W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 27 Sep 2011 03:44:07 +0200
To: John Kemp <john@jkemp.net>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <j522879ijdt87kp6gcu4vmbohcup1f5bhq@hive.bjoern.hoehrmann.de>
* John Kemp wrote:
>It is no wonder that people are shocked when they find out they are
>still being tracked by a site after they have clicked 'logout'! And it
>is perfectly possible for a site to effectively log the user out from
>that site with technology that exists today. 

Well, I am not sure it is quite that simple. Consider a Wikipedia editor
with a static IP address who has various conflicts with other editors.
He regularily signs out of his regular account and engages in conflicts
under his IP address in addition to his regular account in some abusive
way. Wikipedia policy allows in extreme cases a select group of users to
go through logs to check whether the user account and the IP address are
likely to be the same user so administrators can take steps to limit the
abusive behavior (they do this in addition to other things, like looking
for correlations in the use of language like typos "both users" make).

This happens quite regularily, and it so happens that people who engange
in this kind of thing are often not clever enough to mask their trails,
often they fail to do as little as using separate browsers for each of
their identities. So there is often surprise when they are found out. In
this sense I do agree that people do not expect to be tracked after they
sign out (and possibly sign in into a different account instead of using
their IP address as Wikipedia identity), at least not through things in-
visible to them (obviously they do understand that "this account shows
up only when this other account has an argument and always supports the
other account" or whatever the behavior might be).

Now, if there was a rule "no tracking after clicking logout" this would
not be possible as linking these data points together is "tracking". So,
is this a wrong thing to do? Is the scenario perhaps too specialized as
this is very manual with many safeguards, rather than automatic for all
people all the time? Is it very different because this is a first-party
setup while in the case that started this thread you often have a third-
party setup? It's not clear to me which first principles could set the
boundaries here with respect to what is okay and what is not.

>Right - and if you care enough about both the site and the language,
>then you'd probably create an account and login to that account and use
>the language you want to on a per-site basis?

(Personally, I work around requirements I don't find to be necessary.)
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 27 September 2011 01:44:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:40 UTC