FACEBOOK is following you, even when you have logged out.
An Australian technology expert has discovered Facebook tracks the websites its users visit after they leave the social networking site. Nik Cubrilovic said his tests showed Facebook did not delete its tracking cookies when you logged out but modified them, maintaining account information and other unique tokens that could identify you.
So whenever you visited a web page containing a Facebook button or widget, your browser was still sending the details back to Facebook, said Mr Cubrilovic.
''Even if you are logged out, Facebook still knows and can track every page you visit,'' he wrote in a blog post. ''The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.''
Mr Cubrilovic, from Wollongong, has previously been involved with the large technology blog TechCrunch and online storage company Omnidrive.
He backed up his claims with detailed technical information. His post was picked up by technology news sites around the world. Facebook has yet to provide a response to the Herald.
The executive director of UNSW's Cyberspace Law and Policy Centre, David Vaile, said Facebook's changes were a ''breathtaking and audacious grab for whole life data''. He accused the networking giant of attempting to ''normalise gross and unsafe overexposure''.
''While initially 'opt in', the default then seems to be 'expose everything', and Facebook have form in the past for lowering protection after people get used to a certain level of initial protection - bait and switch,'' he said.
Stephen Collins, a spokesman for the online users' lobby group Electronic Frontiers Australia, said he hoped users became more engaged with the issue.
''Facebook, once again, are doing things that are beyond most users' capacity to understand while reducing their privacy. That's just not cool. I'd go so far as to say it's specifically unethical,'' he said.
Mr Collins said he used Facebook only to help his 14-year-old daughter on the site. He said it took him an hour to lock down his profile to his satisfaction following the recent changes.
''It's just not good enough. The default setting for any site should be 'reveal nothing about me unless I make a specific choice otherwise','' he said.
Mr Cubrilovic said he tried to contact Facebook about his discovery but did not get a reply. He said there were significant risks to privacy, particularly if using public terminals.
''Facebook are front and centre in the new privacy debate just as Microsoft were with security issues a decade ago,'' he said.
''The question is what it will take for Facebook to address privacy issues and to give their users the tools required to manage their privacy and to implement clear policies - not pages and pages of confusing legal documentation, and 'log out' not really meaning 'log out'.''