Apparently, Facebook has a lot of work to do on its privacy controls. In some cases, the new “frictionless sharing” features of Facebook can make it so that even when you’re logged out of Facebook, your browser is still tracking every page you visit, sending that data back to Facebook.
According to entrepreneur and self-described hacker Nik Cubrilovic, who shows the code involved with this alleged security issue on his website, “Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.”
Oddly enough, Cubrilovic says this data is not even hidden, adding that “You can test this for yourself using any browser with developer tools installed. It is all hidden in plain sight.”
Cubrilovic’s interest was piqued after he read a post by Dave Winer on Scripting News, pointing out the specter of Facebook announcing the websites you’re visiting and articles you’re reading without your explicit permission or knowledge. Such capabilities are written into Facebook’s new API, according to Winer. He says that Facebook scares him, writing, “I think there’s a good chance that by visiting a site you are now giving them access to lots more info about you. I could be mistaken about this.”
Winer’s post was a reaction to one written last week by ReadWriteWeb, pointing out that the new “social reader” apps Facebook plans to launch soon (and are now available if you enable your Facebook Timeline) will be able to display what you’re reading to your Facebook friends. However, we logged into one of those Facebook apps, The Guardian Social Reader, and noticed that it’s easy to opt out of these “features” when we first began using it.
Even though you can opt out of much of this sneaky kind of sharing, we’re thinking Facebook still has some work to do before everyone can feel perfectly secure with its apps and sharing capabilities. Perhaps it’s a matter of educating users about Facebook’s new capabilities. Meanwhile, it might be time for us to modify that old saying, “Don’t write anything that you wouldn’t want to have read in court.” For the time being, must we change that to “Don’t click on any website that you wouldn’t want to have revealed in court?”
Update: Facebook engineer Arturo Bejar responded to the following question I emailed to Facebook Sunday afternoon: “Will users be able to completely prevent their browsing data from being sent back to Facebook, or from displaying on their feeds?”:
“I am a Facebook engineer that works on these systems and I wanted to say that the logged out cookies are used for safety and protection including: identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of ‘keep me logged in”.
“Also please know that also when you’re logged in (or out) we don’t use our cookies to track you on social plugins to target ads or sell your information to third parties. I’ve heard from so many that what we do is to share or sell your data, and that is just not true. We use your logged in cookies to personalize (show you what your friends liked), to help maintain and improve what we do, or for safety and protection.”
You’re invited to respond to Arturo’s statement in the comments section below.
Photos: Facebook Timeline
The New Facebook Profile: Timeline
Timeline is a radical departure from previous versions of the Facebook user profile. The most prominent feature is the addition of a cover photo at the top of the page. Users can change this to whatever they’d like it to be.
1987
In 1987, my sister was born. Facebook knows these life events and includes them in your timeline.
Being Born
You can even add a picture and context to your birth, which starts the Timeline.
Timeline Interface
The Timeline is a two-column interface with top photos, status updates, friends and more.
Map
Facebook has added a feature that lets you see where you have visited. This is powered by Facebook Places.
Photos in the Timeline
Here’s how photos are displayed in the Timeline.
Friends in the New Timeline
Here’s what the Friends page looks like.
Changing Settings
Some of the new Timeline’s customization features.
2009
More of the new Timeline
Getting Married
You can add life events, such as getting married, to your profile through the Publisher Bar. You can also announce that you broke a bone, got a new job, etc.
More F8 Coverage:
- Facebook Changes Again: Everything You Need To Know
- Prepare Yourselves: Facebook To Be Profoundly Changed
- Facebook Now Has 800 Million Users
- Facebook Timeline: Here’s What It Looks Like [VIDEO]
- Facebook Open Graph Seeks to Deliver Real-Time Serendipity
- Yahoo Hooks Up With Facebook for Socially Curated News
- Facebook Adds TV & Movies to the Stream
- What Do You Think of the Facebook Changes? [OPEN THREAD]
- Facebook Reveals Major Updates at F8 [LIVE BLOG]
- Facebook Timeline Redefines User Profiles
- Spotify Comes to Facebook [PICS]
More About: Facebook, Frictionless sharing, new features, privacy
For more Dev & Design coverage:
- Follow Mashable Dev & Design on Twitter
- Become a Fan on Facebook
- Subscribe to the Dev & Design channel
- Download our free apps for Android, Mac, iPhone and iPad