Move over Twinkies and cockroaches; meet the unkillable cookie

Subject: General Tech | August 18, 2015 - 01:11 PM |
Tagged: super cookie, security

Congratulations, if you use Verizon, AT&T, Bell Canada, Bharti Airtel, Cricket, Telefonica de Espantilde;a, Viettel Peru S.a.c., Vodafone NL or Vodafone Spain as your provider your browsing is being tracked and there is nothing you can do about it.  These providers have assigned your device a unique token which the provider injects into every HTTP request your device makes, the cookie is actually external to your device and so you have no way to remove it.  You will see targeted ads based on your browsing no matter how many times you remove cookies or even factory reset your phone.  Verizon has now made it an opt-out feature and The Register has been told that AT&T no longer injects the 'super cookie' into headers but based on businesses recent behaviour it is probably because they have found a better way to track you.

Screen-Shot-2013-09-15-at-9.09.53-AM.png

"At least nine telcos around the world are using so-called super-cookies to secretly monitor citizens' online behavior, according to a new study."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

So you think nobody knows what you've been watching on the net?

Subject: General Tech | August 17, 2011 - 02:03 PM |
Tagged: security, fud, tracking cookie, super cookie, ETag value

KISSmetrics is a small company which is able to track your movements across sites like Hulu and Spotify, using what some call a super cookie but more accurately is an ETag value.  That ETag value is a unique identifier stored in both a browser's cache and metadata folders which can be sent to KISSmetrics via JavaScript along with a header, so that any time you visit a site partnered with KISSmetrics they will know it is you.

Of course, very soon after the technical documentation of the trick was released to the net KISSmetrics claimed that they were completely innocent and that it was all a misunderstanding.  According to the CEO of KISSmetrics the company has never tracked anyone nor shared the information with a third party, so either the company never plans to ever make any money or he is being very specific in his definitions of what "is is".  Even better, they claim not to use ETag values at all only first party cookies.  As well, they claim support for the Do Not Track header and a "consumer-level opt-out" for their tracking as well.  That is disingenuous in that there is no sign of how to start the opt out process on their site, nor is there any clear way that they could identify you in order to let you opt out without a cookie or ETag placed on your machine in the first place.

The Do Not Track header is a good idea, but in addition you should consider browser add ins such as BetterPrivacy, NoScript and Ghostery as essential and perhaps even get used to running Chrome in Incognito mode, if you do not want to be trapped.  Don't use them to disable the ads which fund your favourite websites, they should be used to identify and possible block violations to your privacy only.  You can follow the link at The Register if you would like to see the technical research that has lead to these questions about KISSmetrics.

supercookie.jpg

"A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register