This may have implications for our discussion. Does this change how you might feel about Facebook tracking you across the web?
Facebook admits it went too far. The social network is quietly retracting a cookie that continued to report your Facebook user ID even after you “logged out” of the site. But it’s not sorry about five other cookies that persist after you sign off. What, you didn’t think Facebook would ever let you actually for real seriously 100 percent sign out, did you?
When Australian programmer Nik Cubrilovic first blogged on Sunday about how Facebook logout didn’t seem to actually, uh, log out, the company went into damage control mode, insisting that “Facebook does not track users across the web,” which was pretty funny given that Facebook has a tracking feature its CEO literally calls “Facebook Across the Web.” The company also said, “logged out cookies… are used for safety and protection…”
Except it turns out one cookie wasn’t used for “safety and protection,” as a Facebook engineer has admitted to Cubrilovic now that the press storm is subsiding. One cookie, “a_user,” continued to report your user ID back to Facebook after you logged out, until you shut down your browser entirely. The cookie was only visible to Facebook, but the site could have used it to track your visits to other sites if it wished, since a great many websites feature “Facebook Connect” widgets that load content from facebook.com — transmitting cookies to Facebook each time they do so.
The social network, to its credit, now destroys “a_user” on logout.
But there are five other cookies that still remain after you “log out” of Facebook, and that stick around even after you restart your browser.