Exposed: Australian technology blogger Nik Cubrilovic has uncovered Facebook’s practices of tracking users when they are offline
Facebook has admitted that it has been watching the web pages its members visit – even when they have logged out.
In its latest privacy blunder, the social networking site was forced to confirm that it has been constantly tracking its 750million users, even when they are using other sites.
The social networking giant says the huge privacy breach was simply a mistake – that software automatically downloaded to users’ computers when they logged in to Facebook ‘inadvertently’ sent information to the company, whether or not they were logged in at the time.
Most would assume that Facebook stops monitoring them after they leave its site, but technology bloggers discovered this was not the case.
In fact, data has been regularly sent back to the social network’s servers – data that could be worth billions when creating ‘targeted’ advertising based on the sites users visit.
The website’s practices were exposed by Australian technology blogger Nik Cubrilovic and have provoked a furious response across the internet.
Facebook claims to have ‘fixed’ the issue – and ‘thanked’ Mr Cubrilovic for pointing it out – while simultaneously claiming that it wasn’t really an issue in the first place.
Mr Cubrilovic found that when you sign up to Facebook it automatically puts files known as ‘cookies’ on your computer which monitor your browsing history.
This is still the case. But Facebook claims the cookies no longer send information while you are logged out of its site. If you are logged in to Facebook, the cookies will still send the information, and they remain on your computer unless you manually delete them.
They send Facebook your IP address – the ‘unique identifier’ address of your PC – and information on whether you have visited millions of websites: anything with a Facebook ‘like’ or ‘recommend’ button on it.
‘We place cookies on the computer of the user,’ said a Facebook spokesperson – and admitted that some Facebook cookies send back the address of users’ PCs and sites they had visited, even while logged out.
‘Three of these cookies inadvertently included unique identifiers when the user had logged out of Facebook. We did not store these for logged out users. We could not have used this information.’
However, the site spokesperson said that the ‘potential issue’ had now been ‘fixed’ so that the cookies will no longer broadcast information: ‘We fixed the cookies so they won’t include unique information in the future when people log out.’
‘It’s just the latest privacy issue to affect a company that has a long history of blunders relating to user’s private information.
Monitoring all: Facebook founder and chief executive, Mark Zuckerberg
Mr Cubrilovic wrote: ‘Even if you are logged out, Facebook still knows and can track every page you visit.
‘The only solution is to delete every Facebook cookie in your browser, or to use a separate (web) browser for Facebook interactions.
‘This is not what “logout” is supposed to mean’.
The admission is the latest in a series of privacy blunders from Facebook, which has a record of only correcting such matters when they are brought to light by other people.
Earlier this year it stopped gathering browser data from users who had never even been to Facebook.com after it was exposed by a Dutch researcher.
The site was forced into a partial climbdown over changes to privacy settings which many claimed made too much public.
It also came under attack for launching a ‘stalker button’ which allowed users to track another person’s every move in a list which was constantly being updated.
New Design: Mark Zuckerberg talks about a new look for Facebook at a conference earlier this month
Arturo Bejar, one of Facebook’s directors of engineering, admitted that users continue to be tracked after they log out but said that the data was deleted right away.
He said it was to do with the way the ‘like’ feature works, which is a button users can click on to show they like something.
He said: ‘The onus is on us is to take all the data and scrub it. What really matters is what we say as a company and back it up.’
On technology blog CNET, however, users were outraged at what was going on.
One wrote: ‘Who the hell do these people think they are? ‘Trust us?’ Why? Why should we trust a company that spies on us without our knowledge and consent?’
Another added: ‘Holy wow…. they’ve just lept way past Google on the creepy meter’.
According to U.S. reports Facebook has recently set up its own Political Action Committee, an American term for a lobbying outfit to get its views heard on Capitol Hill.
So far this year it has already spent £352,000 on lobbying, already ahead of last year’s total of £224,000.
The website has also been forced to deny Internet rumours it will begin charging for its services and said it will ‘always be free’.
A spokesman for Facebook said that the login and log out measures were designed for security and were there to prevent fraud.
He added: ‘We to do not use this information to target adverts’.