Tuesday, 4 October 2011

Facebook's privacy lie: Aussie exposes 'tracking' as new patent uncovered

Facebook has been caught telling porkies by an Australian technologist whose revelations that the site tracks its 800 million users even when they are logged out have embroiled Facebook in a global public policy – and legal – nightmare.

Facebook's assurances that “we have no interest in tracking people” have been laid bare by a new Facebook patent, dated this month, that describes a method “for tracking information about the activities of users of a social networking system while on another domain”.

Nik Cubrilovic's blog post, which revealed that tracking cookies monitor Facebook users whenever they surf websites with a Facebook 'like' button, has led to political outrage in the US and Europe.

An Illinois man has filed a lawsuit over the tracking on behalf of Facebook users in the US and he is seeking class action status.


Facebook said certain cookies were tracking users in error and made several changes in response to Cubrilovic's revelations. However, it didn't stop tracking users altogether, maintaining that it needed the ability to track browsers after they logged out for safety, spam and performance purposes.

In new posts over the long weekend, Cubrilovic published instructions on how to setup secure and private Facebook browsing. His latest post contains new revelations that indicate Facebook has not switched tracking off at all.

Facebook said tracking cookies were only installed when users accessed Facebook.com but Cubrilovic found they were set by all sites that contained Facebook widgets.

In fact one of the tracking cookies used by Facebook, called “datr”, tracks users “even if the user had never been to the Facebook site, and even if they didn't click a 'like' or share' button”, Cubrilovic wrote. The cookie was previously disabled following revelations in The Wall Street Journal earlier this year but has since returned.

Cubrilovic is not convinced by Facebook's assurances that it does not use the cookies to track users.

“If you set a cookie on a users machine from one website, and then read that cookie from that persons machine from another website, that is tracking,” he wrote.

Facebook's assurances have been put further in doubt following the discovery of a Facebook patent filing on user tracking dated just days before it told the world it had “no interest in tracking people”.

The patent, “Communicating Information in a Social Network System about Activities from Another Domain”, specifically refers to tracking users outside of Facebook.com.

It describes maintaining a “profile” of each user as they move around the web and “logging the actions taken on the third-party website”.

A Facebook spokesman said the patent was not intended to track logged out users. The patent, on "careful reading", actually described a fundamental part of the Facebook platform - "creating social experiences across the web without logging into Facebook repeatedly or third party sites at all".

It gave as an example its social plug-ins which mean, for instance, that Facebook users can see content friends have "liked" on a third-party site without having to log in to that website. Facebook said current functionality and future business plans shouldn't be inferred from its patent applications.

"Like many technology companies, we patent lots of ideas. Some of these ideas become products or features and some don't," Facebook said.

In the US, a group of privacy advocates and consumer rights organisations sent a letter to the Federal Trade Commission calling for a probe into Facebook.

It came just days after two US congressman made similar calls, arguing in a latter that when users log out of Facebook they are under the impression that Facebook is no longer monitoring their activities and “this impression should be reality”.

The FTC has yet to say whether it will begin an investigation.

Dutch MP Kees Verhoeven called in parliament for Facebook to be held more accountable after it had “been repeatedly linked to privacy violations”. Other MPs echoed his remarks and called for changes to the law to address Facebook privacy.

In Ireland, where Facebook has its European headquarters, the data protection commissioner is planning a “detailed audit” of Facebook's activities outside the US and Canada, the Financial Times reported.

It comes on top of political outrage directed at Facebook in other countries including Britain, Germany and Japan.

Last week, the Australian Privacy Commissioner, Timothy Pilgrim, said he was not going to investigate the Facebook tracking issue as the site had assured him it had rectified the matter. But Pilgrim has yet to comment on the revelations in Cubrilovic's latest blog post or the tracking systems outlined in Facebook's patent filing.

Separately, the rollout of Facebook's new Timeline feature, designed to turn profiles into a chronological scrapbook of major events in the user's life, is being delayed by a trademark infringement lawsuit filed by Timelines.com.

The site's other major change, “frictionless sharing”, whereby user activities are published on their profiles without any prompting by the user, has also sparked controversy.

The feature enables, for instance, users to automatically inform friends when they play a song on Spotify, but it has also led to more unfortunate disclosures such as one user inadvertently telling friends they visited a porn site.

Cubrilovic – and many privacy groups – fear that Facebook could combine “frictionless sharing” with the data it gets by tracking users around the web, risking significant unintended disclosures.

“These changes in business practices give the company far greater ability to disclose the personal information of its users to its business partners that in the past,” the privacy advocates wrote in their complaint letter to the FTC.

“Options for users to preserve the privacy standards they have established have become confusing, impractical and unfair.”

In announcing the new features, Facebook founder Mark Zuckerberg referred to “Zuck's law” – his belief that Facebook users double the amount of information they share on the site each year.

No comments:

Post a Comment