Reputation: 1718
How does Facebook Pixel track your FB ID, if it cannot access your Facebook cookies?
(This is strictly about the tech side (specifically cookies) of how it all works, so I hope this is on-topic here).
We all have had the experience of browsing a website with a Facebook Pixel installed, and then logging into Facebook and start seeing ads for that site. My question is: how does Facebook Pixel identify your FB user ID if you’re browsing the site while logged out of Facebook?
If you look at the cookies set by a site with Facebook Pixel installed, you'll see the _fbp cookie. According to Facebook's docs (https://developers.facebook.com/docs/marketing-api/conversions-api/parameters/fbp-and-fbc/):
When the Facebook pixel is installed on a website, and the pixel uses first-party cookies, the pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist.
The fbp event parameter value must be of the form version.subdomainIndex.creationTime.randomnumber, where:
- version is always this prefix: fb
- subdomainIndex is which domain the cookie is defined on ('com' = 0, 'facebook.com' = 1, 'www.facebook.com' = 2). If you’re generating this field on a server, and not saving an _fbp cookie, use the value 1.
- creationTime is the UNIX time since epoch in milliseconds when the _fbp cookie was saved. If you don't save the _fbp cookie, use the timestamp when you first observed or received this fbp value.
- Randomnumber is generated by the Facebook pixel SDK to ensure every _fbp cookie is unique.
So there's not information about the user's ID there, only about the site's ID.
If you look at the cookies set by facebook.com itself ("datr", "sb", etc.), they are all HttpOnly, so there's no way for Facebook Pixel to access it, since it's loaded in an external website.
We also know that they cannot do it using third party cookies, since most browsers (specially on mobile) block them by default and have been doing so for years.
So... how do they do it?
Upvotes: 1
Views: 2429
Answers (1)
Reputation: 2771
By the document, _fbp only can be set if the site allows the pixel to operate its first-party cookie. Once it's set, the pixel can tell Facebook the following actions made by this browser under the site's domain. I think the purpose of this ID is mainly for 'unique' metrics with multiple conversion events.
To connect a certain browser to a Facebook user, I guess Facebook have to associate _fbc with _fbp. The fbclid appended on _fbc is delivered on Facebook, so I guess it's easy to know which Facebook user clicks the ad and has connected with this fbclid. When Facebook gets _fbp and _fbc (both are stored under the first-party cookie and not with the HttpOnly attribute) in the same request from the site, it can connect the Facebook user and the browser even after the user is logged out from Facebook.
There are more restrictions for apps and browsers on mobile devices. Take a look at this guide, you can realize actually there are many ways that the industry can portrait the "device graph" together.
Upvotes: 1
Related Questions
- Send fbp Cookie with Facebook Pixel Javascript
- FB pixel. Get client id (fbp)
- Why can Facebook Conversion API, instead of Pixel, overcome iOS 14 privacy policies?
- will facebook pixels see our cookies?
- Connect Facebook Pixel to BigCommerce Cookie Consent Form
- Facebook Pixel on different environments
- How does facebook pixel knows which conversion came from which facebook ad?
- How does Facebook set Cookies with FB Init call in "Facebook Connect" setup?
- How do sites know who my Facebook friends are?
- Facebook Cookie