According to hacker and blogger Nik Cubrilovic: Yeah, it is.
“[e]ven if you are logged out, Facebook still knows and can track every page you visit,” alleges Cubrilovic. He points to Facebook cookies as the culprit by remaining active even after the user signs out. In his mind, tracking after logging out of Facebook presents a major privacy concern.
With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. The only solution to Facebook not knowing who you are is to delete all Facebook cookies.
Why is this all important? Because Facebook’s new apps, unveiled recently at Facebook’s f8 Developer’s Conference and rolling out now on the social network. Websites can write apps where activity on their pages can be shared automatically to a user’s Facebook profile. The whole idea is to make sharing more convenient, so that Facebook members can more easily browse what their friends are interested in and start conversations about common interests and activities. Sounds harmless right?
According to an answer of a commonly asked question in Facebook’s Help Center, when one of its users visits a site with a Facebook social plug-in, whether logged in or logged out, Facebook receives information about “the date and time you visited, the web page you came from (commonly known as the referrer URL), and other technical information about the IP address, browser, and operating system you use.”
“This is industry standard data,” the Help Center answer continues, “that helps us optimize your experience depending on which browser you are using or whether or not you are logged into Facebook.”
Essentially, Facebook is indeed tracking where its users go after they log-out, but it is claiming to do so for benign reasons.
Facebook, of course, is constantly battling against privacy concerns. Recently, the social networking giant has fought back against worries over its new auto-tag feature in early September, “epidemic levels” of bullying amongst teens on its site and its ability to make cyber-stalking easier.
UPDATE: LTG emailed Facebook PR and received the following response:
Specific to logged-out cookies, they are used for safety and protection, including identifying spammers and phishers, detecting when somebody unauthorized is trying to access your account, helping you get back into your account if you get hacked, disabling registration for underage people who try to re-register with a different birth date, powering account security features such as second factor login approvals and notification, and identifying shared computers to discourage the use of “Keep me logged in.”