" />

Super Cookies Raise Privacy Concerns

Posted on Tuesday, August 30th, 2011 by Print This Post Print This Post

Categories - Featured, News

There’s a “new” cookie in the spotlight which is virtually impossible for computer users to detect, and it’s completely legal, at least for now. According to researchers at Stanford University and University of California at Berkley, websites such as MSN.com and Hulu.com have been “installing files known as ‘super cookies’ which are capable of recreating users’ profiles after people deleted regular cookies” and without the knowledge of the user.  The companies’ reaction when contacted by researchers? The tracking technique was claimed to be inadvertent and shut down immediately.  Microsoft associate general counsel Mike Hintze offered this explanation: “We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued.”

As a search marketer, I am all too familiar with session cookies, secure cookies and third party cookies, but I was unfamiliar with these smarter, stealthier cookies with more interesting agendas. So I did a little cookie research on Wikipedia to better understand.

I’ll start by noting, cookies are not by nature bad, as Wikipedia explains, they “cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.”

A Super cookie is a “cookie set through the Adobe Flash system, bypassing the browser cookie manager. These cookies cannot be deleted through the browser, but require modifications to the settings on the Adobe Flash panel.”

Evercookie is a “javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.”

Interestingly, the Evercookie was created by Samy Kamkar, creator of the Samy Worm, which took down MySpace in 2005.

A Zombie cookie (produced by an Evercookie) is “any cookie that is automatically recreated after a user has deleted it. This is accomplished by a script storing the content of the cookie in some other locations, such as the local storage available to Flash content, HTML5 storages and other client side mechanisms, and then recreating the cookie from backup stores when the cookie’s absence is detected.”

Techie lingo aside, each of these cookies has one goal — continue to collect user web-browsing information even after standard cookies have been deleted.

Privacy concerns are once again at the forefront due to these types of tracking tactics.  And despite the increasing calls for stricter governmental regulations, the online ad industry claims to be capable of regulating itself.  But Julia Angwin of The Wall Street Journal explains, “Under the self-imposed guidelines, collecting health and financial data about individuals is permissible as long as the data don’t contain financial-account numbers, Social Security numbers, pharmaceutical prescriptions or medical records. But using techniques such as history stealing and supercookies ‘to negate consumer choices’ about privacy violates the guidelines, says Lee Peeler, executive vice president of the Council of Better Business Bureaus, one of several groups enforcing the rules.”

I understand the need for companies to maximize revenue through targeted advertising, and have seen such products as Google’s remarketing perform amazingly well for advertisers, but using secretive tracking techniques without user consent appears suspect. As an avid online shopper, I do enjoy a customized shopping experience with sites that recommend items I might actually like i.e. Amazon, but I’m not keen on the idea of all of my personal web-browsing history being recorded somewhere and potentially sold to a company willing to pay for the valuable information, or even worse, accessed by hackers for more malicious uses.

About Ami Grant

Ami joined The Search Agency in 2004 and has over 9 years of online marketing experience both on the publisher and agency-side. She is responsible for SEM campaign management, strategy, and maximizing ROI. Before joining TSA, Ami was a Senior Content Solutions Editor at Yahoo! Search Marketing, where she spent over 2 years optimizing accounts through keyword generation, creative development, and landing page recommendations. Ami is originally from Austin, TX and holds a Bachelor of Arts in English at the University of Texas at Austin. She is also a certified Google AdWords Professional and SEMPO–LA Chapter Member.

Tags | , , , , , , , , , , , , ,

7 Responses to “Super Cookies Raise Privacy Concerns”

  1. David says:

    It is things like this that give online marketing a bad name and will force regulation on us that no one wants.

  2. Thank you for very interesting article!
    Can you correct the behavior of your sharing buttons toolbar?
    It is sticky hovering in the center of the screen blocking reading the article and writing comment

    Both your link Supercookie
    and Zombie cookie
    point to
    which is redirected) to the same

    That is, to nowhere. There is no term Super cookie there

    Can you correct them?
    It would be great!

  3. Mark F. says:

    As a current search marketer, an old school flash developer and fan of Left4Dead, I’ve been very interested in hearing about Zombie Cookie functionality and it’s application for a while now.

    Nice update Ami.

  4. I delight in, lead to I discovered just what I was having a look for. You’ve ended my 4 day lengthy hunt! God Bless you man. Have a great day. Bye


  1. Website Cookies | EU Cookie Law
  2. Privacy Policy
  3. Castlemartyr Hotel - Privacy Policy | Castlemartyr Hotel

Leave a Reply

Follow Us on Twitter

Featured in Alltop

Big List - Search Marketing Blogs

2010 SEMMY Runner-Up

BoostCTR Best PPC Blogs