Commentary

Advocates: Facebook Violated Privacy Policy By Tracking Logged-Out Users

A coalition of digital rights groups are asking the Federal Trade Commission to investigate Facebook for allegedly learning which outside sites users visited when they were logged out of the service.

"Facebook's tracking of post-log-out Internet activity violates both the reasonable expectations of consumers and the company's own privacy statements," the groups say in a letter sent to the FTC today. Groups signing the letter include the Electronic Privacy Information Center, ACLU, American Library Association, Center for Digital Democracy and Consumer Watchdog.

This week, Australian developer Nik Cubrilovic went public with research showing that Facebook could snoop on users whenever they visited sites with a Like button or other social widget -- even when the users had logged out. Cubrilovic said he had reported this to Facebook on two occasions in the last year, to no avail.

After he blogged about his findings, Facebook quickly said it would fix the "bug" that allowed it to receive data about logged-out users. (The company also denied "tracking" users, arguing that it never retained any data tying users' IDs to the sites they visited.)

But the advocacy groups are questioning whether Facebook completely resolved the problem. Cubrilovic said he found six separate cookies that could allow tracking by user ID. Facebook now appears to destroy at least one of those identifiers when users log out -- the one marked "a_user" -- but not all of the others.

The advocates are skeptical that destroying the a_user cookie alone will protect people's privacy. "Facebook states that the remaining identifiers are used only to improve performance and security. However, there is no technical reason why they could not be used to track a user's identity in a manner similar to the a_user cookie," they state. "Thus, just as before, consumers must rely on Facebook's assurances that the other identifiers are not being used for tracking purposes."

The groups additionally raise questions about other new Facebook features like "frictionless sharing," described in the letter as "a passive experience in which a social app prompts the user once, at the outset, to decide the level of privacy for the app (with 'public' being a common default) and then proceeds to share every bit of information obtained thereafter."

While people can opt out of sharing, doing so may prove to be complicated. The advocates say that people who use the Washington Post's Social Reader and don't want to engage in frictionless sharing must take at least seven steps to avoid it.

But at least people apparently can opt out of the new frictionless sharing regime. Until this week, users had no way to prevent Facebook from knowing what Web sites they visited, short of deleting their profiles. If Facebook took people's privacy more seriously, it would have fixed the bug that allowed it to tie people's IDs to their Web surfing behavior long before now.

2 comments about "Advocates: Facebook Violated Privacy Policy By Tracking Logged-Out Users ".
Check to receive email when comments are posted.
  1. Shawnta Collier from Geomentum, September 29, 2011 at 6:18 p.m.

    Seriously, is Facebook (meaning the owners) just that greedy that they need to track users activity after they've logged out? A bug? I refuse to believe that. Every company has a group of techy people working behinds the scenes it's their job to know this type of stuff. So I refuse to believe that they didn't know about this.

    What I would like to know if what is their purpose behind it and how is knowing this information useful for FB? The only thing I can think of could be, they're using it for marketing reason...meaning, there's companies that use FB to promote their business. I'm sure all retailers or any business selling a service to the public would love to know what their current and potential customers interest are. So if FB can tell businesses that advertise through them about their special findings (but making it sound purely legal) it makes FB look like geniuses.

  2. Paula Lynn from Who Else Unlimited, September 30, 2011 at 5:14 p.m.

    Would venture to comment that 99.9% of those using FB have no idea what you are talking about....nor can comprehend it if they read it. Hence, the problem and it will backfire (probably not tomorrow, but it is down the pike) on all who use FB, sadly...very sadly.

Next story loading loading..