Facebook Tracking Logged Out Users: The Social Media Privacy Report


It is hard to avoid the word Facebook in the news recently. At the company’s F8 conference two weeks ago, the network announced big changes to the user experience: the new Timeline profile, partnerships with music streaming sites like Spotify and the “open graph” concept. All of these alterations will, of course, have large implications on user privacy and security on the social networking site. However, we found it hard to focus on these changes, when just a few days after the conference, an Australian hacker revealed a huge security issue: Facebook was enabling cookies that continued to track its users even after they had logged out of the site.

In his blog, on Sunday, September 25, Nik Cubrilovic wrote, “Even if you are logged out, Facebook still knows and can track every page you visit that has Facebook integrated.” As he further investigated the tracking, Cubrilovic realized that the only way for a user to be out of the eyes of Facebook’s scrutiny is to delete every Facebook cookie in your browser or use a separate browser for Facebook. Even scarier than this accusation, is that it is true: Facebook confirmed it to the Wall Street Journal.

The article explains how Facebook data collection really works: “When you log in to Facebook or visit Facebook.com without logging in, the site places small files called “cookies” on your computer. Some of these cookies remain on your computer even after you log out, and then whenever you visit a site that connects to Facebook – such as those with a “Like” button – information from those cookies is sent back to Facebook, providing a record of where you’ve been on the Web.” Facebook claims that they are not using this information to serve advertisements and that they also “scrub” the information out of their system. They also assert that they use the cookies to prevent phishing attacks.

After making the declaration that they should “be trusted,” as reported by CNET, Facebook ended up deleting many of these offending cookies. However, PCMag confirmed that not all cookies were removed and the ones that are still active are there primarily for security reasons. The article explains: “A cookie known as ‘datr,’ for example, helps identify suspicious login activity, while another called ‘lu,’ protects those using public computers.”

Users must decide which is more important: Facebook or their privacy and security?

Note: At this time this issue is still making breaking news. Facebook has been sued over the tracking of logged out users and also continues to track despite claims that the “bug” was fixed. According to Consumerreports.org, various privacy advocates and lawmakers are also calling for an FTC probe against the social network.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jillian Ryan

Jillian Ryan is PRIVATE WiFi's Director, Brand Communications and Social Strategy. With a passion for writing, the web, and fast-paced information exchanged via social networks, Jillian is also concerned about the ramifications of putting your life details and personal data into cyberspace. Follow her on Twitter: @Writing_Jillian.

3 Responses

  1. October 12, 2011

    […] inadvertently included unique identifiers when the user had logged out of Facebook. Similar to another case filed last week in California, the question is whether the courts should prohibit Facebook from tracking its users […]

  2. October 21, 2011

    […] and security concerns. Recent posts have included what we considered high priority issues: the network tracking logged out users , new features like the ticker and subscriptions and Facebook content being used for background […]

  3. December 2, 2011

    […] know that Facebook and Klout have been tracking both users and non-users; and Facebook, as well as LinkedIn, and other […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.