PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

  • Home
  • About
    • Privacy Policy
  • Categories
    • Google+ Posts
    • Site news
    • Tech
      • Android
      • Apple
      • Chrome
      • Gadgets
      • Hacking
      • Linux
      • OSX
      • Privacy
      • Web Life
        • Bittorrent
        • Facebook
        • FireFox
        • GMail
        • Google
        • Google+
        • Twitter
        • WordPress
        • Windows
          • Windows 7
    • Google+: Getting Started Guides
    • Games
    • Meditation
    • Politics
    • Science
    • That’s freakin hilarious
  • Code
    • FreeImageZoom
    • Post Editor for Google+™
    • The Plus Editor
  • Contact
You are here: Home / Tech / Facebook / Facebook tracks what you do online, even when you log out of Facebook

Facebook tracks what you do online, even when you log out of Facebook

September 25, 2011 by Paul Spoerry 6 Comments

Facebook’s new Frictionless Sharing feature allows Facebook to track every website you visit; everything you do online… even when you’re not logged into Facebook. Nik Cubrilovic, who shows the code and describes how to replicate his findings states, “Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.”

Facebook tracks your surfing even after you log outLogging out of Facebook does not end your communication with Facebook according to Cubrilovic’s tests. When logging out of Facebook instead of deleting their cookies, they are simply changing them. Your account information and unique identifiable tokens are still available in these cookies, the implication is that any time you visit a web page with a Facebook button your browser is still sending personally identifiable information back to Facebook. In other words, just because you’re logged out of Facebook they still know what articles you’re reading… and let’s face it most news sites have the Facebook Like button on their site.

The primary cookies that identify me as a user are still there (act is my account number), even though I am looking at a logged out page. Logged out requests still send nine different cookies, including the most important cookies that identify you as a user. This is not what ‘logout’ is supposed to mean – Facebook are only altering the state of the cookies instead of removing all of them when a user logs out. With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. The only solution to Facebook not knowing who you are is to delete all Facebook cookies.

Cubrilovic says the tests are repeatable by anyone with a browser that has development tools installed.

UPDATE: Facebook tracking deepens with the release of Facebook Messenger!

Facebook’s new “open graph” apps can report what you are reading or listening to in real time without requiring you to click the Like button. So now things like the media you consume is added to your profile as an update… without your explicit permission.

If you don’t want Facebook tracking your across the web you need to use a separate browser for your Facebook activities or delete all Facebook-related cookies after you logoff.  Hacker News is reporting that if you use the browser extension AdBlock Plus by adding the following rules (note that I haven’t tested this myself yet to confirm it works):
facebook.com^$domain=~facebook.com ~facebook.net|~fbcdn.com|~fbcdn.net
facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

Read the full scoop on Nik Cubrilovic’s post Logging out of Facebook is not enough.

UPDATE: Word on the net is that Facebook has changed this behavior based on the outcry of users on the Internet. I haven’t confirmed this myself but that would be a welcome change to their handling of cookies.

UPDATE 2: Facebook tracking deepens with the release of Facebook Messenger

Add Paul Spoerry on Google+

Filed Under: Facebook, Hacking, Privacy Tagged With: facebook, facebook privacy, facebook security, facebook tracking, Privacy, security

About Paul Spoerry

I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.

I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.

I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.

I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.

Comments

  1. Jim Morris says

    September 25, 2011 at 8:24 pm

    I don’t believe someone that has an unidentified .zip download on the page. And I think you are basically full of it anyway.
    Prove what you say.
    Thanks

  2. Paul Spoerry says

    September 25, 2011 at 9:34 pm

    There are no unidentified ZIP files on this page… and if you follow the link to Nik’s post you can see response from a Facebook engineer commenting on this very subject. ;O)

  3. Thomas says

    September 25, 2011 at 9:44 pm

    Why do you have your website listed in the list of filters for AdBlock?

  4. Paul Spoerry says

    September 26, 2011 at 6:50 am

    Thomas… I’ve been playing with an SEO internal auto-linking plugin. It injected it in there, nice catch. I disabled the plugin and that went away.

  5. Kimberly Gauthier, Adventures in Blogging says

    September 26, 2011 at 9:01 am

    I know that people will think I’m nuts, butI really don’t care. Amazon tracks me too. It all makes my online experience easier. As long as they’re not capturing my banking information and spending my money, they can track me all they like just to save me the hassle of filtering through pages of nonsense just to get an answer. I’m probably a fool, but it is what it is – hee hee.

  6. Nidia says

    November 6, 2013 at 12:58 am

    thanks buddy

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2022 · Epik on Genesis Framework · WordPress · Log in