28 September 2011 | Author: L Boyd Media Intern
An Australian blogger revealed his investigation of Facebook's use of cookies, claiming that they could be making it possible to track a user's movements even once they have left the social networking site.
Nic Cubrilovic passed the findings of his yearlong study into Facebook's cookie usage onto the Office of the Australian Information Commissioner (OAIC), when he found that the cookies tracked users' web browsing on other Facebook integrated sites. The OAIC then launched a report into whether such cookies are breaching privacy laws.
"Logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit," Cubrilovic blogged on Sunday, as he urged users to delete their Facebook cookies.
In direct response, Facebook engineer Gregg Stefancik posted a comment to clarify what he saw as "incorrect conclusions", and indicated that the cookies were "a key element of our phishing protections".
Further to this, Facebook spoke to the BBC, and claims to have now fixed this a cookie 'glitch'.
"There was no security or privacy breach—Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.
"Three of these cookies on some users' computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won't include unique information in the future when people log out."
Cubrilovic, who claims to have highlighted this issue to Facebook over a year ago to no response, recognises that the social network has 'changed as much as they can' yet still urges users to continue to delete the cookies left on their computer by the site for privacy reasons. He also indicates that his research into the logout cookie issue has unearthed several additional areas of interest that he is keen to investigate in the future.
Facebook fixes cookies when blogger raids the jar
An Australian blogger revealed his investigation of Facebook's use of cookies, claiming that they could be making it possible to track a user's movements even once they have left the social networking site. Nic Cubrilovic passed the findings of his yearlong study into Facebook's cookie usage onto the Office of the Australian Information Commissioner (OAIC), when he found that the cookies tracked users' web browsing on other Facebook integrated sites. The OAIC then launched a report into whether such cookies are breaching privacy laws.
"Logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit," Cubrilovic blogged on Sunday, as he urged users to delete their Facebook cookies.
In direct response, Facebook engineer Gregg Stefancik posted a comment to clarify what he saw as "incorrect conclusions", and indicated that the cookies were "a key element of our phishing protections".
Further to this, Facebook spoke to the BBC, and claims to have now fixed this a cookie 'glitch'.
"There was no security or privacy breach—Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.
"Three of these cookies on some users' computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won't include unique information in the future when people log out."
Cubrilovic, who claims to have highlighted this issue to Facebook over a year ago to no response, recognises that the social network has 'changed as much as they can' yet still urges users to continue to delete the cookies left on their computer by the site for privacy reasons. He also indicates that his research into the logout cookie issue has unearthed several additional areas of interest that he is keen to investigate in the future.
English
German/Deutsch
Norwegian/Norsk
Swedish/Svenska
Italian/Italiano
French/Français
Spanish/Español
