I wrote last month that Mark Zuckerberg seems to have the mind of an old Stalinist, because he seems dead-set on destroying the very concept of privacy in social networking. Here’s more evidence that millions of Facebook users shouldn’t assume Zuckerberg’s invention is just a good way to make friends:
The Electronic Frontier Foundation cites a September 25th, 2011 blog post by hacker and writer Nik Cubrilovic that proved Facebook’s session cookie was not being deleted upon log-out. Facebook responded with a “fix-it,” but it raises serious concerns about whether one can effectively log-out of Facebook and whether or not Facebook can track users without the benefit of cookies.
According to Cubrilovic, he waited for a year to hear from Facebook on this privacy issue that he discovered, emailing them and reaching multiple dead-ends.
Two days later, on September 27th, Cubrilovic noted, “In summary, Facebook has made changes to the logout process and they have explained each part of the process and the cookies that the site uses in detail … They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc.”
EFF, however, is unequivocal in stating, “Facebook can track web browsing history without cookies.”
“Facebook is able to collect data about your browser – including your IP address and a range of facts about your browser – without ever installing a cookie. They can use this data to build a record of every time you load a page with embedded Facebook content,” added the EFF.
This ability to track users outside of Facebook is particularly troubling.
EFF states, “It’s clear that Facebook does extensive cross-domain tracking, with two types of cookies and even without. With this data, Facebook could create a detailed portrait of how you use the Internet: what sites you visit, how frequently you load them, what time of day you like to access them. This could point to more than your shopping habits – it could provide a candid window into health concerns, political interests, reading habits, sexual preferences, religious affiliations, and much more.”
That Facebook keeps this data on file for 90 days (before it’s discarded or made anonymous) is a legitimate privacy concern and it could certainly be useful in the event U.S. intelligence services desires to build a profile of a particular user’s web browsing…