

Facebook caught lying? - asto
http://blog.arunbalan.in/2011/09/28/hey-facebook-ive-got-a-question-for-you/

======
joejohnson
It’s something of a hopeless pipe dream, but what the internet really needs is
an upgrade to the HTTP protocol to allow persistent connections like telnet.
When HTTP was designed, they never imagined people would “log in” to sites,
and as such, the protocol is horribly designed for doing so. Not defending
Facebook here, but the problem is a symptom of that poor protocol design.

~~~
yuvadam
Excuse my French, but what does that have to do with anything?

The issue at hand is about Facebook not respecting your request to log out of
their service. "Log out" means "I'm going away. Do not assume anyone on this
computer is me anymore."

Facebook deliberately choose to ignore this convention, and continue to track
users using various methods in order to gather more information for their
purposes.

What Facebook _should_ have done was delete all Facebook cookies - end of
story.

How _that_ is related to the pros and cons of HTTP is beyond me.

------
nanofish
To avoid this kind of problems, we need better privacy features in web
browsers: better control on accepting / rejecting cookies, blocking trackers,
hiding information which is usable for browser fingerprinting, etc. Today,
this is possible with extensions, but I think, it should be default in the
future.

------
doomlaser
tl;dr Facebook not caught lying.

------
JoachimSchipper
Facebook apparently knows that "these people used the same computer". This is
not evidence of cookie-based tracking, though: they could just be using the IP
address.

~~~
asto
IP address is not accurate enough to reliably ascertain such a thing. First,
there's the problem of NAT. Second, there's the problem of dynamic IPs. My IP
address changes everytime my modem is switched back off and switched back on.
I'm sure a lot of other facebook users don't have static IPs as well.

Point I'm making: This data is important to them and they're recording it.
They have an easy and reliable way to access this data through persistent
cookies which they've - ahem - left on user clients by mistake. A lawyer would
call that circumstantial evidence. Of course, I can't be fully sure of my
accusation. Hence the question mark.

~~~
pluies
JoachimSchipper is right that it doesn't have to involve cookies, and so are
you that IP addresses aren't enough.

Facebook could be using the same methods as Panopticlick
(<http://panopticlick.eff.org/>), which are incredibly effective assuming the
two users log in from the same browser.

------
ColinWright
See also: <http://news.ycombinator.com/item?id=3062900>

