Msg#: 4351868 posted 4:57 am on Aug 16, 2011 (gmt 0)
Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning
In August 2009, we demonstrated that popular websites were using “Flash cookies” to track users. Some advertisers had adopted this technology because it allowed persistent tracking even where users had taken steps to avoid web profiling. We also demonstrated “respawning” on top sites with Flash technology. This allowed sites to reinstantiate HTTP cookies deleted by a user, making tracking more resistant to users’ privacy-seeking behaviors.
In this followup study, we reassess the Flash cookies landscape and examine a new tracking vector, HTML5 local storage and Cache-Cookies via ETags.
We found over 5,600 standard HTTP cookies on popular sites, over 4,900 were from third parties. Google-controlled cookies were present on 97 of the top 100 sites, including popular government websites. Seventeen sites were using HTML5, and seven of those sites had HTML5 local storage and HTTP cookies with matching values. Flash cookies were present on 37 of the top 100 sites.
Is this still going on? Or rather, are YOU doing it?
A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode.
The technique, which worked with sites including Hulu, Spotify and GigaOm, is controversial because it allowed analytics startup KISSmetrics to construct detailed browsing histories even when users went through considerable trouble to prevent tracking of the websites they viewed. It had the ability to resurrect cookies that were deleted, and could also compile a user's browsing history across two or more different browsers. It came to light only after academic researchers published a paper late last month.
Msg#: 4351868 posted 7:35 am on Aug 16, 2011 (gmt 0)
I do not use them, nor will I ever. In the end this techniques will hurt everyone.
More and more people are using extensions like Noscript and Adblock Plus to protect their privacy. Well - you wanted to squeeze the last advertising dollars by violating their privacy - now you are getting nothing because people do not see your ads anymore.
Webmasters always complain about new legislation - like the new EU cockie directive - that makes it more and more difficult for webmasters. Webmasters can thank companies like Google, Facebook and companies like Kissmetric who want to squeeze the last bit of information out of their users - disregarding any privacy law there is.
Msg#: 4351868 posted 12:33 pm on Nov 13, 2011 (gmt 0)
- like the new EU cockie directive - that makes it more and more difficult for webmasters
Yea right, what I find most interesting is that the information commissioner's office (ico) where they initiated the cookie privacy this year in UK, sends session cookies and various etags when you access their site, which obviously can be used for tracking purposes given third party cookies are on.