Facebook’s New Features Might Not Be as Private as You Think

Charlie White, mashable
September 26, 2011

Apparently, Facebook has a lot of work to do on its privacy controls.

In some cases, the new “frictionless sharing” features of Facebook can make it so that even when you’re logged out of Facebook, your browser is still tracking every page you visit, sending that data back to Facebook.

According to Australian entrepreneur and self-described hacker Nik Cubrilovic, who shows the code involved with this alleged security issue on his website, “Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.”

Oddly enough, Cubrilovic says this data is not even hidden, adding that “You can test this for yourself using any browser with developer tools installed. It is all hidden in plain sight.”

Cubrilovic’s interest was piqued after he read a post by Dave Winer on Scripting News, pointing out the specter of Facebook announcing the websites you’re visiting and articles you’re reading without your explicit permission or knowledge.

Such capabilities are written into Facebook’s new API, according to Winer. He says that Facebook scares him, writing, “I think there’s a good chance that by visiting a site you are now giving them access to lots more info about you. I could be mistaken about this.”

Winer’s post was a reaction to one written last week by ReadWriteWeb, pointing out that the new “social reader” apps Facebook plans to launch soon (and are now available if you enable your Facebook Timeline) will be able to display what you’re reading to your Facebook friends.

However, we logged into one of those Facebook apps, the Guardian Social Reader, and noticed that it’s easy to opt out of these “features” when we first began using it.

Even though you can opt out of much of this sneaky kind of sharing, we’re thinking Facebook still has some work to do before everyone can feel perfectly secure with its apps and sharing capabilities.

Perhaps it’s a matter of educating users about Facebook’s new capabilities. Meanwhile, it might be time for us to modify that old saying, “Don’t write anything that you wouldn’t want to have read in court.”

For the time being, must we modify that to “Don’t click on any website that you wouldn’t want to have revealed in court?”

Leave a Reply