Facebook has admitted that it has been watching the web pages its users visit even when they have logged out.
In its latest privacy blunder, Facebook was forced to confirm that it has been constantly tracking its 750 million members, even when they are using other sites.
Facebook also says the huge privacy breach was simply a mistake – the software automatically downloaded to users’ computers when they logged in to Facebook “inadvertently” sent information to the company, whether or not they were logged in at the time.
Most of its users would assume that Facebook stops monitoring them after they leave its site, but technology bloggers discovered this was not the case.
In fact, the information has been regularly sent back to Facebook’s servers – data that could be worth billions when creating “targeted” advertising based on the sites users visit.
The Facebook’s practices were exposed by Australian technology blogger Nik Cubrilovic and have provoked a furious response across the internet.
Facebook claims to have “fixed” the issue – and “thanked” Nik Cubrilovic for pointing it out – while simultaneously claiming that it wasn’t really an issue in the first place.
Nik Cubrilovic found that when you sign up to Facebook it automatically puts files known as “cookies” on your computer which monitor your browsing history.
This is still the case, although Facebook claims the cookies no longer send information while user is logged out of its site. If user is logged in to Facebook, the cookies will still send the information, and they remain on your computer unless you manually delete them.
The cookies send Facebook your IP address – the “unique identifier” address of your PC – and information on whether you have visited millions of websites: anything with a Facebook “like” or “recommend” button on it.
“We place cookies on the computer of the user,” said a Facebook spokesperson, who admitted that some Facebook cookies send back the address of users’ PCs and sites they had visited, even while logged out.
“Three of these cookies inadvertently included unique identifiers when the user had logged out of Facebook. We did not store these for logged out users. We could not have used this information.”
However, Facebook spokesperson said that the “potential issue” had now been “fixed” so that the cookies will no longer broadcast information:
“We fixed the cookies so they won’t include unique information in the future when people log out.”
“It’s just the latest privacy issue to affect a company that has a long history of blunders relating to user’s private information.”
Nik Cubrilovic wrote: “Even if you are logged out, Facebook still knows and can track every page you visit.
“The only solution is to delete every Facebook cookie in your browser, or to use a separate (web) browser for Facebook interactions.
“This is not what <<logout>> is supposed to mean.”
The admission is the latest in a series of privacy blunders from Facebook, which has a record of only correcting such matters when they are brought to light by other people.
Earlier this year, the social network website stopped gathering browser data from users who had never even been to Facebook.com after it was exposed by a Dutch researcher.
Facebook was forced into a partial climbdown over changes to privacy settings which many claimed made too much public.
Facebook also came under attack for launching a “stalker button” which allowed users to track another person’s every move in a list which was constantly being updated.
Arturo Bejar, one of Facebook’s directors of engineering, admitted that users continue to be tracked after they log out but said that the data was deleted right away.
Bejar said it was to do with the way the “like” feature works, which is a button users can click on to show they like something.
“The onus is on us is to take all the data and scrub it. What really matters is what we say as a company and back it up.”
On technology blog CNET, however, users were outraged at what was going on:
“Who the hell do these people think they are? <<Trust us>>. Why? Why should we trust a company that spies on us without our knowledge and consent?”
“Holy wow…. they’ve just lept way past Google on the creepy meter.”
According to U.S. reports Facebook has recently set up its own Political Action Committee, an American term for a lobbying outfit to get its views heard on Capitol Hill.
So far this year it has already spent $550,000 on lobbying, already ahead of last year’s total of $350,000.
Facebook has also been forced to deny Internet rumors it will begin charging for its services and said it will “always be free”.
A spokesman for Facebook said that the login and log out measures were designed for security and were there to prevent fraud and added: “We to do not use this information to target adverts.”