October went off with a litigious bang for the social media monster known as Facebook. Fighting a class action law suit over its non-logout ‘logout’ issues and now being busted for using a cookie which tracks people who aren’t using Facebook, the giant could be paying out gold to Jack after all!
The latest scandal is the use of the ‘datr’ cookie which is set on users through the use of Facebook ‘like’ widgets on the internet, a common feature, particularly on blogs and news sites. These cookies follow you from site to site, regardless of whether or not you are logged into Facebook by virtue of simply going on a site with the Like widget.
Back in May, the Wall Street Journal busted Facebook on the use of this cookie and Facebook removed it. However, the cookie has come back with a vengeance, as revealed by the de facto privacy research Nik Cubrilovic shows. In fact, it is more widespread than ever, with the cookie showing up in every site Cubrilovic tested.
So what exactly does this cookie do? Cookies in general are used to track your progress around the web and gather information about sites you visit. This in turn is relayed largely to advertisers who use this information to market products to you that you would actually be interested in. While largely harmless, cookies can slow down your internet and some people find them skirting on the edge of ruining privacy.
In the case of the Facebook cookie, it is also used to associate your account with other people who use your computer-associated users. This cookie is also set from social plug-in iFrames, not just from Facebook; meaning any site which can be associated with FB (most commonly ‘Like’ widgets) have these cookies. Finally, the fact that the cookie came back means that Facebook either accidentally or purposefully re-enabled it, angering a lot of people and panicking others who worry about Facebook collecting too much data on their web surfing history which could then be re-sold to advertisers or other people.
The reveal of the datr cookie came as a result of pushes from the chairmen of the Congressional privacy committee and ten public interest groups to make the FTC investigate the clingy cookies of Facebook. This push adds to the growing pressure on Facebook and to the evidence which is being gathered in anIllinoispotential class action lawsuit filed against Facebook.
The suit accuses Facebook of lying or misleading people about what the term ‘log off’ actually means. Facebook in return has claimed they will fight the suit ‘vigorously’; acting as though they will find an expert who can give a coherent explanation as to what happens when you sign off Facebook in such a way that it will be useful to the company. Is it possible?
It is recommended that you manually clear your data cache whenever you log off Facebook, just to make sure you don’t have tracking cookies following you wherever you go. It will add an extra step if you do want to post links to your profiles, but you can keep your privacy intact.
UPDATE: A Facebook engineer has recently commented on Cubrilovic’s blog post, stating that the datr cookie is actually a limited bug. Although Cubrilovic wrote that the cookie is “being set by all the third part sites that we tested”, the engineer retorted “What you describe in this post is not a re-enabling of anything, but a separate issue involving a limited number of sites… We have moved quickly to investigate and resolve this latest issue which will be fully addressed today. [as of Tuesday, Oct. 4]… We still have a policy of not building profiles based on data from logged out users. Reports like this help us make sure we’re adhering to this policy.”