Skip to content
Belgian tracking report was wrong, says Facebook
Naked Security Naked Security

Tracking report was wrong, says Facebook …but there is a bug that needs fixing

Facebook has responded to privacy claims made by Belgian researchers but admitted that a "bug" may have caused inadvertent tracking of some users.

Facebook at ad:tech London, 2010, Creative CommonsAt the beginning of this month Facebook had hit back at a report commissioned by the Belgian Privacy Commission that suggested the social network tracked far more users than previously thought.

Since then, the company has published a blog post that lays out its peeves in far more detail – while admitting that engineers are working to fix a “bug” that may have inadvertently set cookies for some users when they weren’t on Facebook.

Richard Allan, Vice President of Policy, Europe, suggests that many of the report’s claims are erroneous, saying:

The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world.

Allan goes on to offer up a list of clarifications and corrections to what he says are the most serious errors in the report.

In response to claims that Facebook is using cookies to track users across the entire internet, he fails to rebut the claim itself, focusing instead on the fact that the company uses them to personalise a user’s experience, help them when they wished to stay logged in and to deliver “interesting” adverts.

This, he says, is common practice across the web and the majority of publishers use cookies for the exact same purposes.

On the topic of web advertising, Allan countered the claim that Facebook is ignoring its users’ choice to opt out of behavioural ads when visiting other websites and non-Facebook apps. He said the company does indeed stop using such information when an opt-out is confirmed via:

The industry-standard Digital Advertising Alliance opt out, the European Interactive Digital Advertising Alliance opt out or the Digital Advertising Alliance of Canada opt out.

He did, however, confirm that Facebook continues to receive “web impressions” when people visit other sites featuring the company’s social plugins and other “integrations”. This, apparently, is not the same thing that the authors of the Belgian report call “tracking”.

On the more tetchy subject of Facebook using Social Plugins to place a cookie – called ‘datr’ – into the browsers of non-Facebook users, allowing the company to track them for up to two years, Allan denied that was the case and said it was not the social network’s intention.

He did, however, concede that the researchers may have found a bug that allowed a cookie to be set in “a few instances”.

This, Allan says, is a situation the company is already addressing. He does not mention whether Facebook will be issuing a bug bounty to the researchers from the universities in Leuven and Brussels in lieu of their discovery.

To counter the claim that Facebook is in some way deceptive about how its advertising works, Allan reiterated that the company was quite clear on the subject and had been audited by the Irish Data Protection Commissioner:

We want people to understand how ads work on Facebook and we offer many resources to help them do so. For example, with ad preferences, you can click "Why did I see this ad?" from every ad on Facebook. People can see and control the actual interests that we use to deliver ads on Facebook. Our About Advertising on Facebook Page provides even more information.

Another area of Facebook policy that has attracted attention is its 2015 Data Policy which, the researchers said, allowed the company to expand the sharing of data between its various companies.

Allan noted how the company’s new data policy had not in fact changed anything in that regard – it merely added more detail by listing each of the companies that Facebook was already sharing data with.

In response to the report’s claim that Facebook does not provide granular control over the sharing of location data, instead offering an “all-or-nothing” approach, Allan said the user remained very much in control and that the company does not retain location data unless permission has been given:

The full list of rebuttals, which Facebook notes is non-exhaustive, may do little to pacify privacy campaigners who continue to take issue with the company’s approach to user data.

Just yesterday, for instance, Max Schrems and his Europe v Facebook group filed a class action lawsuit in a Vienna court, accusing Facebook of breaching EU privacy law, mass surveillance and involvement in the NSA’s snooping program.

And, earlier this week, we brought you the news that the company was also being hit with a class action lawsuit in Illinois – over claims that its vast database of facial recognition data violated privacy laws.

Facebook at ad:tech London 2010, by Derzsi Elekes Andor (Own work) [CC BY-SA 3.0], via Wikimedia Commons


What Facebook as a so called ‘Social’ giant fails to recognised is that adverts of any sort are NOT interesting. No one sets a timer on a video recorder to record adverts while at work, or fast forwards through a TV show to get to the adverts. If Facebook bothered to ‘actually’ tailor adverts for me they’d be 1 pixel square, blank and off the screen so I can look at what I intended to look at in the first place.

I find adverts now like taking too many antibiotics. You become immune to them. When I see a web page slowly loading and adverts are appearing over it plastered everywhere I just close the page and look for the information on a cleaner page, so adverts have a negative effect. I laughed at the part, we don’t track more than you thought, oh we did? oops that’s a bug. YEAH!!!

I would ask am I the only one that truly hate the advert overkill,? but again the late great Bill Hicks was way ahead of the game.


Without advertisements, there is no FaceBook, no Google, no Yahoo, no free email, no television, no free browsers, etc.

Are you sure you want to live in that world?


I’ll be on the first vehicle there. Where do I sign up?

The “free” and closed internet is a cage. I’d gladly pay to have control over my identity. To have a real choice. Buying and selling other people against their will is slavery. Selling bodies might be more directly cruel, but selling minds is just as insidious to me. You buy into the lies of social media giants for a moment while they ply you with convenience, and you’re their property forever.

Facebook can whine about the details of this report all they like but the big picture stands.


Most ads I see are a waste of time and cost the advertiser money – I get a rash of ads for a product just after I have bought such a product. Not exactly a time when I am going to buy again. Sometimes I click on ads for things I would never buy just to confuse the algorithms targeting me. You can have a lot of fun thinking of things that should not be associated.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!