Last month, we reported on Facebook’s use of tracking cookies that allow the company to track users’ web activity even when they’re logged out of Facebook, though Facebook maintains they’re not used for tracking purposes.
The issue was brought up by Australian hacker/writer Nik Cubrilovic, who did some testing with the cookies, and found that logging out doesn’t keep Facebook from knowing every page you visit.
The relevant part of Facebook’s Privacy terms:
We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin). This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.
Facebook responded to the conversation, saying that they don’t track users across the web, but use the cookies for content personalization, and for safety and security reasons. Then they said the cookie in question, the one which contains the user’s ID was now being destroyed upon log-out.
Now, Cubrilovic is reporting that the “datr” cookie, first removed by Facebook and was no longer being set for logged in or logged out users when they visited a page integrating Facebook, is back. He shows this in a screenshot for Chrome after visiting CBSSports.com.
This particular cookie, Facebook says, helps them identify suspicious login activity.
Various mentions of the cookie by Facebook include:
“We set the ‘datr’ cookie when a web browser accesses facebook.com (except social plugin iframes), and the cookie helps us identify suspicious login activity and keep users safe. For instance, we use it to flag questionable activity like failed login attempts and attempts to create multiple spam accounts.”
“For Facebook users, we obtain the consent for the use of a range of cookies when they sign up to our service. Our Privacy Policy makes it clear that these cookies may be accessed both on facebook.com and when they are visiting other websites with Facebook social plugins.”
“We don’t use them for tracking and they’re not intended for tracking.”
Facebook may indeed have honorable enough intentions for the cookie(s), but that doesn’t mean everybody feels comfortable with the company knowing everywhere they’ve been on the web, particularly as they face other privacy concerns with how they’re interacting with web content and it’s being viewed on the recently launched Ticker feature.
Meanwhile, reports have surfaced that lawmakers are urging the FTC to investigate Facebook over potential privacy issues.
