RafaelFajardo

…

The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.

There are serious implications if you are using Facebook from a public terminal. If you login on a public terminal and then hit ‘logout’, you are still leaving behind fingerprints of having been logged in. As far as I can tell, these fingerprints remain (in the form of cookies) until somebody explicitly deletes all the Facebook cookies for that browser. Associating an account ID with a real name is easy – as the same ID is used to identify your profile.

Facebook knows every account that has accessed Facebook from every browser and is using that information to suggest friends to you. The strength of the ‘same machine’ value in the algorithm that works out friends to suggest may be low, but it still happens. This is also easy to test and verify.

Erratum: I refer to the wrong cookie name in the post above. I also say ‘all sites’ can be tracked, when I meant to say ‘all sites that integrate facebook’.

…