Yup, Facebook can track where you do on-line even if you aren’t logged in to the Facebook app.

“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook.” – David Baser, Product Management Director, Facebook, via blog post

Here’s an explanation of how Facebook gets the data from other services, even if you’re not using Facebook at the moment or have the app opened:

Apps and websites that use our services, such as the Like button or Facebook Analytics, send us information to make their content and ads better. To understand more about how this happens, it helps to know how most websites and apps work. I’ll use websites as an example, but this generally applies to apps, too.

When you visit a website, your browser (for example Chrome, Safari or Firefox) sends a request to the site’s server. The browser shares your IP address so the website knows where on the internet to send the site content. The website also gets information about the browser and operating system (for example Android or Windows) you’re using because not all browsers and devices support the same features. It also gets cookies, which are identifiers that websites use to know if you’ve visited before. This can help with things like saving items in your shopping cart.

A website typically sends two things back to your browser: first, content from that site; and second, instructions for the browser to send your request to the other companies providing content or services on the site. So when a website uses one of our services, your browser sends the same kinds of information to Facebook as the website receives. We also get information about which website or app you’re using, which is necessary to know when to provide our tools.

Want to tweak what Facebook can gather?  Click this link to go to the Facebook Privacy control sections:  News Feed preferences | Ad preferences 

Here’s how Facebook describes the way it uses the data it gathers:

  • Social plugins and Facebook Login. We use your IP address, browser/operating system information, and the address of the website or app you’re using to make these features work. For example, knowing your IP address allows us to send the Like button to your browser and helps us show it in your language. Cookies and device identifiers help us determine whether you’re logged in, which makes it easier to share content or use Facebook to log into another app.
  • Facebook Analytics. Facebook Analytics gives websites and apps data about how they are used. IP addresses help us list the countries where people are using an app. Browser and operating system information enable us to give developers information about the platforms people use to access their app. Cookies and other identifiers help us count the number of unique visitors. Cookies also help us recognize which visitors are Facebook users so we can provide aggregated demographic information, like age and gender, about the people using the app.
  • AdsFacebook Audience Network enables other websites and apps to show ads from Facebook advertisers. When we get a request to show an Audience Network ad, we need to know where to send it and the browser and operating system a person is using. Cookies and device identifiers help us determine whether the person uses Facebook. If they don’t, we can show an ad encouraging them to sign up for Facebook. If they do, we’ll show them ads from the same advertisers that are targeting them on Facebook. We can also use the fact that they visited a site or app to show them an ad from that business – or a similar one – back on Facebook.
  • Ad Measurement. An advertiser can choose to add the Facebook Pixel, some computer code, to their site. This allows us to give advertisers stats about how many people are responding to their ads — even if they saw the ad on a different device — without us sharing anyone’s personal information.

Class Action Suit

Facebook’s also under fire for the way it is using facial recognition to tag people in photos.  It’s being sued in a class action proceeding for violating Illinois law which prevents businesses from using biometric data without prior written consent.  You can read more about that here.