Skip to main content

Hulu, MSN Track Users With "Supercookies"

Down with the Cookie

Down with the Cookie

New research presented by Stanford University and the University of California at Berkeley claims that popular websites including Hulu and MSN are currently using new techniques to track users. These include the use of "supercookies" which are not only legal, but almost impossible to detect. They even reportedly re-create user profiles after the user deletes the original cookie from their computer.

Thursday The Wall Street Journal revealed that supercookies can be used to steal a user's entire browser history. They're also stored in a different place than the typical cookie, the latter of which usually resides within a browser's cache folder. Most of the time supercookies are deployed either through HTML5 code, or through Flash content, both of which store the supercookies in a separate folder, thus making them hard to detect and delete.

According to the paper, Hulu was storing tracking coding in files related to Flash. The website itself also contained code from a company that analyzes website-traffic data which in turn was injecting supercookies into browser cache and into files associated with HTML5. After Hulu was contacted about its use of supercookies, the website posted an online statement claiming that it "acted immediately to investigate and address" the issue.

Mike Hintze, associate general counsel at Microsoft, said that the MSN team was alarmed when the research results were brought to their attention. "It was inconsistent with our intent and our policy," he told the paper, and then added that Microsoft removed the offending code from the MSN website. Other Microsoft-owned websites and its advertising network were also found to be using supercookies.

"Microsoft's Mr. Hintze said that the company removed the code after being contacted by Mr. [Stanford researcher Jonathan] Mayer, and that Microsoft is still trying to figure out why the code was created," the paper states. "A spokeswoman said the data gathered by the supercookie were used only by Microsoft and weren't shared with outside companies."

Both Flixter and Charter.net were discovered to be using a "history stealing" tracking service which snoops into the browsing histories of visitors to see if they frequent one of more than 1,500 listed websites. The history stealing on those two sites was being performed by Epic Media Group, but chief executive Don Mathis claims that his company was inadvertently using the technology and no longer uses it. Flixter and Charter were completely (and conveniently) unaware of the ordeal.

Thankfully there' a way to eliminate and prevent supercookies from invading your privacy. For the Windows platform, CCleaner will nuke most cookies stashed on the hard drive, and Flush.app is a handy cookie cutter for the Mac platform. Those using Mozilla's Firefox browser can install the BetterPrivacy extension that will help block most of those pesky invaders.