Tuesday, September 27, 2011

You Cant Logout in Facebook!

How would you feel if Facebook, or any other site for that matter, is able to monitor each and every action of yours over the web?
Well, look no further because that’s exactly what is happening! Australian Tech Expert Nik Cubrilovic has revealed in his blog post that when you log out of Facebook, they merely modify the cookie, and in some cases install new ones that send user information as you continue to surf the net, even after logging out.

When you log out, Facebook only de-authorizes your browser from the web application. A number of cookies, including your Facebook account number, are still sent to the main site. Even if you are logged out, Facebook still knows and can track every page you visit.
So much for privacy.

In his experiments, Nik found that there are a number of cookies not being deleted, two cookies that are being given new expiry dates and three new cookies being sent. Also, after logging out, when he surfed another site, the primary cookies, that identify us as a user, are still there along with the account number. That is, even after logging out, when you visit a page with a Facebook like button, or share button, or any other widget, the account information is still being sent to Facebook.
The only solution is to delete ALL Facebook Cookies. (Here’s an article on how to delete cookies.)

Also, there are serious implications if you use Facebook from a public terminal. Even if you log out there, you are leaving behind your “trace”. The account ID remains there until someone deletes the cookies. And this account ID is used to identify your profile!

And as if that wasn’t enough, in their own help desk at this page, Facebook has specified that they use the cookies to help advertisers “measure and manage the effectiveness of ads and advertising campaigns”. In simpler words, Facebook provides the advertisers with the cookie information so as to help in their advertising strategies. Though in this Help Center topic, Facebook has stated that the user could opt out of the placement of cookies, nowhere on the page have they specified or provided instructions as how that can be done.

Over all that, the partnership between Nielsen and Facebook could turn out to be a bigger headache for users, once they get to know the truth. The company, best known for its television ratings system launched a product dubbed – Online Campaign Ratings (OCR). Their release note says – 

“The service will allow the company to combine data from its panels with data from third-party contributors, like Facebook, to more accurately measure how many people are viewing advertisements online.
For example, if a user logs on to Facebook (a Nielsen media partner) and then visits another Web site where an ad that Nielsen is tracking is shown, Nielsen will put a pixel in the ad that will prompt Facebook to send Nielsen the age and gender of the people who viewed the ad.”

Though Nielsen have later specified in the post that this data “will be viewed in the aggregate and not on an individual basis” and that  “third parties will not know what site the user came from or the identity of the advertiser”, it’s a little bit hard to digest that fact.

When criticized on this deal with Nielsen, Facebook authorities replied by saying – “there are ways users can opt out of having their activity incorporated with OCR”. Again, they haven’t specified how exactly a user can do that!

Though Mark Zuckerberg has always been going on the stand that its an open world now, I doubt compromising their privacy is what the users had in mind when they signed up on Facebook.

Understanding the need of the hour, a number of applications and plug-ins have surfaced in reaction to this “privacy policy” of Facebook:
  • Google Chrome has created an app called Facebook Disconnect which removes the Ticker Feed from your page when you use the Chrome Browser.
  • Firefox’s ShareMeNot add-on also prevents third party add-ons from tracking you until and unless you actually click on the “like” or “share” button.

Now the question remains – Will users turn a blind eye to this privacy issue and continue using Facebook, or will they stop trusting and using Facebook altogether? The latter seems almost impossible because Facebook has grown so much that it has now almost become a daily routine for many users, if not all. But least assured, Facebook has something to lookout for and rectify, if they plan to continue on in the future with the same impact on the web, and on people’s lives.

So the next time you surf the web without deleting the cookies, remember, someone’s watching!

1 comment: