Facebook to Extinguish Bugs After Lawsuit Over Bad Cookie Behavior

By Chelsi Nakano (@Chelsi) Oct 4, 2011

Facebook privacy concerns— they're like like a broken record. This time around the platform was sued over cookies, having been accused of tracking users even after they've logged out of the social network.

In Your Internets, Tracking Your Datas

Cookies, or small pieces of data collected about your Internet activity, can be useful. They can remember passwords and settings so you don't have to re-enter them each time you visit a website.

What blogger and hacker Nik Cubrilovic finds particularly interesting is that Facebook still collects these pieces of data when you've logged out of the site. For example, a cookie known as "datr" helps identify suspicious login activity, while another called "lu" protects those using public computers.

"These cookies, by the very purpose they serve, uniquely identify the browser being used—even after logout. As a user, you have to take Facebook at their word that the purpose of these cookies is only for what is being described," Cubrilovic said.

The issue at heart here is frictionless sharing, which was most recently highlighted last week when Facebook teamed up with music sites Spotify, Rdio, and Slacker. Users simply listen to the music they like on the aforementioned platforms and it's automatically shared with their Facebook friends via application. It's like a hassle-free recommendation engine.

Of course, the concern with frictionless sharing is that you might not want everyone on Facebook to to know what you're up to, especially when you're not on Facebook. There are also concerns about targeted advertising.

"[Facebook is] doing something that I think is really scary, and virus-like. The kind of behavior deserves a bad name, like phishing, or spam, or cyber-stalking," explained Software developer David Winer.

Facebook Acknowledges the Issue… Finally

While this might be the first time you're hearing about offline tracking, Cubrilovic has been trying to discuss the issue with Facebook for almost a year now:

To clarify, I first emailed this issue to Facebook on the 14th of November 2010. I also copied the email to their press address to get an official response on it. I never got any response. I sent another email to Facebook, press and copied it to somebody I know at Facebook on the 12th of January 2011. Again, I got no response. I have copies of all the emails, the subject lines were very clear in terms of the importance of this issue.

In their long-awaited response, Facebook stated that they do not track users across the web: “…we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age). No information we receive when you see a social plugins is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information."

A Suit is a Suit, a Fix is a Fix?

The recent lawsuit, filed in the California district court by six Facebook users in Illinois, Hawaii, Virginia, and New Jersey, asks the court for damages, as well as an order that would require Facebook to stop installing cookies that track users after they log out of the service.

To the surprise of pretty much no one, the platform team wasn't happy with the accusations. "We believe this complaint is without merit and we will fight it vigorously," a Facebook spokesman said in a statement.