Facebook has promised to fix a "bug" which means logged-out users can be identified by Mark Zuckerberg's company as they visit many other sites on the web.
But the social network has refused to stop using information on logged-out users altogether, saying much of it is necessary to protect their security.
An engineer admitted yesterday that an element of the site was mistakenly identifying logged-out users visiting Facebook-integrated sites, such as those displaying the social network's "Like" button.
Changes will be made to make the information gathered anonymous, the engineer told the Australian hacker whose research prompted an internal investigation this week.
Nik Cubrilovic published evidence which he said showed the site was tracking "every page you visit" after logging out.
After promising to make the change, Facebook said other elements, which are used to "identify suspicious login activity" as well as information used to protect people using shared computers, will be kept.