Facebook Rejects Logout Cookie Allegations

Facebook SecurityA few days ago, a blogger named Nik Cubrilovic reported that Facebook’s new API’s allows applications to post messages on the new Timeline, without users’ intervention.

The blogger explains that this new API is an extension of Facebook Instant, called “frictionless sharing” and although you might think Logging-Out will save you, it appears it doesn’t and you can end up sharing or recommending something you don’t want to.

Nik Cubrilovic showed that when you logout from your Facebook account, cookies are not removed but altered.

Facebook are only altering the state of the cookies instead of removing all of them when a user logs out.

Even so each time when he visited Facebook(from his logged out account) through Like plugins or other widgets, information were still sent to Facebook. Having a 10-15 years experience in Security Solutions, Nik tried to get in touch with Facebook several times, but he had no response from them. The only solution to prevent this problem will be to “delete all Facebook cookies” each time a Log Out action is performed.

Facebook finally responded, saying that they are not tracking anyone across the web and they just keep cookies to personalize, help and improve what they are doing or for safety and security. According to Facebook, these cookies are deleted within 90 days.

Facebook does not track users across the web. Instead, we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age). No information we receive when you see a social plugins is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information. Specific to logged out cookies, they are used for safety and protection, including identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of ‘keep me logged in’.

Although Facebook don’t want to admit, they made a slight change and they decided to delete a cookie called a_user is destroyed when the Logout action occurs. Unfortunately, some other cookies remain intact and they will still track users activity each time they will come on Facebook. If you don’t want to transfer this information to Facebook, make sure you delete your cookies after you Logged Out from Facebook.

Image Credit: AllFacebook

One Comment

  1. Pingback: Facebook Privacy Issues Persist and "datr" Cookie is Back on Track | It's a Gadget

Leave a Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.