if you have a problem with that 2 easy option delete the cookie or leave Facebook. LOL


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

said by Skipdawg:

shoot if you have a problem with that 2 easy option delete the cookie or leave Facebook. LOL

No, it is NOT easy. They are addicted and addiction is very difficult to overcome and addicted personalities have to be forever vigilant so they don't become addicted to something else after mastering their current addiction.

Then there are those who are on Facebook only because they don't have the courage to tell friends and family to f**k off about them not being on Facebook (or leaving it) and they are afraid to confront family and friends with their addiction so they take the easy way out which is have a Facebook account and try to make it as limited as possible. You can't do that though. You really should not use the Internet at all for social connections. You will always get screwed if you do that.

There are also those on Facebook because that seems to be the only way to get the attention of many businesses these days. That is REALLY SCARY. I was just told, from Samsung that if I want support from them that I must use Twitter or Facebook as email support goes unnoticed and support at boards also goes unnoticed generally. That is utter crap and the kind of thing that happens when there is mass addiction to something.

Further, how do you know Facebook cookies are not some type of Supercookies that can't be "deleted"?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


state
stress magnet
Premium,Mod
join:2002-02-08
Purgatory
kudos:6

5 recommendations

said by Mele20:

You really should not use the Internet at all for social connections

You mean like posting on a message board?


90115534
Someone is sabotaging me.Finding out who
Premium
join:2001-06-03
Kenner, LA
reply to Khaine

That is to be expected. Now I know why I love having a cookie timer! Even though I may not use Facebook who's telling if any other place does this you know?



Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink
reply to Mele20

said by Mele20:

And you believe that crap? That is total BS. Of course, Facebook tracks with cookies. Facebook is the most evil site on the net.

lawl
--
Are you now or have you ever been a member of the Islamic religion?


carpetshark3
Premium
join:2004-02-12
Idledale, CO
reply to Mele20

said by Mele20:

said by Skipdawg:

shoot if you have a problem with that 2 easy option delete the cookie or leave Facebook. LOL

No, it is NOT easy. They are addicted and addiction is very difficult to overcome and addicted personalities have to be forever vigilant so they don't become addicted to something else after mastering their current addiction.

Then there are those who are on Facebook only because they don't have the courage to tell friends and family to f**k off about them not being on Facebook (or leaving it) and they are afraid to confront family and friends with their addiction so they take the easy way out which is have a Facebook account and try to make it as limited as possible. You can't do that though. You really should not use the Internet at all for social connections. You will always get screwed if you do that.

There are also those on Facebook because that seems to be the only way to get the attention of many businesses these days. That is REALLY SCARY. I was just told, from Samsung that if I want support from them that I must use Twitter or Facebook as email support goes unnoticed and support at boards also goes unnoticed generally. That is utter crap and the kind of thing that happens when there is mass addiction to something.

Further, how do you know Facebook cookies are not some type of Supercookies that can't be "deleted"?

So someone else finally noticed about businesses. Samsung, Truphone and a couple of others do the same. I have everything set to friends and private. I have 2 former co-workers that I miss.
The rest of my family either isn't interested or not computer literate.
Some had no idea who I was until I posted a pic of my Snowshoe cat.


gordoco

join:2004-06-05
Boulder, CO
reply to J E F F

Re: Facebook Cookie Tracks Users Even When They146;re Logged Out

said by J E F F:

That is scary. A conspiracy theorist would be suggesting that Facebook is nothing more than a government coverup to tract its citizens -- and those of the world -- movements on the internet.

You must have missed this news report:

»www.youtube.com/watch?v=ZJ380SHZvYU



J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1

Time to fire off that video to all my Facebook friends, since 95% will believe.



ashrc4
Premium
join:2009-02-06
australia
reply to Skipdawg

Re: Facebook Cookie Tracks Users Even When They are Logged Out

said by Skipdawg:

shoot if you have a problem with that......

Well yes, the biggest problems seems to be able to engage people with all the unanswered questions.
Such as:
Why do people find it acceptable to allow Facebook to engage in tracking users all over the internet?

"With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook"
»nikcub-static.appspot.com/loggin···t-enough

This is personally indentifying you and your facebook profile to build an even more accurate and personal profile.

Has Facebook stated to what extent? Like for what purpose? Do you really think that it's just so they can serve up more targeted adds to users?

Where is all this heading?
An internet that is radiacally changing should not be dictated by corporate entities on this scale.
Login-out should be just that....Not just another excuse to own and shape users with hidden agenders that keep creating new acceptable norms nor lame reply posts that don't address the issues or fundamental questions.
--
Paradigm Shift beta test pilot. "Now is the not right time to stop folding."

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Khaine

So facebook is now allowing you to stop others from tagging your name on photos? That is what I just heard on the news. Plus, there were interviews with Facebook users saying they are addicted and can't leave but want to do so.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


GuruGuy

join:2002-12-16
Atlanta, GA
reply to Khaine

»nakedsecurity.sophos.com/2011/09···security
--
GuruGuy



ashrc4
Premium
join:2009-02-06
australia

Seems to be watering down the impact of this somewhat.
Even this site has a Facebook "Like button".
Narrows down anon status etc.
--
Paradigm Shift beta test pilot. "Now is the not right time to stop folding."

GuruGuy

join:2002-12-16
Atlanta, GA

said by ashrc4:

Seems to be watering down the impact of this somewhat.
Even this site has a Facebook "Like button".
Narrows down anon status etc.

The user comments at the bottom somewhat point that out to the author.
--
GuruGuy


ashrc4
Premium
join:2009-02-06
australia

said by GuruGuy:

The user comments at the bottom somewhat point that out to the author.

"Seems to be watering down the impact of this somewhat."
To clarify i meant comparing apple to the millions of Facebook "Like Button" affiliates.
--
Paradigm Shift beta test pilot. "Now is the not right time to stop folding."

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to ashrc4

Yeah, but if this site was in Schleswig-Holstein, one of the federal states of Germany, it would be under German orders to REMOVE the Facebook link by Sept 30, 2011 or face further fines and sanctions. This ruling is expected to be extended not only to ALL of Germany but to all of EU. This should yank Facebook's chain nicely and just might set a very late to the party fire under the USA to put a stop to the gross privacy violations of Facebook.

"The Data Protection Commissioner’s Office (Independent Centre for Privacy Protection - ULD) calls on all institutions in the federal state
of Schleswig-Holstein, Germany to shut down their fan pages on Facebook and remove social plug-ins such as the “like”-button from their websites. After a thorough legal and technical analysis ULD comes to the conclusion that such features are in violation of the German Telemedia Act (TMG) and of the Federal Data Protection Act (BDSG), respectively the Data Protection Act of Schleswig-Holstein (LDSG SH).

By using the Facebook service traffic and content data are transferred into the USA and a qualified feedback is sent back to the website owner concerning the web page usage, the so called web analytics (Ger.: Reichweitenanalyse). Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years. Facebook builds a broad individual and for members even a personalised profile. Such a profiling infringes German and European data protection law. There is no sufficient information of users and there is no choice; the wording in the conditions of use and privacy statements of Facebook does not nearly meet the legal requirements relevant for compliance of legal notice, privacy consent and general terms of use."

So, even non-facebook members who visit the site to read (not post) a support page by their TV manufacturer or some other business can expect to be tracked for TWO YEARS unless they use software like the Proxomitron that filters out webbugs.

»www.datenschutzzentrum.de/presse···k-en.htm
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Khaine

Facebook confirms ‘Like’ data collection, will fix three cookie-related issues within 24 hours

quote:
Facebook has confirmed that the way it collects information from its users may result in the transmission of user data from third-party websites, even when they are logged out, but has asked for users to trust the company and will fix a total of three cookie-related issues within the next 24 hours.
More at Link


carpetshark3
Premium
join:2004-02-12
Idledale, CO

Another item to annoy anti-FB users (me included)
»www.thinq.co.uk/2011/9/27/spotif···og-join/

So if you want Spotify - you are screwed. (I don't)



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

this should be its own thread.