By now you're well steeped in the latest Facebook cookie controversy. Even if you log off of Facebook, intrusive cookies remain and your Facebook ID can be transmitted any time you visit a page with a Facebook Like button.
Given the ongoing push-me-pull-you privacy jabs between Facebook and Google+, I decided to take a look at Google+'s behavior under similar circumstances. I was quite surprised to find that Google+ -- at least in my tests -- didn't leak my ID when venturing to "+1" button-adorned sites. It even kept mum when I went to websites showing Google AdSense pages.
Facebook's encountered a lot of criticism lately for its "frictionless sharing" that tells everyone when you look at an article in the Washington Post, for blabbing when folks unLike you, and for making your life flash before your eyes in Timeline.
The piece that caught my interest more than any other is Nik Cubrilovic's post about Facebook cookies. Facebook's boorish behavior (which it reportedly promises to "fix" today) goes something like this:
- You log on to Facebook.
- You log off of Facebook.
- You go to any website that has a Facebook Like button (or, in fact, any site that has one of the Facebook Social Plugins).
- Facebook retrieves a cookie that tells it your Facebook ID.
That's pretty classic third-party cookie behavior. It's disconcerting to many people because they don't realize that the Like button is, in fact, capable of retrieving third-party cookies. You don't need to click Like. Your visit to the website is logged by Facebook as soon as you get there and you don't need to do a thing.
Adding to the angst: Facebook is tracking your Facebook ID, which typically has your name attached to it -- and maybe a physical address, photo, bio, possibly your telephone number, a list of all of your relatives, and your summer vacation pictures. That's a whole lot more than most third-party cookies can lay claim to.
I, personally, find the "log off" step to be a bit of a non-issue. I don't want Facebook tracking my ID onto Like-adorned sites, even if I've forgotten to log off or if I've closed my browser tab without logging off. But that's another issue.
Facebook engineer Gregg Stefanick defended the company's actions in a response to Cubrilovic's post saying, "our cookies aren't used for tracking. They just aren't. Instead, we use our cookies to either provide custom content... help improve or maintain our service... or protect our users and our service... The logged out cookies, specifically, are used primarily for safety and security protections."