Facebook fixes ID cookie glitch
- 28 September 2011
- From the section Technology
Facebook has said that it has "fixed" cookies that could have tracked users after they logged out of the site.
He concluded the company might still be able to track members' web browsing after they logged out, albeit only on websites that integrate with Facebook.
The Australian privacy commissioner is reportedly investigating the issue.
In a statement, the firm told the BBC that it had done nothing wrong.
"There was no security or privacy breach—Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.
"Three of these cookies on some users' computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won't include unique information in the future when people log out."
The blogger who first highlighted the issue, Nik Cubrilovic, wrote about the issues in detail on his blog on Sunday.
He said that he had informed Facebook about the issue a year ago but there was no response from the firm until his blog post was widely reported across the net.
In an update to his blog Mr Cubrilovic acknowledged the changes that Facebook had made.
"Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons," he said.
"I would still recommend that users clear cookies or use a separate browser," he added.
Most cookies perform basic tasks like storing your login details or personal preferences.
But some track the sites users visit, which means that they may be presented with adverts for products or services they researched on the web once they visit other unrelated sites.
Consumer concerns over this type of cookie led to a new EU directive, with online firms across Europe currently working out how they can allow users to opt out of these bits of code.