Facebook Damage Control: Pledges Privacy Breach Fix

  • Share
  • Read Later

No, it’s not some creepy OnStar-like secret monitoring scheme, where Facebook plans to track you even after you’ve logged out of the social networking site, but that’s essentially what Facebook’s capable of, thanks to a cookie “bug.” The bug allows Facebook to collect browsing-related information even after a user’s signed out of the service—if Facebook wanted to exploit it, anyway.

The issue was outed by developer Nik Cubrilovic on Sunday. “They’re sending the information to their servers, even when they (users) are logged out,” Cubrilovic told The Australian. “It’s a question of what they do with it. They may not do [anything] with it now, but in two years’ time, they might introduce a new feature that accesses it.”

(MORE: Facebook Cookies Work Even If You’re Logged Out (for Your Own Good))

Facebook’s already reacted to the story, guns-a-blazin’, pledging to correct the issue by Wednesday this week, it seems. In fact, in an unusual move, they responded directly to Cubrilovic, promising to “fix” the privacy glitch, as well as three other cookie-related issues during a 40-minute conference call Tuesday afternoon.

“They aim to fix it (the logout issue) by tomorrow,” said Cubrilovic. “There will still be cookies, but they won’t be identifiable. That’s within 24 hours. We can only take them at their word.”

It’s not for the faint of heart (or easily bored), but Cubrilovic also has a spreadsheet table up that color codes the offending cookies and their behavior when you logout. Among other things, the cookies include your Facebook ID, thus making it possible, in theory, for Facebook to track what you’re up to long after you’ve exited the service. We’re talking really long: Cubrilovic says the cookies’ lifetime, assuming you don’t routinely clear them manually (hint: you should), defaults to “several years.”

In other words, Facebook’s “fix”—no doubt Cubrilovic as well as others are standing by to ensure it really is a fix—can’t get here fast enough.

MORE: PSA: Facebook Is Not Charging People, Will Not Delete Your Account

Matt Peckham is a reporter at TIME. Find him on Twitter at @mattpeckham or on Facebook. You can also continue the discussion on TIME‘s Facebook page and on Twitter at @TIME.