Another privacy issue with Facebook

September 27, 2011 |

The lads at Facebook have not been all that caught up with privacy issues of its users. They seem to take the view that being being wildly popular is the ultimate answer to any concern, trivial or major. A modern day “vox populi vox dei”. Consequently Facebook finds itself on the wrong side of privacy issues on a fairly regular basis.
In the Australian today there is another report of a continued cavalier approach to privacy.

Here is the report in toto:

FACEBOOK is facing its most serious privacy issue to date, with claims that it is collecting user’s information after they have logged out.

The issue, raised by Australian born blogger Nik Cubrilovic, has sparked a major privacy debate on the internet overnight, and follows Cubrilovic’s demonstration on his blog of Facebook keeping its browser cookies active after a user has logged out of the social network.

“Logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to,” Cubrilovic’s blog says.

“Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.”

In his blog, Cubrilovic demonstrates that a cookie with his Facebook ID is still active, even when he is logged out.

Facebook today has confirmed that its Browser cookies exist after a user logs out.

However on the Wall Street Journal blog Digits, Facebook this morning has defended its practice, saying that the collection was part of a system to prevent improper logins and that the information is quickly deleted.

Facebook told the Digits blog that the data was sent because of the way the “Like” button system was set up.

“Any cookies that are associated with will automatically get sent when you view a “Like” button.

“The onus is on us is to take all the data and scrub it,” Facebook director of engineering Arturo Bejar told the blog.

“What really matters is what we say as a company and back it up.”

A Facebook spokesman said “no information we receive when you see a social plugin is used to target ads.”

Mr Bejar told the blog Facebook was looking at ways to avoid sending the data altogether but that it will “take a while.”

Facebook also is under fire over a claim that its new “social apps” are capable of posting what a user is reading on the web, without a user explicitly ‘liking’ the link or posting it.

“Be forewarned though, with these apps you’re automatically sending anything you read into your Facebook news feed,” the ReadWriteWeb blog said.

“No ‘read’ button. No clicking a ‘like’ or ‘recommend’ button.

“As soon as you click through to an article you are deemed to have ‘read’ it and all of your Facebook friends and subscribers will hear about it.

“That could potentially cause you embarrassment and it will certainly add greatly to the noise of your Facebook experience,” the blog said.

The Age also covers much the same topic, in a feed from the LA Times  with:

??Facebook has denied that it tracks its users’ web surfing even when they are logged out, saying it only uses tracking cookies to personalise content and to make the site more secure.

Australian technologist Nik Cubrilovic this week accused Facebook of using cookies to track users when they are logged off from the service.

Facebook engineer Gregg Stefancik denied that the company tracked users in a comment on Cubrilovic’s post. Stefancik did admit that Facebook alters – but does not delete – cookies when users log out. But he says Facebook does that as a safety measure, and does not use the cookies to track users or sell their personal information.

In a written statement, Facebook said: “Facebook does not track users across the web. Instead, we use cookies on social plug-ins to personalise content (e.g. show you what your friends liked), to help maintain and improve what we do (e.g. measure click-through rate), or for safety and security (e.g. keeping underage kids from trying to sign up with a different age). No information we receive when you see a social plug-in is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.”

Logged-out cookies are used to protect consumers, Facebook said. For example, Facebook says the logged-out cookies are used to identify spammers and phishers, detect when an unauthorised person is trying to access a user’s account, help users regain access to an account when it’s been hacked and disable registration for underage users who try to re-register with a different birthdate.

But some still believe that Facebook has murdered privacy.

“Facebook has finally done it,” Mashable’s Ben Parr wrote. “It’s just a few updates away now from euthanising the concept of privacy.”

Last week Facebook unveiled its dramatic redesign of profiles, a time line that charts in chronological order all the information users have shared on the service. Facebook also showed off new third-party applications that – when enabled – automatically share every action users take: every song they listen to, article they read and video they watch (not to mention every meal they cook and every jogging route they follow).

Facebook Chief Executive Mark Zuckerberg calls it “frictionless sharing.” That kind of sharing is designed to get users to stick around even longer (something that Facebook already does so well that it’s got Google and other internet players plenty worried).

“We’re at the point of no return,” Parr wrote. “Facebook’s passive sharing will change how we live our lives. More and more, the things we do in real life will end up as Facebook posts. And while we may be consoled by the fact that most of this stuff is being posted just to our friends, it only takes one friend to share that information with his or her friends to start a viral chain. Sharing with just your friends doesn’t protect your privacy. I know the people at Facebook will disagree and argue that users can control what is shared with whom. But this is simply an illusion that makes us feel better about all the sharing we have done and are about to do. We may not notice the impact on our lives immediately. But it won’t be long until your life is on display for all of your friends to see, and then we’ll all know what Facebook has wrought.”

Not surprisingly, his conclusion is the same one reached by privacy advocates who are calling on US federal regulators to take a hard look at the latest changes that Facebook is rolling out.

Marc Rotenberg, the executive director of the watchdog group Electronic Privacy Information Center, which has led the charge against Facebook, said he is sending a letter to the Federal Trade Commission highlighting his organisation’s concerns, which he says the agency has so far failed to address.

“It’s getting really difficult to evaluate the changes that Facebook makes, and I say that as a privacy professional. I can’t imagine what the typical user goes through,” Rotenberg said. “Users might opt in to what Facebook is planning to do, but Facebook never gives users that option. It just marches forward and users have to go along.”

An agency spokeswoman said the FTC does not discuss investigations unless the subject of an inquiry discloses the investigation.

“Then we can confirm the investigation without providing any details. But Facebook has not done so, so I can neither confirm nor deny that the FTC is investigating Facebook,” Claudia Farrell said in an email.

The latest privacy backlash comes as Facebook prepares for its highly anticipated initial public offering next year. The growing success of what is already the world’s most popular social networking service has led analysts to conclude that it’s essentially building a second internet where it harvests users’ personal data to target advertising.

That has raised the hackles of privacy watchdogs who accuse Facebook of putting profit before users. They say users are being pushed to divulge more about their lives than they feel comfortable.

“This redesign is part of Facebook’s overdrive effort to boost data collection and ad sales prior to its IPO,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “Under the guise of enhancing the ability of its members to express themselves, Facebook is building a super-charged commercial surveillance system that threatens their privacy.”

Tim Whitlock, chief technology officer and co-founder of Brandfeed, says users should think about the consequences now and in the future of sharing information on Facebook.

“Most people understand that sites like Facebook are free to use for a reason. It’s not because Mark Zuckerberg loves you, it’s because Facebook and its peers make money from your data and from your eyeballs. At least I hope people understand that. At the very least I hope that people understand they’re making a trade of some sort and that they’re ultimately in control of this arrangement,” Whitlock wrote.

“Whether this is optimistic or not, if we want to maintain any kind of control over this trade, we need to start thinking beyond what our data is currently used for. We need to start thinking beyond targeted advertising, and wonder what else the information we hand over today might be used for tomorrow.”

As reader Rhonda Stanton, a broker associate with Keller Williams Realty Inc., commented on a blog post last week about Facebook’s push to get its users to share more: “If I wanted the whole world to know what I was doing, I would friend the whole world.

Leave a Reply