Facebook continues to be the subject of controversy over issues of privacy, this time because Facebook cookies were found to be accidentally tracking other sites users visited after they had logged off. The information is then sent to Facebook via the cookies, provoking concerns over users’ privacy violations.
According to The Daily Mail, the cookies “send Facebook your IP address — the ‘unique identifier’ address of your PC — and information on whether you have visited millions of websites: anything with a Facebook ‘like’ or ‘recommend’ button on it.”
One Facebook spokesperson admitted, “We place cookies on the computer of the user,” and that some of those cookies do in fact send back the address of the users’ PCs and sites they visited, even while logged out. “Three of these cookies inadvertently included unique identifiers when the user had logged out of Facebook. We did not store these for logged out users. We could not have used this information.”
The malfunction was made public by Australian blogger Nik Cubrilovic, who was disgruntled with the recent changes made to Facebook. Facebook has added a Timeline feature that automatically posts a user’s Facebook profile with items from their past or sites they have been viewing. Cubrilovic searched Facebook, hoping to find a way to disable this feature, which “accidently [sic] shares a page or an event that you did not intend others to see."
Facebook’s designers assert that the software malfunction has since been fixed, but they maintain that users should consider logging off of Facebook completely when they are done with the page. Likewise, the designers encourage users to remove Facebook’s cookies and use a separate browser when they are on Facebook.
However, as noted by Dave Winer of Scripting.com, these suggestions scarcely ensure one’s privacy is protected:
[…] logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to Facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.
Facebook was forced to publicly address the malfunction after news of the cookies went viral. The Daily Mail reports, “Facebook claims the cookies no longer send information while you are logged out of its site. If you are logged into Facebook, the cookies will still send the information, and they remain on your computer unless you manually delete them.”
Still, a Facebook spokesperson said that the “potential issue” is “fixed” and the cookies will no longer broadcast information. “We fixed the cookies so they won’t include unique information in the future when people log out.”
For some, however, even if the problem has been addressed and fixed, it is indicative of the fact that Internet users must remain vigilant when it comes to their privacy. Cubrilovic wrote in his blog, “I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and [not] to take initiative in remaining safe.”
Facebook’s woes are similar to those experienced by OnStar last week when it was revealed that even after the service was canceled, the program continued to track previous subscribers. When this revelation went viral, there was a harsh public outcry, prompting General Motors to announce it would be reversing the policy of continuing to track members even after they have canceled their service as a result of customer dissatisfaction.
OnStar President Linda Marshall was forced to issue a press release on the subject:
If OnStar ever offers the option of a data connection after cancellation, it would only be when a customer opted-in, Marshall said. And then OnStar would honor customers’ preferences about how data from that connection is treated.
We realize that our proposed amendments did not satisfy our subscribers. This is why we are leaving the decision in our customers’ hands. We listened, we responded and we hope to maintain the trust of our more than 6 million customers.
Despite this similar scenario, social media sites in particular have been the subject of harsh scrutiny as a result of privacy concerns that have been raised. Facebook has been especially targeted because of its use of facial recognition technology and the fact that phone numbers from members’ contact lists are available for view.
In August, however, Facebook announced that it would be making improvements to ensure privacy. The network launched a “Bounty Bug Program” to help discover any flaws in the system’s software due to “software complexity, programming errors, changes in requirements, errors in bug tracking, limited documentation or bugs in software development tools.” Likewise, Facebook made updates to its page which permits users to decide who may and may not see particular aspects of their page, simply by making a selection on a new inline menu that has been added to the social network page.
Additionally, these social media sites are struggling to ensure that not only user privacy is ensured, but the users’ right to free speech, particularly “in the face of government authority,” reports PC World:
If the U.S. government tries to censor or even shut off your access to a social network entirely (as British Prime Minister David Cameron almost did during the riots in England last month), you’ll want to know which networks have the best record of working to protect user rights.
According to PC world, Twitter — which published Guidelines for Law Enforcement — holds the best record for protecting users rights, while Facebook and Google are doing their best to figure out how to best address their “responsibility of supporting free speech.”
Recently, Facebook had to contend with a Facebook page created for the “Third Palestinian Intifada” — a movement calling for a violent uprising against Israel. Facebook reported that it had removed the page, but careful inspection revealed that the page remained even after Facebook made that announcement. Today, however, it does not appear to be active.