For the second time in two weeks, Facebook is confronting allegations that it has been setting cookies that are capable of tracking users across a wide swath of sites.
Once again, Australian
developer Nic Cubrilovic posted a report detailing the allegations. This time, Cubrilovic says that Facebook
is setting a "datr" cookie, which can track Web users across any site with a social widget. "This cookie could then be read later and used to track the user across different web properties and back to
the Facebook site. The cookie was being set even if the user had never been to the Facebook site, and even if they didn't click a 'like' or 'share' button," he says.
Similar allegations about
the "datr" cookie first surfaced in May. Facebook promptly rolled out a fix, but it didn't seem to take. "Today, that cookie is back," Cubrilovic wrote on Monday.
Facebook reportedly acknowledged the problem and said that the cookie is
only being set on some sites. A spokesperson reportedly said the glitch was limited to "sites that called our API in a non-standard way, one in which we had not considered to protect against
cookie-setting for non-users."
This news comes on top of last week's revelations that Facebook was setting another cookie -- "a_user" -- which allowed the company to track users and tie
information about the sites they visit to their IDs, even when logged out. Facebook acknowledged receiving that kind of information, but said it immediately deleted it. The company also no longer sets
that cookie.
Facebook characterizes Cubrilovic's findings as "bugs," arguing that it doesn't track users for the purpose of compiling profiles about them based on their Web-browsing. That may
be, but the company could be a lot more proactive about fixing these bugs on its own, rather than waiting until outside experts uncover them.