Facebook Struggles to Explain Its Web-Tracking Practices

Facebook’s business is built on trust, but that trust has been shaken over the past few weeks by criticism and speculation regarding how it uses browser cookies to get data about users.

A lack of thorough documentation explaining what each of its cookies does has led some observers to assume that the company is tracking offsite browsing behavior in order to target ads. Facebook needs to provide explanations for both the average user and privacy researchers about how exactly its cookies work in order to prevent these press flare-ups from giving users a negative impression and bringing on regulatory scrutiny from governments.

Some bloggers claim cookies left by Facebook and third-party sites that integrate its social plugins indicate that the company is tracking users’ web browsing behavior, then using that data to target ads in a way that violates user privacy. Facebook has refuted the claims, saying that users agree to receive the cookies and that the cookies are used to enhance site security and power the social plugins, not create a profile of a user’s offsite behavior to better target ads against.

Unfortunately for Facebook, the claims are still giving off a negative impression of the service and sparking complaint letters to government agencies from privacy advocate groups. A patent application for the company’s social plugins that included language about tracking and targeting ads has also helped fuel the controversy.

While Facebook does currently include some explanation of how it uses cookies in its privacy policy and Help Center, this information clearly isn’t complete, comprehensible, or prominent enough to deflect criticism. Facebook engineer Gregg Stefancik, who has responded to critics on blog comments, even noted “we haven’t done as good a job as we could have to explain our cookie practices.”

Facebook could have avoided much of the crises by being more transparent about it how it uses cookies. We believe Facebook should consider drawing up two dedicated documents explaining how it uses cookies and tracks offsite activity. Much like its “re-imagined privacy policy”, there could be one simple version designed for the average user and a second detailed version for privacy advocates. The company also needs to demonstrate that is doing what it says it in a way that observable by outside parties.

Cookie Criticism: The Issues to Date

Since the launch of social plugins and before, Facebook has left cookies on the browsers of people who sign up for accounts as well as anyone else who visits Facebook.com. These cookies are used to protect the site against hacking attempts and to show logged in users what their friends have Liked on third-party sites, the company has repeatedly said.

Facebook’s privacy policy says the following: “We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin). This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.”

The Help Center follows with more detail: “We use cookies to make Facebook better and easier to use, to provide you with a more personalized experience, to improve the ads that you see, and to protect you, others, and Facebook from malicious activity. We do not use cookies to create a profile of your browsing behavior on third-party sites or to show you ads, although we may use anonymous or aggregate data to improve ads generally.”

In May 2011, The Wall Street Journal reported that Dutch security researcher Arnold Roosendaal discovered that sites integrating Facebook’s social plugins were leaving cookies on the browsers of users who had never visited Facebook.com and were transmitting browsing data back to Facebook. Facebook said this was a bug and that it discontinued the practice of social plugins leaving the “datr” cookie.

On September 25th, 2011, Nik Cubrilovic wrote that Facebook was maintaining several cookies on the browsers of users even after they log out, and that these cookies include a User ID and could be used to target ads.

Facebook engineer Gregg Stafancik responded that the cookies were used for security purposes, not ad targeting, stating that “generally, unlike other major Internet companies, we have no interest in tracking people. We don’t have an ad network and we don’t sell people’s information.” He then outlined how Facebook uses its cookies:

The logged out cookies, specifically, are used primarily for safety and security protections, including:
– Identifying and disabling spammers and phishers
– Disabling registration if an underage user tries to re-register with a different birth date
– Helping people recover hacked accounts
– Powering account security features, such as login approvals and notifications
– Identifying shared computers to discourage the use of “Keep me logged in.”

He repeated that the cookie that identifies a user was the result of a bug. He noted “thanks, again for raising these important issues. We haven’t done as good a job as we could have to explain our cookie practices. Your post presents a great opportunity for us to fix that.”  The information Stefancik detailed in the comments of the post about how cookies are used for logged out users currently appears in the Help Center, although it’s unclear if it was added here since Cubrilovic’s post was published.

On September 27th, Cubrilovic wrote that Facebook had fixed the bug causing the cookie containing UIDs to be retained after log out, and that this cookie was now destroyed after log out.

On October 1st, Uncrunched published an article titled “Brutal Dishonesty” outlining how Facebook had said it does not track users, but that on September 22nd filed a patent application that includes the line “A method is described for tracking information about the activities of users of a social networking system while on another domain.” The language in the patent indicated that the information at least had the potential to be used to target Facebook ads.

A Facebook representative commented on the post in an official capacity to say that the patent merely describes how Facebook’s social plugins work to show logged in Facebook users the Likes of their friends without them having to log into Facebook again on a third-party site. The comment downplayed the idea that Facebook is currently using the data to target ads — although we don’t have a way to independently verify if it is or isn’t, or that it won’t in the future.

On October 3rd, Cubrilovic wrote that he had discovered the datr cookie was still being left by some Facebook-integrated third-party websites. In response to Facebook’s claim that it doesn’t track users, he wrote “I believe them when they say this and that they are not hiding anything, but I also believe that our definitions of tracking differ. If you set a cookie on a users machine from one website, and then read that cookie from that person’s machine from another website, that is tracking.”

Stefancik then commented on the post on the morning of October 4th to say that “as we discussed last week, we are examining our cookie setting behavior to make sure we do not inadvertently receive  data that could be associated with a specific person not logged into Facebook. We have been made aware of 2 instances in the past 2 weeks related to cookies which needed to be addressed. What you describe in this post is not a re-enabling of anything, but a separate issue involving a limited number of sites, including CBSSports. We have moved quickly to investigate and resolve this latest issue which will be fully addressed today.”

Facebook Needs Documentation to Refer to

The fact that Facebook had to comment directly on three blog posts in an attempt to debunk speculation shows there is a lack of clear documentation explaining its use of cookies. By publishing its responses as governing documents and making them easy to find, Facebook could address users’ questions before they draw their own, sometimes-negative conclusions about the company’s intentions.

We should note that a wide variety of other web companies, specifically online advertising service providers, have aggressively tracked and in many cases inappropriately used information about users, often aggregating and reselling user data without the user having any idea of what they are doing. Facebook wants to be seen as above the controversies surrounding the industry — and because so many users opt in to share their data to Facebook by joining and using the service, that claim appears to by and large be true. Yet the combination of unclear explanations, past issues, and the patent are getting in the way of its effort to explain its case.

The onus is now on Facebook to fully explain how it does and does not track users across the web and use that information back on Facebook — and prove what it says through the technology that it deploys across the web.

New Facebook Platform Industry Hires: Buddy Media, Involver, BranchOut and Efficient Frontier

Buddy Media made some big hires this week, hiring executive sales staffers in Asia and the United States, while other companies made some other sales and engineering hires.

If your company is hiring new people or making a notable promotion, please let us know. Email mail (at) insidefacebook (dot) com, and we’ll get it into next week’s post. Also, please note that information about most new hires, below, comes directly from company updates from LinkedIn.

Looking for new opportunities? Check out the Inside Network Job Board, which shows the latest openings at leading companies in the industry.

Here’s this week’s list of hires:

Buddy Media

  • Ken Mandel, Managing Director, Asia – formerly worked as Regional Vice President of Advertising Sales and Marketplace for Yahoo Asia Pacific.
  • Carla Bourque, Senior Vice President, Western Region (U.S.) Sales – previously worked  at Six Apart (acquired by SAY Media), Nielsen Online, Catalina Marketing, Jupiter Media Metrix, and SPINS (an ACNielsen partner).
  • Amy Kalokerinos, Account Director – formerly an Account Executive at Salesforce.com.


  • Gurrinder Kharbanda, Software Engineer – formerly worked as a Software Engineer/Marketing Analytics at Facebook.


  • Marshall Zhang, University Marketing Associate – formerly a Mobile Application Developer Intern at Vanguard.

Efficient Frontier

  • David Hardy, Account Manager – formerly an Associate Account Manager at Efficient Frontier.

Who else is hiring? The Inside Network Job Board presents a survey of current openings at leading companies in the industry.

Movies, TV, Sports, Music, Angry Birds, Video Chat and a Chinese Model on This Week’s Top 20 Growing Facebook Pages

Television shows, music, games, Chinese models and video chat were among the Pages that gained the most new Likes in the past week. Some of these Pages, however, appear to have grown as a result of a Page consolidation, as they experienced the bulk of their growth — hundreds of thousands of Likes, in some cases — from one day to the next.

Pages on our list this week required 237,400 and 829,600 Likes to make the top 20 this week. We compile these lists with our PageData tool, which tracks Page growth across Facebook.

Name Likes Daily Growth Weekly Growth
1.  Back To the Future 832,128 +119 +829,577
2.  隋棠 Sonia Sui 官方粉絲團 741,279 +358 +540,442
3.  Kendra 611,298 +580 +530,187
4.  Phineas y Ferb 2,471,254 +2,098 +476,770
5.  GO HABS GO 459,656 +26 +453,957
6.  Titanic 13,486,119 +57,296 +409,479
7.  Mission: Impossible 444,358 +98 +408,863
8.  facebook realesed the new Dislike Button™! Add it Now!! not a fake! 445,351 0 +333,025
9.  Poison 684,470 +572 +318,696
10.  Angry Birds 8,140,149 +44,291 +311,150
11.  ChatVibes 1,769,401 +43,097 +307,559
12.  Facebook 53,478,283 +40,856 +301,385
13.  Amelie 1,236,872 +1,616 +289,660
14.  UB40 (Official) 310,929 +45 +281,764
15.  FC Barcelona 20,989,306 +39,175 +268,611
16.  Vidivodo 449,262 +86 +268,310
17.  Harry Potter 35,252,637 +37,055 +264,201
18.  Leo Messi 25,449,686 +36,048 +249,046
19.  Music 28,388,613 +32,299 +237,895
20.  Cristiano Ronaldo 34,631,177 +34,950 +237,391

Back To the Future” grew by 829,600 Likes to 832,100; this may be due in part to a recent surge in interest in the film as the shoes featured in it were released by Nike. “Titanic” grew by 409,500 Likes to 13.4 million, “Mission: Impossible” grew by 408,900 Likes to 444,400 Likes in a seemingly huge Page consolidation, although the Page has also been promoting the upcoming installment of the series,which may have encouraged more fans to join. “Amelie” grew by 289,700 Likes to 1.2 million. Then “Harry Potter” grew by 264,200 Likes to 35.2 million, partly by heavily promoting the November release of the pack of films.

TV shows included “Kendra“, which grew by 530,200 Likes to 611,300, and “ Phineas y Ferb,” the Latin America version of the show, which grew by 476,800 Likes to 2.4 million. Both of these experienced the bulk of their growth in huge jumps. Music Pages included Poison with 318,700 Likes to 684,500 in an apparent consolidation. The UB40 (Official) Page grew by 281,800 Likes to 310,900, also a huge jump. Finally the Wikipedia Music grew by 237,900 to 28.3 million.

Sports Pages on our list were mostly football (soccer), but there was also a hockey Page. GO HABS GO is a hockey team that grew most of its 459,700 Likes, 454,000, in a huge jump last week. Then FC Barcelona grew by 268,600 Likes to 20.9 million, Leo Messi grew by 249,000 Likes to 25.4 million and finally Cristiano Ronaldo by 237,400 Likes to 34.6 million.

The rest of the list included Chinese model  隋棠 Sonia Sui 官方粉絲團, who went from 540,400 Likes to 741,300 with a big jump last week. The Facebook realesed the new Dislike Button™! Add it Now!! not a fake! grew by 333,000 Likes to 445,400 (even though Page lies, as the functionality is not something that Facebook actually offers). Angry Birds grew by 311,200 Likes to 8.1 million. Video chat app ChatVibes grew by 307,600 Likes to 1.7 million. Facebook’s Page grew by 301,400 Likes to 53.4 million. Finally, another video chat app saw a huge jump, Vidivodo, with 268,300 Likes to 449,300 Likes.

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Assistant Editor

8 Inc.
New York, NY

Copywriter & Editor

Santa Monica, CA

Director of Marketing & Communications

Neumans' Kitchen
New York, NY

Social Community Manager

Tallahassee, FL

Editorial Director

Phoenix House
New York, NY

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us