You log out of Facebook and go off to surf the world wide web in the belief that wherever you go you’re fully anonymous and not being tracked. That belief is in error, as was recently proven by an Australian blogger who demonstrated that once you’re logged out of Facebook, you’re actually not logged out of Facebook. Nik Cubrilovic discovered that a number of cookies that identify you to Facebook are retained after you log out, and an HTTP connection back to Facebook remains for all eternity. It seems that the only completely secure option is to not just to log out of the social network site and clear your cookies, but to literally reinitialize your hard drive and reinstall your operating system… and to not ever log onto Facebook again.

Ireland Is Investigating Facebook

When Cubrilovic recently announced his research, Facebook was confronted with a flurry of publicity as well as a class action suit by Perrin Aiken Davis. Since Facebook’s international headquarters is based in Dublin, Ireland’s Data Protection Commission has announced that it will be conducting a full privacy audit of the site to discover if its citizens (and by extension all users) have had their privacy violated. The Irish commission will be specifically focusing on aspects such as inadequate privacy settings and photos that are still publicly viewable on the internet after they are “deleted.”

880 Pages of Tracking per User

Facebook is no longer ignoring Cubrilovic and has actually just deactivated the stalkerish “a-user” cookie that contains your user ID. In a public statement, Facebook adopted the same excuse many other internet giants have used when they have been caught with their hand in the “cookie” jar, stating that the “a-user” should have been cleared upon logout and it was a bug in the code. Apparently this so-called bug has been resident on the computer hard drives of nearly a billion people for years and has been providing Facebook with a volume of completely priceless marketing information: When the United Kingdom introduced a law empowering users to access their historical data captured by Facebook, many were surprised to find an average of 880 pages filled with the details of how they interacted with their contacts and the web at large.

This “Act” Isn’t Over

Cubrilovic has discovered that although the relatively blatant “here is the user’s ID” cookie has been finally quashed, Facebook still has the technical capabilities to identify logged out users. One of the ways is the “act” cookie that, regardless of Facebook’s claims of innocuousness, contains a timestamp accurate to fractions of a millisecond that can easily be cross-referenced by the social network to identify the user. Therefore, although the “a-user” is gone, this “act” is far from over.

Facebook Is Not Alone

Should you be concerned about Facebook tracking your movements across the net? In fairness, they are not alone, as the number of tracking cookies placed on the average internet user’s computer by almost every commercial website they have ever visited is nothing short of staggering. Whether you like it or not there is a record present in a variety of servers around the world showing all the sites you visit as well as what you do there – and all this info can be viewed by a plethora of government and other agencies who are interested in other aspects of your life, not just marketers trying to sell you something. So if your taxes are paid up and you don’t have any legal skeletons in your closet, you really don’t have much to worry about.

“Paranoia will destroy ya,” and the bottom line is that these digital footprints are primarily accessed by governments to track terrorists and major criminals, so your unpaid parking ticket from last year is not generally grounds for the FBI to commandeer your online history. Regardless, in its current iteration internet privacy remains an oxymoron, and the only way to be completely sure that your online actions are not leaving indelible tracks is to not make them in the first place. Given that we live in an internet-reliant age, that prospect may be neither feasible nor desirable.