Belatedly responding to our queries regarding researcher Nik Cubrilovic's evidence that Facebook retrieves personally identifiable cookies held on users' computers whenever they visit a Facebook-enabled site - which, these days, is pretty much any site on the web - even when the user has logged out, a Facebook spokesperson denies ill intent.
"No information we receive when you see a social plugin is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information," the spokesperson added in mitigation for the company's decision to continue such tracking even when a user has logged out of the main site.
The spokesperson also added a whole raft of wonderful features which, it is claimed, would be impossible if Facebook didn't retrieve certain cookies on logged-out users' visits to third-party sites. "Specific to logged out cookies," the spokesperson claimed, "they are used for safety and protection, including identifying spammers and phishers, detecting when somebody unauthorised is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birthdate, powering account security features such as 2nd factor login approvals and notification, and identifying shared computers to discourage the use of 'keep me logged in.'"
The spokesperson's comments have been backed up by Facebook engineer Gregg Stefancik, one of the employees responsible for the development and maintenance of the log-in system on the social networking site. "Generally, unlike other major Internet companies, we have no interest in tracking people," Stefancik claims in a reply to Cubrilovic's original blog post. "We don’t have an ad network and we don’t sell people’s information.
"Said more plainly, our cookies aren’t used for tracking," Stefancik explains. "Contrary to your article, we do delete account-specific cookies when a user logs out of Facebook. As a result, we do not receive personally identifiable cookie information via HTTP Headers when these users browse the web."
While Stefancik's comments - and those of the Facebook spokesperson who reached out to thinq_ following the publication of our original article on the matter - indicate that Cubrilovic was wide of the mark on some of his assertions, further comments on the blog from anonymous readers suggest that the company's explanations aren't being entirely accepted.
Cubrilovic has promised to write a follow-up piece analysing his findings in more detail, and including reference to Stefancik's claims.