Facebook ‘Supercookies’ Spur Privacy Concerns

Published November 8, 2011

Members of Congress are calling for the Federal Trade Commission to investigate Facebook after the social network giant admitted to watching Web pages its members visit even after those members have logged out from the site. The privacy invasion was reported in September by Australian technology blogger Nik Cubrilovic.

Reps. Edward J. Markey (D-MA) and Joe Barton (R-TX), co-chairs of the Congressional Bipartisan Privacy Caucus, wrote in late September to Federal Trade Commission (FTC) Chairman Jon Leibowitz stating Facebook’s use of its so-called supercookie software that tracked users’ online activities should be investigated under the “unfair and deceptive acts” clause of the agency’s mandate.

“When people log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities,” the congressmen wrote. “We believe this impression should be the reality.”

The letter continued, “We are interested in any actions the Federal Trade Commission has taken or plans to take to investigate the usage and impact of supercookies on the Internet and consumers. We believe that an investigation of the usage of supercookies would fall within the FTC’s mandate as stipulated in Section 5 of the Federal Trade Commission Act with respect to protecting Americans from ‘unfair and deceptive acts or practices.'”

Cookies Remain on Computers
Upon the revelation of its supercookies-related breach of user privacy, Facebook confirmed it had been tracking its 750 million users, blaming the abuse on a mistake caused by software automatically downloaded to users’ computers when they logged on to the site.

Facebook stated the cookies implanted on members’ computers by the software “inadvertently” sent information on users’ online activity to the company. The company says it has remedied the privacy problem, claiming the cookies no longer track and transmit user information once those users have left the Facebook site.

However, the cookies remain on users’ computers unless they are deleted manually, and continue to transmit Facebook users’ IP address—the “unique identifier” address of all computers—and information on whether Facebook users have visited any sites containing a Facebook “like” or “recommend” button.

Facebook Controls Captured Data
“This is an issue that Facebook has been dodging questions about since the launch of their ‘like’ button last year,” said Nick Molnar, Web strategist for Thirdi Software in Vancouver, British Columbia. “Facebook lets site owners easily add a ‘like’ button to a page, but in exchange keeps tabs on anyone that visits the page with a Facebook account with only a promise that they are not misusing this information,” Molnar said.

“With the ‘like’ button now spread across hundreds of millions of pages, this gives Facebook an incredible advantage in search and ad targeting,” Molnar continued. “Facebook likely knows more about your Web site’s demographics and usage than you do, but with no accountability to use that information for your benefit.”

Molnar added, “If it becomes more lucrative for them to sell ads to your competitors, targeting your site’s visitors, there is no guarantee that Facebook would pass up the opportunity. While the ‘like’ button sits on your page, Facebook controls the data that gets generated. And they can do whatever they’d like with it.”

User Privacy Diligence
Mike DeWolfe, information architect for Those DeWolfes Creative in Vancouver, British Columbia, says the “like” partners suffer from slower loading of pages as a result of the technology.

“I have always been suspicious of third-party, Javascript-delivered widgets,” DeWolfe explained. “The process kills the clients’-side performance of a Web page. In one instance, our customer’s Web page loaded in under four seconds, but the Javascript-widget processing caused the page load to hang on the client side for another 10 seconds. A widget like the Facebook ‘like’ widget really serves Facebook more than the Web site that displays it,” he said.

Dangers for Job-Seekers
On the employment side, DeWolfe said Facebook is one of the few employers actually adding jobs, but he noted features recently added to the site could cause trouble for job seekers unwary about their Internet use. He cited as examples new Facebook features that automatically aggregate user data and photos and a feature that automatically shares user online activities via connected apps. Both could present problems for job applicants if they are not careful about their social media usage, he said.

“It’s critical with these new features to be diligent in managing how your privacy and apps are set, which is now more granular and therefore complicated,” agreed John Theriault, principal of Truventis, a Boston, Massachusetts-based social media consulting firm. “It requires greater involvement on the part of the user to understand how each aspect of the Facebook profile could be accessed by others.

“We have absolutely heard of candidates not getting a job or losing their job because of what an employer found online, so people need to be very cautious about the sites they use, information they post, and how they interact online,” he added.

Phil Britt ([email protected]) writes from South Holland, Illinois.

Internet Info

“We Didn’t Mean to Track You: Says Facebook as Social Network Giant Admits to ‘Bugs’ in New Privacy Row,” Daniel Bates, The Daily Mail, September 28, 2011: http://www.dailymail.co.uk/sciencetech/article-2042573/Facebook-privacy-row-Social-network-giant-admits-bugs.html#ixzz1btkeWiXn

“Letter to Federal Trade Commission Chairman Jon Leibowitz,” Reps. Ed Markey and Joe Barton, September 26, 2011: http://news.heartland.org/sites/default/files/Supercookie%20letter.pdf