You may know that your browser sends information to Facebook whenever you visit a web page that hosts a Facebook Like or Share button or other Facebook content.
That's true even if you do not have a Facebook account. If you do have a Facebook account and are signed in, Facebook gets to know which sites you visit and can link those visits with your account for a more accurate profile.
Some users may see this as a privacy invasion. The general advice that you get on the Internet is to log out of the Facebook account when you do not use the site. The reasoning here is that logging out should prevent the identification of users on third party sites that load Facebook content.
According to Nik Cubrilovic though this is not the case. Facebook can track logged out users as much as it can track logged in users. How do they do it? With cookies of course. One would assume that logging out would delete all cookies linked to the account.
This is apparently not the case here. Facebook is not deleting all cookies when a user logs out. Nik notes:
To make it easier to see the cookies being unset, the names are in italics. If you compare the cookies that have been set in a logged in request, and compare them to the cookies that are being unset in the logout request, you will quickly see that there are a number of cookies that are not being deleted, and there are two cookies (locale and lu) that are only being given new expiry dates, and three new cookies (W, fl, L) being set.
Cookies that identify users based on the account Id still exist, which means that Facebook has access to that data whenever a connection to the site is made (on Facebook itself or third party sites). This means that Facebook can still identify users even if they are logged out of the social networking site.
The only solution? To delete all Facebook cookies whenever possible. While you could do that manually every time you log out of Facebook, it is probably not the best solution in this case.
First, you have to do it every time after signing out on the site which can quickly become a nuisance, and second, you have to remember to do it.
Here are a few add-ons and extensions that take care of that for your:
Have another add-on or tip on how to cope with the situation? Let everyone know in the comments.
Update: Facebook responded in an email. Here is their official statement:
Specific to logged out cookies, they are used for safety and protection, including identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of 'keep me logged in'.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.