Recently, there was a huge uproar over a discovery made by an Australian Technologist concerning Facebook’s cookies. Nik Cubrilovic analyzed Facebook’s cookies and saw that once you log out of the site, the cookies aren’t removed or deleted but simply changed. Your account ID is still embedded in these cookies, so whenever you visit a site that uses any Facebook widget, data could be sent back to Facebook, essentially allowing the site to track your activities online.
Cubrilovic admitted that he could be wrong about his conclusions. But if he’s not, then Facebook has quite a lot to answer for. Such an allegation has very serious implications on our privacy, and it could destroy all the trust that Facebook has slowly been rebuilding through their enhanced privacy settings.
Cubrilovic’s discovery has caught the attention of several Internet tech authorities, and many of them have sent e-mails to Facebook requesting for an explanation. Facebook has yet to make an official statement about the matter, but ZDNet has received one response from Arturo Bejar, a Facebook engineer explaining what the cookies do and why they behave as such.
According to Bejar, Facebook does not track users’ activities whether they’re logged onto Facebook or not. He claims that the purpose of these cookies is for the users’ safety and protection. These cookies actually help in identifying spammers and phishers and help detect any unauthorized log ins. Also, in the event of a hacking, these cookies can help the user retrieve his or her account.
These cookies are also part of Facebook’s system for preventing minors from registering in the account. Once the cookies are in place, they can no longer try to re-register using a different birth date if they have erred once by giving their real one.
So, if all this is to be believed, the cookies that people have been raging against during these past days were actually pretty useful. The cookies do not track our online activity. In fact, instead of breaching our privacy and security, these cookies were helping to enhance it.
Bejar also stressed that Facebook does not sell the information that they receive when users visit sites which have the Facebook widget. They don’t even use it for their targeted ads. The data that they collect is deleted within 90 days. After which, the only thing they do keep is data that has been aggregated and ‘anonymized’. So, all those fears about Facebook keeping detailed records about the sites which you visit are, according to Bejar, unfounded.
It all boils down to trust. Facebook does appear to have the ability to track users in the manner set forth by Cubrilovic, but do you trust them not to? If you have any reservations at all, and are reluctant to trust Facebook completely, then the options for your protection are few:
- Use a dedicated browser for Facebook only. If you normally use Firefox, then use Chrome or Internet Explorer for Facebook.
- Hacker News explains how you can use Ad Block Plus with the following Facebook rules:
- Use a cookie cleaning utility or manually delete all Facebook cookies after each session.
- Set your browser to automatically delete cookies upon exit.