Facebook cookies work even after leaving the site

    Among the latest innovations on Facebook is the publication of status on the social network about visited pages, even if the user did not click the Like button. Thus, information about his actions may become public without his knowledge and, possibly, without his desire. Some famous people are scared by this opportunity, so they recommend logging out with Facebook before visiting other sites.

    But it turns out that the problem is much deeper. The fact is that some Facebook cookies live even after leaving the site, so that Facebook can monitor the actions of the user and update his statuses.

    Security specialist Nik Cubrilovic shows which cookies are set when logging in to facebook.com.

    Cookie:
    datr=tdnZTOt21HOTpRkRzS-6tjKP;
    lu=ggIZeheqTLbjoZ5Wgg;
    openid_p=101045999;
    c_user=500011111;
    sct=1316000000;
    xs=2%3A99105e8977f92ec58696cf73dd4a32f7;
    act=1311234574586%2F0


    And which are removed when logging out. As you can see, not all cookies that were set are deleted, and some cookies ( locale and lu ) are simply assigned a new expiry date, plus when you exit the site three more new cookies are set ( W, fl, L ). As a result, even after logging out on Facebook, cookies send information, including identification data. Here is an example request as logged out user. That is, at any time when a user visits a page with a Like button or any other Facebook button, this information is sent to Facebook.

    Set-Cookie:
    _e_fUJO_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
    c_user=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
    fl=1; path=/; domain=.facebook.com; httponly
    L=2; path=/; domain=.facebook.com; httponly
    locale=en_US; expires=Sun, 02-Oct-2011 07:52:33 GMT; path=/; domain=.facebook.com
    lu=ggIZeheqTLbjoZ5Wgg; expires=Tue, 24-Sep-2013 07:52:33 GMT; path=/; domain=.facebook.com; httponly
    s=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
    sct=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
    W=1316000000; path=/; domain=.facebook.com
    xs=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly






    Cookie:
    datr=tdnZTOt21HOTpRkRzS-6tjKP;
    openid_p=101045999;
    act=1311234574586%2F0;
    L=2;
    locale=en_US;
    lu=ggIZeheqTLbjoZ5Wgg;
    lsd=IkRq1;
    reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Findex.php%3Flh%3Dbf0ed2e54fbcad0baaaaa32f88152%26eu%3DJhvyCGewZ3n_VN7xw1BvUw;
    reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Findex.php%3Flh%3Dbf0ed2e54fbcad0b1aaaaa152%26eu%3DJhvyCGewZ3n_VN7xw1BvUw




    Thus, a reliable way to avoid “tracking” is to completely delete facebook.com cookies and no longer access the site, as an option, configure the appropriate filters in AdBlock or similar programs.

    Also popular now: