Richard Chirgwin follows up on the recent privacy flap over Facebook cookies tracking users who had logged out. Of note, Facebook sent The Register a statement, which says in relevant part:
Nik Cubrilovic provided us with additional information that allowed us to identify three cookies on some users’ computers that inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. Even though we weren’t using this information, it’s important to us that we address even potential issues, and we appreciate that Nik Cubrilovic brought it to our attention.
There was no security or privacy breach—Facebook did not store or use any information it should not have. Like every site on the internet that personalizes content and tries to provide a secure experience for users, we place cookies on the computer of the user.
Read more on The Register.
On Twitter, @Internetlock argues that Facebook did nothing wrong and nothing that other companies don’t do. The gist of the argument seems to be that users “should know” to clear cookies at the end of a browser session. As I replied, there are many things people “should know,” but companies still have a responsibility to inform them and be transparent about their practices. And in a litigious world, it is even more prudent for companies to be clear about their practices and to inform users of what users need to do.