Facebook tracks you wherever you go around the web, even if you're not a member, and even if you specifically opted out of being tracked within the EU.
These are the results of a recent report (PDF), compiled by researchers at the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels.
This is Facebook basically saying “we don’t care what you say, we do what we please”.
As The Guardian first reported, the researchers claim that Facebook tracks the computers of users without their consent, whether they are logged in to Facebook or not, and even if they are not registered users of the site or explicitly opt out in Europe.
The site’s goal is to track users for target advertising.
Facebook places tracking cookies onto a person’s computer every time they visit a Facebook domain, including sites with the “Like” plugin. Users don’t even need to press the like button.
"During the opt-out, Facebook placed a cookie named “oo” with the value “1” but did not remove any of the cookies stored in the browser, including the “fr” cookie, which, according to Facebook’s 2012 statements, is used for advertisement purposes," the report states.
"Visiting two sites that contain Facebook social plug-ins, we confirmed that Facebook still receives the uniquely identifying cookies such as “c_user”, “datr”, “lu” and “fr” after the user opts out.
"The finding suggests that Facebook places a long-term, uniquely identifying cookie on the website suggested by Facebook to European users for opting out from interest-based advertising. All the later visits to pages that include Facebook social plug-ins can be linked by Facebook using this cookie, which has a lifespan of two years."
A Facebook spokesperson said the report contained factual inaccuracies, and said the authors had never contacted them.
"The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public," they said. "We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us. However, we remain willing to engage with them and hope they will be prepared to update their work in due course”.