Facebook Cookies Work Even If You’re Logged Out (for Your Own Good)

  • Share
  • Read Later

Facebook may not be planning to shut down your account or charge you, but that doesn’t mean that they aren’t doing some things that you might want to be concerned about. Say, for example, tracking users even after they log out of the site.

That’s the accusation from developer Nik Cubrilovic, who discovered that Facebook “alters” tracking cookies when you log out instead of deleting them. “With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook,” Cubrilovic wrote. “The only solution to Facebook not knowing who you are is to delete all Facebook cookies.”

(MORE: How the European Cookies Are Crumbling (on the Web))

When ZDnet’s Emil Protalinski contacted Facebook for a response, the company pointed him in the direction of a comment left on an earlier post of his in which an engineer who works for the company said that logged out cookies were only being used for users’ “safety and protection”:

“I am a Facebook engineer that works on these systems and I wanted to say that the logged out cookies are used for safety and protection including: identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of ‘keep me logged in.’

Also please know that also when you’re logged in (or out) we don’t use our cookies to track you on social plugins to target ads or sell your information to third parties. I’ve heard from so many that what we do is to share or sell your data, and that is just not true. We use your logged in cookies to personalize (show you what your friends liked), to help maintain and improve what we do, or for safety and protection.”

Color me suspicious, but “we don’t delete cookies for your own good, and we’re not tracking you because we would never do that” doesn’t necessarily sound like the most convincing explanation ever. Expect a more official condemnation from the company soon.

MORE: Microsoft Sued over Secretly Tracking Smartphone Users

Graeme McMillan is a reporter at TIME. Find him on Twitter at @Graemem or on Facebook at Facebook/Graeme.McMillan. You can also continue the discussion on TIME’s Facebook page and on Twitter at @TIME.