[FuzzyDunlop]

The cookies are somewhat a red-herring when you consider how insignificant they are compared to other methods of tracking.

They don't need a cookie in place to receive the IP of whoever loads a page with a Facebook 'like' button on it.

They're a big enough company with smart enough people to develop algorithms that can associate an IP address to a user account to at least a 95% confidence interval. They've got all that stuff you type in your profile and all the things you've shared to aid that, and the more you use your account the better they can predict.

To that end I'd be surprised if they don't continue to track 'deactivated' Facebook accounts. Not in anticipation of you going back to it, of course.

[alastairpat]

Tracking by IP is a ridiculous idea. My mobile phone provider uses transparent proxying for its mobile Internet - I must share the same external IP as thousands of other people when I browse the web via my phone. Not to mention that households using NAT will have three plus accounts from the one IP, let alone businesses with hundreds.

Internet-facing IP simply isn't unique enough for these purposes.

[DougWebb]

My inclination is to agree with you; the IP is hardly a unique identifier. But they don't need perfection. Think about it: most people, most of the time, will send requests to FB from just a few IPs and maybe one ISP proxy network (which FB can recognize as a proxy.) They know that your account is associated with these IPs based on tracking cookies. So, when they see a request from one of these IPs without the cookie, they can do a reverse lookup to get a list of possible accounts. That narrows the field. Next they can do a semantic analysis of the page that had the Like button which sent the request, and compare that to pages previously associated with the possible accounts. If one of them stands out as a likely match, they can be pretty sure who sent the request.

The more data they gather, and the more relationships they can record between you, your friends, and the pages you visit, the better they will get at tracking you without the cookies.

[alastairpat]

It's an interesting idea in theory, but I honestly think that the number of people who care enough about privacy to want to log out (or otherwise stop the cookies from being sent to Facebook) would be so low that it wouldn't be cost-effective. My guess is that it would probably be confined to HN's demographic.

The sort of zeroing-in on individuals based on traits/information, however, does kind of remind me of this: http://adage.com/article/digitalnext/target-a-facebook-ad-a-... - not really relevant, but still kind of cool.

[cpeterso]

Beyond IP tracking, the EFF's Panopticlick website demonstrates how much uniquely identifying is exposed from a browser's User-Agent and system configuration values accessible from JavaScript and Flash (such as screen size, locale, and installed fonts). For example, my browser's fingerprint is unique among the 1.7M browsers the EFF has tested to date.

https://panopticlick.eff.org/index.php?action=log&js=yes

[suking]

Tracking by IP is pretty useless with so many people on phones, aol, etc. Plus, multiple accounts per workplace, just doesn't work...