Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Cookies Track Users Even After Logging Out

samzenpus posted more than 3 years ago | from the sticking-with-you dept.

Facebook 352

First time accepted submitter Core Condor writes "According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog: 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.' After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'"

Sorry! There are no comments related to the filter you selected.

My sure fire plan (4, Insightful)

Osgeld (1900440) | more than 3 years ago | (#37510286)

dont use facebook

Re:My sure fire plan (4, Funny)

betterunixthanunix (980855) | more than 3 years ago | (#37510446)

But but but we need Facebook. How else are we supposed to communicate with our friends?

Re:My sure fire plan (2, Insightful)

leoplan2 (2064520) | more than 3 years ago | (#37510514)

smoke signals?

Re:My sure fire plan (1, Insightful)

Truekaiser (724672) | more than 3 years ago | (#37510608)

normal email, im(google, msn, aim.), irc, mobile texting, phones, and the ever useful face to face. :P

Re:My sure fire plan (0)

Anonymous Coward | more than 3 years ago | (#37510632)

the ever useful face to face

What app is that? Never heard of this protocol, F2F.

Re:My sure fire plan (1)

WalrusSlayer (883300) | more than 3 years ago | (#37510620)

But but but we need Facebook. How else are we supposed to communicate with our friends?

Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround! Mind-boggling...

Re:My sure fire plan (3, Funny)

syousef (465911) | more than 3 years ago | (#37510706)

But but but we need Facebook. How else are we supposed to communicate with our friends?

Sadly, while this was meant in jest, there is at least one person we know that fits this description. Leave voicemail or send email all you want, and it goes into a black hole. Send her a message on Facebook? Two hour turnaround!

Mind-boggling...

I'd respond to that but I can't find the "Like" button.

Re:My sure fire plan (3, Informative)

The Good Reverend (84440) | more than 3 years ago | (#37510712)

There actually is no better way for me to communicate with some groups of friends than Facebook. In a group, some people rely on txts, some on email, some on FB itself. The group can collaborate, share links and between themselves easily, and easily communicate, even if they're not friends with each other.

Of course there are other ways to do this, and in a business environment most people will all have some software to do this (likely at a price). But if I'm throwing a birthday party or getting my family together, there is no better tool than Facebook.

Re:My sure fire plan (0)

Anonymous Coward | more than 3 years ago | (#37510534)

You know what my sure fire plan is?

Not caring. Life's too short to worry about which advertising company has information on you. Your information is out there whether you like it or not. [google.com]

Re:My sure fire plan (0)

Anonymous Coward | more than 3 years ago | (#37510650)

You and 90% of the population. Exactly what these kinda-sorta-evilcorps are counting on.

Re:My sure fire plan (1)

psiclops (1011105) | more than 3 years ago | (#37510562)

i'm not so sure even that is a sure fire plan anymore.

Re:My sure fire plan (2)

E.I.A (2303368) | more than 3 years ago | (#37510578)

If I could mod this comment to the moon, I'd do it. I think the Onion explained it better than anyone else: http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/ [theonion.com]

Re:My sure fire plan (0)

Anonymous Coward | more than 3 years ago | (#37510654)

What kind of dumbass thinks Facebook wouldn't track them? There is one and only one time that Facebook won't track you: when it is physically/technically impossible for them to do so. Any other time, yes they will, stop acting so shocked. They would hire a private investigator to physically follow you around everywhere you go if it was cheap enough. They would hire a peeping tom to look in your windows while you change clothes if it was legal. They would intercept your sewage line and examine your feces to figure out what you like to eat if it was economical for them to do it. Quit acting like each new instance is some startling revelation. It isn't. Not even for Bovine America.

Thinking Facebook would miss a chance to track you is like saying Democrats would miss a chance to raise taxes using whatever excuse is trendy at the moment (environmentalism, wealth envy, etc). It's like saying Microsoft doesn't want to be a monopoly. It's like saying that black people would turn down fried chicken. It's like saying the average American is too skinny. It's like saying Republicans hate businesses and would never start a pointless overseas war. It's like saying politicians always tell the truth and care about you as a person. It's like saying Monsanto is an ethical corporation. It's like saying patent trolls produce something of value. It's like saying the RIAA and MPAA hate copyright. I think I've made my point.

Things act according to their nature. Realize that and you are really, really fucking difficult to surprise.

Ditto (3)

jhd (7165) | more than 3 years ago | (#37510592)

Don't use Facebook with prejudice.
Avoid it like you would the black plague.
Purge it from your mind... face-wut?
It can only make you stupid.

Re:My sure fire plan (1)

digitallife (805599) | more than 3 years ago | (#37510626)

Are you sure that works?
What's stopping any Facebook widget site from placing a cookie on your machine and tracking you? Sure they may not know who you are, but they can still collect all the same data. I don't know if they do this, but the whole Facebook network scares me.

Re:My sure fire plan (1)

Tsingi (870990) | more than 3 years ago | (#37510716)

NoScript

Re:My sure fire plan (0)

Anonymous Coward | more than 3 years ago | (#37510666)

Maybe we should stop having friends and a social life too.

Re:My sure fire plan (1)

masternerdguy (2468142) | more than 3 years ago | (#37510690)

I agree, I refuse to participate in the social networking cesspool.

Does EasyPrivacy Thwart this? (1)

stickyboot (845510) | more than 3 years ago | (#37510288)

I run Adblock Plus/Adblock with the EasyList and EasyPrivacy list subscriptions on all of my browsers (Firefox and Webkit based browsers). Does anyone know if this will effectively thwart these tracking cookies?

Re:Does EasyPrivacy Thwart this? (1)

Anonymous Coward | more than 3 years ago | (#37510300)

No, but you can also run Ghostery on top of that all. I haven't bothered to check if it actually works, but it seems to correctly list all facebook shenanigans on third-party pages. It also claims to block them cookies.

Re:Does EasyPrivacy Thwart this? (2)

That Guy From Mrktng (2274712) | more than 3 years ago | (#37510492)

How is this news anyway? FB have been doing it since the facebook social plugins took over, more than a year.

How hard is to set up a Firefox session exclusive for the use of this social media stuff? really? its faster and convenient that stacking layers and layers of blockers in the way of your everyday browsing. Or use different browsers for each task. Suckerberg sure it's amused by the time and effort some people put into staying away from facebook tracking WHILE having a facebook account.

Protip: The more you try to hide what you do, the more someone would try to see what you're hiding. You think trackers don't have a special table in the database for "tin_foil_subset"? right.

Re:Does EasyPrivacy Thwart this? (2)

fferreres (525414) | more than 3 years ago | (#37510624)

>How hard is to set up a Firefox session exclusive for the use of this social media stuff?

I don't know, but that is a great idea: to have a list of sites that you always want to be used in private mode. This calls for not completely separating private mode from normal mode (w/Firefox, it closes all other normal Windows until you stop private mode).

I imagine this functionality like how IE works. A small icon will tell you if the tab is in "private mode" (or sandboxed), and you can create rules to match the sites you want in this mode.

I'd really use something like that. I've read about many that trying to avoid being tracked calls for more attention, so better not do it. That point of view is totally flawed. Privacy has nothing to do with hiding, but with others not allowed to spy on you unwarranted. Just like a robot.txt doesn't want indexing. Just like how you use clothes everywhere but your house (or the bath). Just like you don't always use the speakerphone while traveling. If you want privacy, and they find ways around, the analogy is to someone that is using IR cameras to "see behind clothes". It should be punished severely to spy on people.

Re:Does EasyPrivacy Thwart this? (1)

fferreres (525414) | more than 3 years ago | (#37510640)

> I imagine this functionality like how IE works.

Sorry, I meant "IE Tab" of course.

Re:Does EasyPrivacy Thwart this? (1)

Larryish (1215510) | more than 3 years ago | (#37510358)

Got tired of slow loading Facebook apps on unrelated web pages, so I added a rule to Adblock for Facebook:

*facebook*

Since then, no problems.

haha, you still have problem (2)

rubycodez (864176) | more than 3 years ago | (#37510406)

don't forget fbcdn.net and fb.com, maybe others

Re:Does EasyPrivacy Thwart this? (1)

mercnet (691993) | more than 3 years ago | (#37510470)

I been using Facebook Blocker add-on for Chrome (works with Firefox, etc) and I assume it is working behind the scenes: http://webgraph.com/resources/facebookblocker/ [webgraph.com]

Re:Does EasyPrivacy Thwart this? (1)

digitig (1056110) | more than 3 years ago | (#37510642)

Of course, Facebook Blocker can access your activity on all websites, not just the ones with a Facebook button...

Re:Does EasyPrivacy Thwart this? (1)

izomiac (815208) | more than 3 years ago | (#37510674)

Adblock has a filter subscription called Antisocial that should work. ABE Filters with NoScript work nicely, even if you don't block scripts with it otherwise. NoScript can also do it through ABE:

Site facebook.com *.facebook.com facebook.net *.facebook.net fbcdn.com *.fbcdn.net fbcdn.net *.fbcdn.net
Accept from *.facebook.com
Accept from *.facebook.net
Accept from *.fbcdn.com
Accept from *.fbcdn.net
Deny

I also use ABE to restrict Google scripts in a futile attempt to keep them from knowing everything about me, but that's a more complex filter since there are legitimate non-tracking scripts [google.com] they provide. Or at least I assumed those are non-tracking... Crap, now I'm going to have to figure out some redirection work around...

I though so... (5, Interesting)

gemtech (645045) | more than 3 years ago | (#37510290)

a week ago I went to a website and it asked me (by my name) if I wanted to follow them on Facebook. I was not logged into Facebook at the time.

Re:I though so... (1)

jhoegl (638955) | more than 3 years ago | (#37510318)

It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

WOOOWOOO!

Re:I though so... (5, Insightful)

PopeRatzo (965947) | more than 3 years ago | (#37510490)

It sure is great Corporatization took over the interwebs, now not only do we have the government spying on our packets, we have corporations wanting to know what we do as well.

You better adjust your attitude, Mr Man. Those are the Job Creators you're talking about and you better start showing a little gratitude by letting them track your movements and have sex with your wife whenever they want.

Letting corporations fuck your privacy is the 2011 version of droit du seigneur.

Re:I though so... (2)

Kenja (541830) | more than 3 years ago | (#37510536)

They can only keep track of the information you willingly give them. If you really thought Facebook was a charity, thats your own fault. If you realized they are a for profit organization, how did you think they made your money if not with the information you provide them?

Re:I though so... (1)

jhoegl (638955) | more than 3 years ago | (#37510662)

You think just Facebook is doing this?

Perhaps you should see what your ISP is doing.

Re:I though so... (1)

mfnickster (182520) | more than 3 years ago | (#37510320)

That's because FB social plugins are Facebook. They are run from FB servers and are like mini-sites built into Yathoo! etc. It shouldn't be surprising that if you stay logged in to FB, their proxies on other sites will know who you are.

Re:I though so... (1)

psiclops (1011105) | more than 3 years ago | (#37510580)

I was not logged into Facebook at the time.

Re:I though so... (1)

mariasama16 (1895136) | more than 3 years ago | (#37510616)

However, if you're NOT logged into Facebook.... (as GP said they were not logged in).

It is even worse than that (2)

frovingslosh (582462) | more than 3 years ago | (#37510522)

I've looked at my web traffic lately and see an awful lot of traffic to Facebook when I go to other sites. And it is not that I'm just "logged out" of Facebook, I don't have a Facebook account and never have (and never will). There is no valid reason for this traffic between me and Faceook. The next step may be to put a bad link for Facebook in my Hosts file.

Re:It is even worse than that (4, Insightful)

jbmartin6 (1232050) | more than 3 years ago | (#37510568)

There is no such thing really as "other sites." Your browser loads bits and pieces from all over the place on practically every page you visit, such as ads, 'like' and 'share' buttons, etc. And each of these requests to different sites for all these bits and bobs on the page carries information on what site you think you are visiting, etc. This is standard web browser behavior. When you load that little button or thingie from facebook.com your browser tells Facebook what page you loaded it from and also helpfully sends along any cookies it has for Facebook.com domain. This is by no means unique to Facebook, you could find the same thing with reddit, digg, google, or any other site that has bits and pieces being loaded as part of other people's pages.

yea I know how HTML works (1)

frovingslosh (582462) | more than 3 years ago | (#37510636)

Thanks for the lecture, but I know how HTML works. Obviously I'm not surprised by all of those fetches from Google as sites get ads from them or links to a video source when I load a page with embedded video. But I'm seeing this over and over again when I load pages that don't even have a visible reference to Facebook on them. Clearly they are getting sites to embed something that references Facebook, but the extra traffic it costs me seems to be for Facebook's benefit, not mine. Time to block it.

Re:I though so... (0)

Anonymous Coward | more than 3 years ago | (#37510618)

Well I've now changed my name on facebook to "Orange Juice" and removed my phone number, work and school information. Makes it hard to convince someone to add me as I still use it, but it obfuscates it by one step. Even though I don't have any doubts that it still knows all my information that I put into it before. I didn't join Google + for the link to my real name and changing it would change my Gmail display name...

Golden Girls! (-1)

Anonymous Coward | more than 3 years ago | (#37510292)

Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.

And if you threw a party
Invited everyone you ever knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.

!news (1)

betterunixthanunix (980855) | more than 3 years ago | (#37510298)

As if anyone could have been surprised by this, didn't Slashdot already cover this story?

Fun way to screw with somebody (0)

Anonymous Coward | more than 3 years ago | (#37510302)

Just find out their cookie, set your cookie to match, browse (and maybe like, I don't use facebook so I don't know if you have to be logged in to like something) some marginal stuff or competitors pages etc.

As an aside, I swear this was already common knowledge, at least at /.

Thanks for this Slashdot! (1)

arcite (661011) | more than 3 years ago | (#37510316)

I just did a search in Firefox to delete all Facebook cookies. Yum!

Uh Duh! Why is this a surprise? (0)

Anonymous Coward | more than 3 years ago | (#37510332)

If you have the personalization feature enabled this will happen, what the hell did you think would happen? And yea if you dont want to be tracked clear your damn cookies

Re:Uh Duh! Why is this a surprise? (1)

hedwards (940851) | more than 3 years ago | (#37510384)

I don't have much sympathy for FB users when it comes to privacy. However, I do have a great deal of sympathy for folks like myself that have to go out of our way not to be tracked by FB, even though we don't have an account. If we wanted to be tracked or consented, we'd probably create an account.

Re:Uh Duh! Why is this a surprise? (1)

dingen (958134) | more than 3 years ago | (#37510404)

You are being tracked by Facebook, whether you have an account or not. Every time you see a FB like button on a website (any website), Facebook learns something about you.

Personally, I'm not suprised.. (0)

Anonymous Coward | more than 3 years ago | (#37510334)

This is the same company who's official android application seems to touch my gps info at least once when I open the application.

Just Drop Them On Logout (2)

Greyfox (87712) | more than 3 years ago | (#37510342)

You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.

Re:Just Drop Them On Logout (1)

rsborg (111459) | more than 3 years ago | (#37510396)

You can configure firefox privacy options to drop most cookies when you log out. I trust a few sites to persist cookies in my browser, everyone else my browser accepts cookies from and quietly drops them on the floor when I exit. I don't know that it helps all that much but it's not that much effort to make it harder to snoop around at what I'm browsing.

Your solution fails when dealing with Flash cookies, as those can't be removed via the browser, only through the Adobe Flash interface. This also explains why Facebook is so interested in Disqus and IntenseDebate market... they want to profiile everyone all the time.

Re:Just Drop Them On Logout (1)

bipbop (1144919) | more than 3 years ago | (#37510532)

Your knowledge is out-of-date. In fact, the Flash shared objects are annoyingly deleteable these days--since they now disappear when people clear browser history or cookies, or in any other number of circumstances, people have been deleting their saves for Flash games and getting irritated at authors of said games for not being able to work around it. Damned if you do, damned if you don't.

Re:Just Drop Them On Logout (1)

tepples (727027) | more than 3 years ago | (#37510678)

people have been deleting their saves for Flash games and getting irritated at authors of said games for not being able to work around it.

Once the player turns 13 (COPPA age), the player can create an account on the game's server to save the player's progress there.

Ghostery (1, Informative)

schnikies79 (788746) | more than 3 years ago | (#37510352)

http://www.ghostery.com/ [ghostery.com]

For everyones reference, it's currently blocking facebook connect here on slashdot.

Re:Ghostery (2)

Nethead (1563) | more than 3 years ago | (#37510422)

Why does Ghostery's home page have a "Friend me on Facebook" link?

Re:Ghostery (1)

bishopBelloc (1751712) | more than 3 years ago | (#37510476)

I've been using incognito [orbicule.com] for Safari for a while now, but it looks like ghostery might be more comprehensive. I'll have to check it out. Thanks.

Re:Ghostery (0)

Anonymous Coward | more than 3 years ago | (#37510692)

Use this: http://disconnect.me/
- Disables third-party tracking
- Truly depersonalizes searches
- Shows blocked requests
- Allows easy unblocking

Disconnect is available for Firefox, Chrome, and Safari

Jokes On Him (0)

Anonymous Coward | more than 3 years ago | (#37510354)

I want Facebook to track my every move!

We should know this (1)

Teun (17872) | more than 3 years ago | (#37510360)

This is not the first message on Slashdot about this phenomena.

And like the previous time Ghostery is the preferred plug in to suppress it.

Public computers (0)

Anonymous Coward | more than 3 years ago | (#37510372)

So if you use Facebook on a public computer (not all of which allow you to delete cookies), everyone using it after you will be greeted with your name etc and browse in your stead until someone else is stupid enough to use it to log in to Facebook. That's just wonderful.

The only winning move is not to play (3, Insightful)

WCMI92 (592436) | more than 3 years ago | (#37510376)

Facebook is a website I refuse to have any relationship with. I do not have an account, nor will I EVER have an account. Their management is easily the most evil and anti-customer in the industry, constantly taking actions against their user's best interest.

This should surprise no one. I block their cookies in my browser and never intentionally go there.

I keep trying to tell the lemmings I know who pour their intimate personal information into Facebook that it is foolish to do so. The website's name should be "InfectMyPCWithAVirus.COM", or "StealMyIdentity.COM".

Zuckerberg better sell the damn thing before the inevitable class action lawsuit consumes the millions he's made off exploiting his customers. Of course, I hope he doesn't, he is one asshole I would very much love to see bankrupted and forced to get an honest job somewhere. I bet he ends up at Sony, developing rootkits...

Re:The only winning move is not to play (1)

mr_lizard13 (882373) | more than 3 years ago | (#37510430)

I knew it - Tom from MySpace does have a Slashdot account!

Re:The only winning move is not to play (0)

Anonymous Coward | more than 3 years ago | (#37510496)

Ahh, so this is what happens when someone lives their life as if every Slashdot headline is the literal truth.

Re:The only winning move is not to play (0)

Anonymous Coward | more than 3 years ago | (#37510498)

Actually Facebook has the greatest customer service of any advertising agency I've ever used. Of course, the consumer is not the customer, so facebook doesn't give a rats ass what you think about their privacy policy. The only thing they care about is pushing the limits of the law until they get hit and from my advertising agents, it's exactly what I want.

Your's Trully - Corporate Greed

Re:The only winning move is not to play (1, Insightful)

WCMI92 (592436) | more than 3 years ago | (#37510508)

LOL. Moderated down by a Facebook lemming in denial no doubt. Go get your personal identity stolen. Go get your computer infected by a virus. The only thing Zuckerberg cares about is making as much money as he can off your information. Which is why he doesn't give a damn about security or keeping viruses off their web pages.

Re:The only winning move is not to play (0)

Anonymous Coward | more than 3 years ago | (#37510528)

Users are not the customers of Facebook.

Re:The only winning move is not to play (1)

Truekaiser (724672) | more than 3 years ago | (#37510644)

if i could mod you up i would. YOU are not the customer to Facebook. YOU are what Facebook sells to advertisers. From everything you put into your page to who you friend etc.

Re:The only winning move is not to play (2, Insightful)

fartrader (323244) | more than 3 years ago | (#37510672)

Not anti-customer at *all*. You are NOT their customer.

Confused... (2)

Goose In Orbit (199293) | more than 3 years ago | (#37510390)

So... facebook.com sets a cookie...

Site B has Facebook Like button - which presumably is sourced from facebook.com

And you're surprised that they don't check your cookies when sending the icon???

Where's the story?

Re:Confused... (1)

betterunixthanunix (980855) | more than 3 years ago | (#37510460)

The story is old, but it is this: Facebook can and does track your activity across the web, not just on facebook.com. People who would prefer to not be tracked in this manner have no way to opt-out and nobody is talking about making it opt-in. Since most people do not care about their privacy on the web, Facebook will continue to get away with this sort of behavior.

Re:Confused... (1)

LordLucless (582312) | more than 3 years ago | (#37510494)

Actually, yes they do. It's called "not accepting the cookie". Just because they've got their browser set to automatically accept every cookie ever sent to them doesn't mean they have no possible way to opt-out.

Re:Confused... (1)

Goose In Orbit (199293) | more than 3 years ago | (#37510554)

The likes of Doubleclick were doing this a decade ago - it's not new(s)

This is news? (0)

Anonymous Coward | more than 3 years ago | (#37510398)

Websites have been doing this for well over a decade. Stats companies like WebSideStory pioneered the technique, and you can simply assume that any cross-site widgets on the Web in 2011 are doing exactly the same thing. Every single one of them. If you care, turn off third-party cookies and have your browser delete all cookies whenever it closes. You can whitelist sites as necessary from there.

Third-Party cookies (1)

pavon (30274) | more than 3 years ago | (#37510704)

Yeah, blocking third-party cookies is a good thing to do. The third-party can still see your IP address every time you visit a page that embeds their content, but it at least provides a thin layer of anonymity on the web. Furthermore, it is far less painful than using no-script. The only think that I have noticed break is that embedded Vimeo videos won't play with third-party cookies disabled and you have to right-click and view them on Vimeo instead (or white-list them).

Browser Profiles (1)

andrew3 (2250992) | more than 3 years ago | (#37510402)

I use browser profiles for a number of things. I have a browser profile for Hotmail, I *will* have a browser profile for Facebook when I get an account, and I have a profile for normal browsing. That way Facebook can't use their Like buttons to track half of the websites I visit.

Seems good enough to me... now, if only I could get people to do the same.

Opera can stop this (sort of) (1)

Baloroth (2370816) | more than 3 years ago | (#37510414)

In Opera, you can right click with Facebook loaded, select site preferences, cookies, and check "delete new cookies every time I exit Opera". Only deletes cookies from Facebook, so other sites won't break. Also, erase existing cookies. Won't stop the cookies during the same session, but it'll help. Also, Ghostery prevents this (as others have mentioned.) I use Facebook to stay in touch with friends, but that doesn't mean I want them to know anything about any other sites I visit, TYVM.

Re:Opera can stop this (sort of) (0)

Anonymous Coward | more than 3 years ago | (#37510486)

the opera feature is not much use if facebook use cookies sourced from another domain

Oh God (2, Funny)

DSS11Q13 (1853164) | more than 3 years ago | (#37510418)

I don't want anyone to know I read slashdot

I Was Wondering About This (0)

Nom du Keyboard (633989) | more than 3 years ago | (#37510428)

I was wondering exactly about this today given what I'd been observing these last few days. Facebook seems to have no limits to their outrageous behavior, opt-in only changes, and arrogant privacy busting tactics. It's like it's being run by some over-privileged college kid who moved out of home and now thinks that he can do anything he wants...Oh wait...

Of course, because Zuckerberg is a huge liberal and Democratic party supporter this administration isn't going to do a d@mn thing about it.

the crux, I think (5, Insightful)

Bill Dog (726542) | more than 3 years ago | (#37510450)

From TFA:

This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

I don't have direct experience in this area so I'm wondering, why exactly is logout supposed to mean deleting cookies instead of just noting in them that the user is logged out?

Re:the crux, I think (1)

Anonymous Coward | more than 3 years ago | (#37510652)

It has nothing to do with technical reasoning. I think it has everything to do with the user's expectation. If I log out, then I expect nothing to be going to and from the service with my information associated to it until I log back in again.

As a user, I do not expect them to necessarily delete all cookies from my browser. After all, if Amazon did that then they may lose shopping cart details. I see less of an issue for Facebook, but on Amazon I expect them to be done with my user info, and that seems to be the case; the same should be the case for Facebook.

This is another good reason to only use Private Browsing when logging into services on other people's computers--even those you trust (because you should always do it, if you even want to risk it at all, on other's computers).

The only solution? (1)

uofitorn (804157) | more than 3 years ago | (#37510462)

What about NoScript? I frequently see the option to allow facebook.net et al when browsing sites (it's even on the list right now on /.). Doesn't this prevent my info from being sent to FB provided the scripts are not allowed to run?

Re:The only solution? (1)

icebraining (1313345) | more than 3 years ago | (#37510542)

I don't know if FB actually does this, but they could simply get the referrer and your user ID from an HTTP cookie using an image loaded from their websites. NoScript wouldn't stop that.

And you're suprised? (1)

fast turtle (1118037) | more than 3 years ago | (#37510464)

I don't see why anyone is suprised about this behaviour when it's actually how the damn doubleclick and such manage to track people across the web. All of those damn Facebook Like/Add This button are simply doing what they're supposed to do. Call the Mothership so why are you suprised?

The only way to prevent this is to block the damn button scripts along with their fbcdn connections.

The first time I noticed this... (1)

Anonymous Coward | more than 3 years ago | (#37510468)

...I realized that I had just tipped my hand, accidentally informing Facebook that I like big juggs.

I stared at that "Share this on Facebook!" button, with my face next to it, like I just realized I wasn't the only person in the room. /That's Willie's Time

In other news, the sky is blue (0)

Anonymous Coward | more than 3 years ago | (#37510484)

Seriously, is this a news at all ? Third party cookies and gif bugs are nothing new. Disable third party cookies helps you a little.

Ok, this is my fix, for what it's worth. (1)

Kwelstr (114389) | more than 3 years ago | (#37510506)

I have done this ever since I joined FB due to friends and family over-bugging me to join: I installed the Opera browser, I got a new email that I use for FB; I've used Opera only to log into FB and into the email I use for FB. I use Chrome or Firefox for everything else. I just checked my Firefox, no FB cookies!

Notice (5, Funny)

inode_buddha (576844) | more than 3 years ago | (#37510540)

Notice how goatse doesn't have a FB "like" button? I think goatse needs a "like" button. C'mon, everybody, why don't we setup a shitload of goatse mirrors with "like" buttons? There's more than one way to poison a DB.....

Very old news (1)

blind biker (1066130) | more than 3 years ago | (#37510552)

I am sure I read about this (exactly as described in the summary) two years ago. The infamous Facebook cookies that track you even after you log out - yes, people have been taking this crap all this time. Maybe now it'll get a bit more air due to the existence of a legitimate contender (G+)?

Re:Very old news (1)

93 Escort Wagon (326346) | more than 3 years ago | (#37510622)

I am sure I read about this (exactly as described in the summary) two years ago. The infamous Facebook cookies that track you even after you log out - yes, people have been taking this crap all this time. Maybe now it'll get a bit more air due to the existence of a legitimate contender (G+)?

I've got to ask - why on earth would you assume Google isn't doing exactly the same thing?

Nothing new.... (1)

jimpop (27817) | more than 3 years ago | (#37510570)

This has been known since the Like button first appeared. Quit FB, or learn to use NoScript.

Irony? (1)

jbmartin6 (1232050) | more than 3 years ago | (#37510584)

Is it ironic that there is a Facebook widget right on the /. page with this story?

They aren't the only ones. (0)

Anonymous Coward | more than 3 years ago | (#37510588)

Newegg does this too. I used to get emails for recommendations based on browsing their site and I was not even logged in for that session.

One more solution (1)

uvajed_ekil (914487) | more than 3 years ago | (#37510596)

You could use a different browser for Facebook than for everything else you do. Say you normally use Firefox, you could use IE/Opera/Chrome/Safari/something else for Facebook only. Or set up a dedicated browser instance that runs in a VM, using that only for Facebook. My personal choice is even easier though - I don't use Facebook.

Workaround for fb tracking (1)

ahbond (768662) | more than 3 years ago | (#37510600)

From the article: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.' I think that if you set the cookie permissions correctly, you should be able to use fb, and not have the cookies track you after you log out (In Firefox) From the facebook home page, right-click on an empty part of the page, and select 'View Page info. The select the Permissions tab. there is an option for 'Set Cookies' Set it to 'Allow for session', and the cookies should be deleted when you logout. Cheers, Andrew.

no place like 127.0.0.1 (0)

Anonymous Coward | more than 3 years ago | (#37510630)

echo 127.0.0.1 facebook.com www.facebook.com api.facebook.com static.ak.fbcdn.net >> /etc/hosts

Pages everywhere load faster now. :)

There is a Google made Chrome plugin that can help (0)

Anonymous Coward | more than 3 years ago | (#37510664)

Facebook disconnect:
https://chrome.google.com/webstore/detail/ejpepffjfmamnambagiibghpglaidiec

Ahem isnt that known for a long time? (1)

drolli (522659) | more than 3 years ago | (#37510668)

Well. i disabled facebook in noscript, just in case they miss it somehow that i have no account there.

Retaining a device's identity for login approvals (0)

Anonymous Coward | more than 3 years ago | (#37510688)

There are specific cases where retaining your account id in a persistent cookie after logout is certainly useful. One of these is the "remember this device" option that helps to make the SMS login approvals feature workable, which help to protect accounts from unauthorised access.

Browser Safety (1)

masternerdguy (2468142) | more than 3 years ago | (#37510718)

Remember kids, scrub the browser's cache (temporary internet files, cookies, everything) at the end of every session, and after logging out of facebook.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?