Logging Out Of Facebook Is Not Enough
You may know that your browser sends information to Facebook whenever you visit a web page that hosts a Facebook Like or Share button or other Facebook content.
That's true even if you do not have a Facebook account. If you do have a Facebook account and are signed in, Facebook gets to know which sites you visit and can link those visits with your account for a more accurate profile.
Some users may see this as a privacy invasion. The general advice that you get on the Internet is to log out of the Facebook account when you do not use the site. The reasoning here is that logging out should prevent the identification of users on third party sites that load Facebook content.
According to Nik Cubrilovic though this is not the case. Facebook can track logged out users as much as it can track logged in users. How do they do it? With cookies of course. One would assume that logging out would delete all cookies linked to the account.
This is apparently not the case here. Facebook is not deleting all cookies when a user logs out. Nik notes:
To make it easier to see the cookies being unset, the names are in italics. If you compare the cookies that have been set in a logged in request, and compare them to the cookies that are being unset in the logout request, you will quickly see that there are a number of cookies that are not being deleted, and there are two cookies (locale and lu) that are only being given new expiry dates, and three new cookies (W, fl, L) being set.
Cookies that identify users based on the account Id still exist, which means that Facebook has access to that data whenever a connection to the site is made (on Facebook itself or third party sites). This means that Facebook can still identify users even if they are logged out of the social networking site.
The only solution? To delete all Facebook cookies whenever possible. While you could do that manually every time you log out of Facebook, it is probably not the best solution in this case.
First, you have to do it every time after signing out on the site which can quickly become a nuisance, and second, you have to remember to do it.
Here are a few add-ons and extensions that take care of that for your:
- Facebook Blocker [Firefox] - Blocks all Facebook contents on third party sites from sending information. You can still interact with the elements if you want, but until you do, no information are submitted.
- Facebook Disconnect [Google Chrome] - Blocks all Facebook traffic from third party sites.
- Facebook Blocker [Opera] - Seems to be identical to the Google Chrome extension, blocks all Facebook third party traffic.
Have another add-on or tip on how to cope with the situation? Let everyone know in the comments.
Update: Facebook responded in an email. Here is their official statement:
Specific to logged out cookies, they are used for safety and protection, including identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of 'keep me logged in'.