The cat came back: Cubrilovic spots another Facebook 'tracker'

Facebook preps yet another fix


If nothing else, Australian blogger Nic Cubrilovic is giving Facebook a sense of what it feels like to have someone watching you all the time. No sooner is one Facebook cookie drama damped down than he triggers another.

In that latest to-and-fro, Cubrilovic asserts that the Facebook ‘datr’ cookie, which sparked a drama earlier this year when the Wall Street Journal outed The Social Network™ for tracking the “Like” button even for non-Facebook computers, is back.

That problem was fixed, but according to the latest post from Cubrilovic, it’s lurched back out of the grave with no sign of decay.

The ‘datr’ cookie, he writes, “is being set by all the third-party sites we tested”.

“It is the first cookie that is set, for all users of Facebook, and right now is being set for everybody on any Facebook integrated site - logged in or not logged in,” he writes, adding that Ashkan Soltani has submitted a bug report to Facebook (Soltani contacted The Register separately regarding this issue).

Facebook responded in a post on Cubrilovic’s site, saying that “we still have a policy of not building profiles based on data from logged out users”. The Facebook engineer, who identifies himself as Gregg Stefancik, says the behaviour discovered by Cubrilovic is not a “re-enabling” of the cookie, but rather a “separate issue involving a limited number of sites, including CBS Sports”, and promised a fix “today”.

A Facebook spokesperson in Australia declined to elaborate beyond Sefancik’s remarks. However, The Register can confirm that at the time of writing, the CBS Sports Website is still setting ‘datr’. ®

Similar topics

Narrower topics


Other stories you might like

  • Meta agrees to tweak ad system after US govt brands it discriminatory
    And pay the tiniest of fines, too

    Facebook parent Meta has settled a complaint brought by the US government, which alleged the internet giant's machine-learning algorithms broke the law by blocking certain users from seeing online real-estate adverts based on their nationality, race, religion, sex, and marital status.

    Specifically, Meta violated America's Fair Housing Act, which protects people looking to buy or rent properties from discrimination, it was claimed; it is illegal for homeowners to refuse to sell or rent their houses or advertise homes to specific demographics, and to evict tenants based on their demographics.

    This week, prosecutors sued Meta in New York City, alleging the mega-corp's algorithms discriminated against users on Facebook by unfairly targeting people with housing ads based on their "race, color, religion, sex, disability, familial status, and national origin."

    Continue reading
  • Metaverse progress update: Some VR headset prototypes nowhere near shipping
    But when it does work, bet you'll fall over yourselves to blow ten large on designer clobber for your avy

    Facebook owner Meta's pivot to the metaverse is drawing significant amounts of resources: not just billions in case, but time. The tech giant has demonstrated some prototype virtual-reality headsets that aren't close to shipping and highlight some of the challenges that must be overcome.

    The metaverse is CEO Mark Zuckerberg's grand idea of connected virtual worlds in which people can interact, play, shop, and work. For instance, inhabitants will be able to create avatars to represent themselves, wearing clothes bought using actual money – with designer gear going for five figures.

    Apropos of nothing, Meta COO Sheryl Sandberg is leaving the biz.

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading

Biting the hand that feeds IT © 1998–2022