Hulu, MSN Track Users With "Supercookies"
Supercookies will rebuild your profile even after a normal cookie is deleted.
New research presented by Stanford University and the University of California at Berkeley claims that popular websites including Hulu and MSN are currently using new techniques to track users. These include the use of "supercookies" which are not only legal, but almost impossible to detect. They even reportedly re-create user profiles after the user deletes the original cookie from their computer.
Thursday The Wall Street Journal revealed that supercookies can be used to steal a user's entire browser history. They're also stored in a different place than the typical cookie, the latter of which usually resides within a browser's cache folder. Most of the time supercookies are deployed either through HTML5 code, or through Flash content, both of which store the supercookies in a separate folder, thus making them hard to detect and delete.
According to the paper, Hulu was storing tracking coding in files related to Flash. The website itself also contained code from a company that analyzes website-traffic data which in turn was injecting supercookies into browser cache and into files associated with HTML5. After Hulu was contacted about its use of supercookies, the website posted an online statement claiming that it "acted immediately to investigate and address" the issue.
Mike Hintze, associate general counsel at Microsoft, said that the MSN team was alarmed when the research results were brought to their attention. "It was inconsistent with our intent and our policy," he told the paper, and then added that Microsoft removed the offending code from the MSN website. Other Microsoft-owned websites and its advertising network were also found to be using supercookies.
"Microsoft's Mr. Hintze said that the company removed the code after being contacted by Mr. [Stanford researcher Jonathan] Mayer, and that Microsoft is still trying to figure out why the code was created," the paper states. "A spokeswoman said the data gathered by the supercookie were used only by Microsoft and weren't shared with outside companies."
Both Flixter and Charter.net were discovered to be using a "history stealing" tracking service which snoops into the browsing histories of visitors to see if they frequent one of more than 1,500 listed websites. The history stealing on those two sites was being performed by Epic Media Group, but chief executive Don Mathis claims that his company was inadvertently using the technology and no longer uses it. Flixter and Charter were completely (and conveniently) unaware of the ordeal.
Thankfully there' a way to eliminate and prevent supercookies from invading your privacy. For the Windows platform, CCleaner will nuke most cookies stashed on the hard drive, and Flush.app is a handy cookie cutter for the Mac platform. Those using Mozilla's Firefox browser can install the BetterPrivacy extension that will help block most of those pesky invaders.
- Razer Intros Battlefield 3 Keyboard, Mouse, & More
- LTE Equipment Found Installed Inside Apple Store
- ViewSonic's Dual-Boot ViewPad Available for $599+
- Sony Announces Cheap, €99 PSP Without Wi-Fi for Europe
- Streamlined Wii Announced for UK This Holiday Season
- Sony Announces Price Drop for the PlayStation 3
- Is There a Female Gender Bias in Wikipedia?
- Rumor: iPhone 5 Launch Oct 7, Pre-Order in Sept
- Patent Deflection: Motoroogle About Facebook, Amazon
- Apple Adding DisplayPort to Future Mobile Devices?
- Meet the Futuristic Hyundai Concept Motorcycle
- Cellphone Concept For Those With Arthritis
- Motorola Mobility Sued Over Google Acquisition
- Android's Andy Rubin Shared First Bonus with Staff
- Sexting, Retweet and Cyberbullying Added to Dictionary
- Firefox's Tablet UI Scheduled for Firefox 9 Integration
- Google Enables Developers to Connect C Code to HTML5
- HP TouchPads May Be Dumped in Landfill
- GameStop's Game Streaming Service in Early Beta
Oops, how did several lines of code which serve a specific and intentional purpose get in there?
Oops, how did several lines of code which serve a specific and intentional purpose get in there?
My exact thoughts! Don't think these guys are the only ones though I'm betting other huge companies are doing the same thing and haven't been caught yet.
Funny how they got their hands in the cookie jar, but upon questioning, they're all like "what? That's not my hand! I don't know how it got there!"
bull$h1t
So it's legal. Why is it an issue if it's legal?
"These include the use of "supercookies" which are not only legal, but almost impossible to detect."
Legal? For something legal they sure removed it quick, or said they did. How is it legal to rummage through my hard drive? Maybe someone will rummage through theirs and leave a present someday......
Sounds to me like desperate acts to generate revenue.
I think that they using the term "legal" very loosely.
I don't like their interpretation for "legal" at all.
Legal means there is not currently a law against it. So I guess sending them a "supercookie" is ok too.
How I am not surprised to read this. A lot of tech companies are doing this and yet, no one admits it! What a bunch of hypocritical BSes!
FF+NoScript+Ghoster=Win.
And hulu hates me for it too, "We're sorry, we are not able to run ads at this time. Movies are brought to you for free with support from our advertisers......" and blah blah blah blah
But the crappy movie that nobody ever watches, still runs....
If it recreates itself after a user deletes it, its a virus. Period.
"Those using Mozilla's Firefox browser can install the BetterPrivacy extension that will help block most of those pesky invaders."
Been doing that for years. If anyone wonders why I've been using firefox regardless of benchmarks tom's hardware comes out with, this is one of the reasons. With the high customization of firefox due to add ons, it's superior regardless of the 1ms edge another browser may have over it. Not to mention chrome loves to sniff every letter you put in the address bar. Ad block plus also makes it so my computer NEVER tries to load ads or banners which eat up bandwidth that increase speed and my exposure to viruses has gone down 20 fold due to not ever loading those virus infected marketing banners.
Hehe was already using my own batch files running dozens of preconfigured CCleaner to get the job done (yeah CCleaner cannot have more than 300 extra lines added to it's .ini file) and also using betterprivacy for a few monthx now. It works wonders and so I'm happy more user will use these for their own privacy protection.
I like cookies...
Supercookies have existed since flash. They can sometimes reduce load times on websites due to less information (normal cookies) being sent back to the server.
Sounds like a basis of not knowing what you are doing more then anything. But if you can use cookies guess they are good for the use of them.
The idea is based mainly on some interests the most from what I can tell. But "legal" might come and go for it honestly.
Still though, rather to say anything is probably subjective and perspective but of it though probably has just as many rights and wrongs to it as the article kinda states.
These so called "super cookies" from flash are actually called Shared Objects. The work the same way a normal cookie does they just live in a different location. My browser preferences are set to clear all private data each time it closes so it removes cookies, shared objects, cache, and history. Problem solved.
".....Maybe someone will rummage through theirs and leave a present someday......
I thought that was WikiLeak's job :-)
Don't fall for it everyone, it's a trick! The real culprit are Super Duper Cookies.
Here's my input. A short video for how to stop Supercookies on Windows systems. Geared for IT geeks http://t.co/bRsiKpJ
If you wanna have some fun get the Shared Object plug-in for the Firebug plug-in for Firefox. lol...
It lets you edit Shared Objects (used by flash). You can change your data for it and give Hulu some phony tracking (if that is what they are being used for).
Decade 2GB's of Ram to run security keep update and they still get your information WOW just run two lite Mal ware Scanners like I do, even if you think you know that your doing they'll still get in some how.
If Microsoft and Hulu had it, who knows what other (more malicious) companies can also have this.
Hulu say
they "acted immediately to investigate and address" the issue
I hear
"hulu wants to sound concerned but is waiting to see how big the supercookies invasion of privacy thing issue becomes before we do anything."
and MSN says "did we do that? we are suprised."
I don't want to start hating them but they kinda make it difficult not to.
FFprivatebrowsing+AdBlockPlus+NoScript+BeefTaco+BetterPrivacy+BrowserProtect+Ghostery+HTTPS-Everywhere and CCleaner on a USB stick on a cracked administrator account on a work machine = NO TRACKING, NO COOKIES, NO MALWARE, NO ADWARE, NO SPYWARE AT ALL!
Wow, I knew data could be stored with Flash, but I didn't realize how much and how persistent it was. As soon as I read this I installed BetterPrivacy and cleared out all the LSOs. Thanks for the heads up!