Facebook Vows to Fix Major Privacy Breach
Published September 27, 2011 | NewsCore
Social networking giant Facebook promised Tuesday to fix a major privacy breach that allowed it to collect users’ browsing information after they had logged out, The Australian reported.
Australian blogger Nik Cubrilovic sparked a major privacy debate on the Internet Monday when he revealed on his blog that Facebook kept its browser cookies active after a user has logged out of the social network.
Cubrilovic told The Australian on Tuesday that Facebook engineers had promised to revise the site’s browser cookies so that they no longer collected the identifiable information.
“They aim to fix it [the logout issue] by tomorrow [Wednesday],” he said. “There will still be cookies, but they won’t be identifiable. That’s within 24 hours. We can only take them at their word.”
He revealed that the information Facebook collected made it possible for the social network to personally label computer usage information that it collected from PCs.
“It’s a question of what they do with it,” Cubrilovic said. “They may not do anything with it now, but in two years’ time, they might introduce a new feature that accesses it.”
Earlier, Facebook defended the practice on The Wall Street Journal blog Digits. It said the collection was part of a system to prevent improper logins and that the information was quickly deleted.
“Any cookies that are associated with Facebook.com will automatically get sent when you view a ‘Like’ button,” Facebook director of engineering Arturo Bejar told the blog.
“The onus is on us to take all the data and scrub it. What really matters is what we say as a company and back it up.”
A Facebook spokesman said “no information we receive when you see a social plug-in is used to target ads.”
Bejar told the blog that Facebook was looking at ways to avoid sending the data altogether but that it will “take a while.”
Facebook is also under fire over a claim that its new “social apps” are capable of posting what a user is reading on the web, without a user explicitly “liking” the link or posting it.