Spotify dropped the undeletable cookie, but Facebook has now admitted to tracking users — even when they’re logged off.
That is, through various cookies and unique identifiers sent from like buttons, all of which are complicated to remove. “Even if you are logged out, Facebook still knows and can track every page you visit,” programmer and technologist Nik Cubrilovic exposed in a recent blog.
“The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.”
This also means that users will probably share more activity than they intended, thanks to ‘lubricated’ APIs. But don’t worry, Facebook can explain. Perhaps attempting to contain another privacy blow-up, Facebook told the Wall Street Journal that this complicated cookie-and-identifier setup is all about security. That is, preventing false logins and phishing attacks without extra authentication.
And, Facebook further claimed that all of this logged-out data is immediately deleted (you’ll just have to trust them on that). “The onus is on us to take all the data and scrub it,” said Arturo Bejar, Facebook’s director of Engineering. “What really matters is what we say as a company and back it up.”
Facebook is no stranger to these sorts of breach controversies. The company has been caught improperly collecting data on a number of occasions, and its security standards are, let’s say, insecure.
All of which raises another question about Spotify’s decision to attach themselves to the Facebook hip. Because these things don’t always end well.