Woman says Facebook cookies violate wiretap laws, files suit

By on October 18, 2011, 6:00 PM

Brooke Rutledge of Lafayette County, Mississippi has sued Facebook for allegedly violating federal wiretap laws by illegally tracking her Internet activity while logged out of the social networking site. The 17-page filing seems to have been prompted by a recent discovery by Australian blogger Nik Cubrilovic. In late September, Cubrilovic released an article explaining how Facebook could track users across the Web on any page running a Facebook widget, such as the "Like" button seen at the bottom of TechSpot's articles.

"Leading up to September 23, 2011, Facebook tracked, collected, and stored its users' wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook," says Rutledge's complaint, which she hopes will reach class-action status. It goes on to say that Rutledge didn't authorize Facebook to intercept, track, collect and store her electronic communications such as browsing history when not logged in to the social site.

Facebook's privacy policy informs users that when visiting sites with plugins such as the Like button, your browser will send certain information back to Facebook, but your account ID is supposed to be excluded if you're not logged in. The policy specifically claims: "If you're logged out or don't have a Facebook account and visit a website with the Like button or another social plugin, your browser sends us a more limited set of information. For example, because you're not logged in to Facebook, we don't receive your User ID."

However, Cubrilovic's research suggests that the site issues cookies with unique identifiers that are included in the data returned to Facebook -- even when you're logged out. "Even if you are logged out, Facebook still knows and can track every page you visit that has Facebook integrated," Cubrilovic wrote. "The only solution to Facebook not knowing who you are is to delete all Facebook cookies." This isn't a new discovery, either. Cubrilovic informed Facebook about the issue several times over the last year but has been ignored.

Until he went public, of course. Facebook Engineer Gregg Stefancik quickly replied to -- and largely denied -- Cubrilovic's claims. Two days after publishing his original article, Cubrilovic said in an update that Facebook has partly resolved the issue, which reportedly stemmed from a "bug" that left identifying cookies on your system after logging out. "Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes," Cubrilovic wrote.

Facebook hasn't commented on Rutledge's suit, but it's not the first of its kind and it certainly won't be the last. Earlier this month, 42-year-old Kansas lawyer John Graham filed suit over Facebook's cookies citing wiretap violations. Experts believe these cases have little footing as there is a legal precedent suggesting cookies aren't wiretaps. The Register notes that although similar cases against Disney, Microsoft, McDonalds and others have been thrown out, it's mostly because the plaintiffs couldn't quantify monetary damages.




User Comments: 24

Got something to say? Post a comment
Win7Dev said:

Who cares. Plain and Simple. If you use facebook why are you worried about them tracking your browsing history? They already know where you live, what your interests are, and probably what you had for breakfast this morning, so why does it even matter if they know what sites you've been to. They could likely guess based on the info you've given them anyway.

gwailo247, TechSpot Chancellor, said:

You're right Win7Dev, but there needs to be a limit to it. Otherwise before you know it there will be a keylogger on your computer sending everything you type on it back to some company somewhere. I make it a point to log off FB when I'm done with it, they should not gather information of me when I'm "done" with them. Guessing is not the same thing as knowing.

Guest said:

Obviously if someone is violating peoples privacy they should be held responsible, but I would think its impossible for them to track your activity if you don't go to their site to begin with : )

Kinda like, its impossible for apple to "track your iphone" if you never buy one in the first place

But uh-oh, wait a second...no smartphone, no facebook..sounds like loser to me...and if theres one thing the wise have taught me, its that being cool and having a lot of friends is all that matters in this life, right? : )

Guest said:

Yes, that's right.

Guest said:

Actually the like button is on the top and being tracked on the internet is significant ( if FB can do it why not anybobdy else? )

PinothyJ said:

Guest said:

Actually the like button is on the top and being tracked on the internet is significant ( if FB can do it why not anybobdy else? )

What's that? Pino does not have a Facebook account? How awesome is that kid!?

And my life is better because of it...

Staff
Matthew Matthew, TechSpot Staff, said:

Guest said:

Actually the like button is on the top

Actually, there's one on the top and the bottom.

Guest said:

Silly Rabbits...

Google Chrome Extension:

Facebook Disconnect - Version: 1.2.0

Stop Facebook from tracking the webpages you go to.

jetkami said:

Herr Hitler promised the German people a free Volkswagen for every family and a government paid vacation once a year (If you toted the party line)...,but look how it ended. We need to keep our money (meaning dont buy EVERY gadget supporting the high price) and information to ourselves and learn to become more independent like our founding fathers were.

Guest said:

I have the google chrome extension that replaces the like button with an image. Click it once to bring up the actual like button.

war59312 said:

Another reason to be running NoScript via http://noscript.net/ and Ghostery via http://www.ghostery.com/.

No facebook crap for me. Good lucky getting a cookie on my network! Blocked via router at DNS level too.

Guest said:

You can add filters to AdBlock to block the cookies. Here's the list with the filters:

facebook.com^$domain=~facebook.com ~facebook.net|~fbcdn.com|~fbcdn.net

facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|
fbcdn.net

fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fb
dn.net

fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fb
dn.net

RH00D RH00D said:

Win7Dev said:

Who cares. Plain and Simple. If you use facebook why are you worried about them tracking your browsing history? They already know where you live, what your interests are, and probably what you had for breakfast this morning, so why does it even matter if they know what sites you've been to. They could likely guess based on the info you've given them anyway.

Unless you use a proxy and fill them up with wildly false information and use NoScript + BetterPrivacy add-ons for Firefox. It's the facebook.net domain that is required for the "like" buttons and whatnot on external sites. That domain isn't actually required to use facebook.com though. So I think keeping facebook.net blocked on NoScript may help the issue to a degree.

bakape said:

Indeed, NoScript for the win! Or NotScripts in my case (Chrome).

Guardian31756 said:

I've been noticing that where ever I go on the internet, You almost have to have a Facebook account or you won't get anywhere !

It's almost like being forced to have an Facebook account or your left behind !

Guest said:

modern browsers are embedded with database,

and always crashing ... don't really care if data

is transmitted to the moon !

Tomorrow_Rains said:

Guest said:

Silly Rabbits...

Google Chrome Extension:

Facebook Disconnect - Version: 1.2.0

Stop Facebook from tracking the webpages you go to.

Implying Google Chrome isn't a bot-net.

Guest said:

Wish I was paranoid enough to wear a tinfoil hat like others.

Guest said:

The main reason I opened this article was coz the first words were "Woman says"

Couldn't you have used "researcher" instead?

Mizzou Mizzou said:

"Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes,"

Just exactly who's safety are they protecting by retaining the ability to track your browser activity? Isn't it more like "We want to retain this ability because we're making good money by selling this information". I would like to see Ms. Brooke Rutledge win this case in order to establish a legal precedent that would apply to all corporate entities engaged in this type of activity.

Guest said:

If you don't agree with their policies and it bothers you that much.....stop using it! Facebook is not a necessity, it's a social networking/marketing site. It is taken way too seriously these days.

Guest said:

it doesnt matter, using facebook and google you will always be tracked and all those so called cookies can always be filtered down to pinpoint a single individual. people nowadays are just paroniod about 'privacy' ; but there is no such thing.

RH00D RH00D said:

Guest said:

it doesnt matter, using facebook and google you will always be tracked and all those so called cookies can always be filtered down to pinpoint a single individual. people nowadays are just paroniod about 'privacy' ; but there is no such thing.

Well, I'd rather live in a society that is unnecessarily paranoid about privacy when they don't need to be, than one that isn't and should be. Kind of like the phrase, "I'd rather have a gun and not need it than need it and not have it".

OUTLAWXXX said:

I don't really communicate with people on facebook these days anyways so I deleted my facebook account about 2 weeks ago because I don't like them tracking me and making money off selling info about me. Made one last post that they could reach me at a certain e-mail address and if they actually care they will. The site is just a professional stalker site anyways imo.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.