Facebook can track you even after logout -hacker

Facebook users, be warned: the social network giant may still be able to track you even after you log out of your session. This was the finding of an Australian hacker who said Facebook's "cookies" —bits of information saved on a user's computer— still lets Facebook keep tabs.

"(L)ogging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions," hacker Nik Cubrilovic said in a blog post.

He also noted Facebook's new application programming interface (API) allows applications to post status items to one's Facebook timeline without user intervention.

This may raise a privacy concern that "because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see."

Cubrilovic said that during logout, a number of Facebook cookies are not being deleted.

He noted two cookies (locale and lu) are given new expiry dates, and three new cookies (W, fl, L) are set.

When he made a subsequent request to www.facebook.com as a "logged out" user, he said the primary cookies that identify him as a user are still there.

"This is not what 'logout' is supposed to mean - Facebook (is) only altering the state of the cookies instead of removing all of them when a user logs out," he said.

Such a setup allows a supposedly logged-out user to still send his or her account ID to Facebook when he or she visits any page with a Facebook "Like" button, or share button, or any other widget.

"The only solution to Facebook not knowing who you are is to delete all Facebook cookies," he said.

Log-out experiments

Cubrilovic recalled an experiement where he created a number of fake Facebook accounts after logging out of his browser.

After using the fake accounts for some time, he found that they were suggesting his real account to him as a friend.

"Somehow Facebook knew that we were all coming from the same browser, even though I had logged out," he said.

He said these are serious implications if one uses Facebook from a public terminal.

"If you login on a public terminal and then hit 'logout,' you are still leaving behind fingerprints of having been logged in. As far as I can tell, these fingerprints remain (in the form of cookies) until somebody explicitly deletes all the Facebook cookies for that browser," he said.

He pointed out Facebook knows every account that has accessed Facebook from every browser and is using that information to suggest friends to a user.

"The strength of the 'same machine' value in the algorithm that works out friends to suggest may be low, but it still happens. This is also easy to test and verify," he said.

Reported to Facebook

Cubrilovic said he reported this issue to Facebook in a detailed email but got the "bounce-around."

He said the entire process was so flaky and frustrating that he did not bother sending them two XSS holes that he have also found in the past year.

"The question is what it will take for Facebook to address privacy issues and to give their users the tools required to manage their privacy and to implement clear policies - not pages and pages of confusing legal documentation, and 'logout' not really meaning 'logout,'" he said. — TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Sy moves up, Villar enters Forbes list of billionaires
    Sy moves up, Villar enters Forbes list of billionaires

    Eleven Filipinos are included in Forbes’ 2015 list of richest people in the world. Filipino-Chinese tycoon Henry Sy Sr. continues to be the wealthiest man in the Philippines. The 90-year-old SM supermalls, banking and property tycoon ranked 73rd among the world’s richest with an increased net worth of $14.2 billion from $11.4 billion last year. Sy’s net worth was attributed to the continued growth of his SM Investments Corp. and his more recent venture, the City of Dreams Manila resort and …

  • Jolo apologizes to Bong in visit
    Jolo apologizes to Bong in visit

    Cavite Vice Gov. Jolo Revilla wept and embraced his father as he apologized for the “accidental” shooting incident in their Ayala Alabang residence, the family’s spokesman said yesterday. Lawyer Raymund Fortun came out of the private room at the Asian Hospital and Medical Center in Muntinlupa City to speak to reporters, who were barred from entering the hospital compound during the visit of Sen. Ramon “Bong” Revilla Jr. …

  • Australian drug smugglers being taken to Indonesian island for execution - media
    Australian drug smugglers being taken to Indonesian island for execution - media

    By Jane Wardell and Beawiharta SYDNEY/DENPASAR, Indonesia (Reuters) - Two convicted Australian drug smugglers were removed from a prison in Bali on Wednesday to be taken to an Indonesian island where they will be shot by firing squad, Australian media reported. The planned executions of Myuran Sukumaran, 33, and Andrew Chan, 31, have ratcheted up diplomatic tensions amid repeated pleas of mercy for the pair from Australia and thrown a spotlight on Indonesia's increasing use of the death …

  • US billionaire says WWII Japanese ship found in Philippines
    US billionaire says WWII Japanese ship found in Philippines

    Microsoft co-founder Paul Allen said Wednesday he had found one of Japan's biggest and most famous battleships on a Philippine seabed, some 70 years after American forces sank it during World War II. Excited historians likened the discovery, if verified, to finding the Titanic, as they hailed the American billionaire for his high-tech mission that apparently succeeded after so many failed search attempts by others. Allen posted photos and video online of parts of what he said was the …

  • Another source of SAF execution video identified
    Another source of SAF execution video identified

    The National Bureau of Investigation (NBI) is still tracing the source of the video showing one of the wounded police commandos being finished off by Muslim rebels during the encounter in Mamasapano, Maguindanao last Jan. 25. A source from the Department of Justice (DOJ) said they have identified two persons who first uploaded the video that went viral over social networking sites. The supposed source of the video was elusive and claimed that somebody just placed it on an external drive. The …

  • Pacquiao big hit so far in Vegas sports books vs Mayweather

    LAS VEGAS (AP) — Manny Pacquiao has always believed he can do what 47 other fighters before him have failed to do — beat Floyd Mayweather Jr. in the ring. …

  • N. Korea fires missiles in anger at South-US military drills
    N. Korea fires missiles in anger at South-US military drills

    North Korea fired two short-range ballistic missiles into the sea and vowed "merciless" retaliation Monday as the US and South Korea kicked off joint military drills denounced by Pyongyang as recklessly confrontational. The annual exercises always trigger a surge in military tensions and warlike rhetoric on the divided peninsula, and analysts saw the North's missile tests as a prelude to a concerted campaign of sabre-rattling. "If there is a particularly sharp escalation, we could see the …

  • World's oldest person wonders about secret to longevity too
    World's oldest person wonders about secret to longevity too

    TOKYO (AP) — The world's oldest person says 117 years doesn't seem like such a long time. …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options