Subject: General Tech | August 17, 2011 - 02:03 PM | Jeremy Hellstrom
Tagged: security, fud, tracking cookie, super cookie, ETag value
Of course, very soon after the technical documentation of the trick was released to the net KISSmetrics claimed that they were completely innocent and that it was all a misunderstanding. According to the CEO of KISSmetrics the company has never tracked anyone nor shared the information with a third party, so either the company never plans to ever make any money or he is being very specific in his definitions of what "is is". Even better, they claim not to use ETag values at all only first party cookies. As well, they claim support for the Do Not Track header and a "consumer-level opt-out" for their tracking as well. That is disingenuous in that there is no sign of how to start the opt out process on their site, nor is there any clear way that they could identify you in order to let you opt out without a cookie or ETag placed on your machine in the first place.
The Do Not Track header is a good idea, but in addition you should consider browser add ins such as BetterPrivacy, NoScript and Ghostery as essential and perhaps even get used to running Chrome in Incognito mode, if you do not want to be trapped. Don't use them to disable the ads which fund your favourite websites, they should be used to identify and possible block violations to your privacy only. You can follow the link at The Register if you would like to see the technical research that has lead to these questions about KISSmetrics.
"A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode."
Here is some more Tech News from around the web:
- Observations on the Google-Motorola Purchase @ AnandTech
- GPGPU Bitcoin Mining Trojan @ Slashdot
- Kingston Scavenger Hunt Contest @ Bjorn3D