Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Development

    Microsoft Drops Stealthy Regenerating Supercookies from MSN

    By
    Fahmida Y. Rashid
    -
    August 22, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft has removed the tracking cookie from MSN.com that could stealthily track users on the site even after the user deleted all cookies from the Web browser.

      The code used on MSN.com that was responsible for the “supercookies” had already been slated for removal, Mike Hintze, Microsoft’s associate general counsel for regulatory affairs, said Aug. 19 in a blog post on Microsoft Privacy & Safety. The company accelerated the removal process after being alerted by Jonathan Mayer, a Stanford University researcher who claimed Microsoft used the powerful cookies on Live.com, MSN.com and on Atlas third-party advertising networks, which places ads for other companies on the Internet.

      The cookie onslaught was “occurring under certain circumstances as a result of older code that was used only on our own sites,” Hintze said. None of the cookie identifiers or data associated with them were ever “shared outside of Microsoft,” according to Hintze.

      People could have had the supercookie installed on their machines without visiting Microsoft Websites directly, Mayer said. Even if they deleted regular cookies, Microsoft could have retained information about their Web browsing.

      “It is difficult to estimate the number of users affected by Microsoft’s respawning without knowing more about traffic to Microsoft’s Web properties and the conditions under which it would set [the identifier ID],” Mayer said in his blog.

      Mayer’s report followed a study from researchers at the University of California, Berkeley, who found many Websites used tracking mechanisms that circumvented the privacy settings users set up on the Web browser. Many sites, including Hulu.com, were saving “supercookies” on user computers to track users for advertising purposes. Many of these cookies are designed to re-enable themselves even after being deleted, allowing companies to track user activity and behavior over time despite cookie deletions.

      Persistent cookies are not new, as there are a number of techniques used to prevent users from deleting them. Since the cookies are stored outside the Web browser, switching browsers to protect privacy doesn’t help, according to Askhan Soltani, an independent security researcher and co-author of the UC Berkeley report. Flash cookies store user-tracking data in an Adobe Flash plug-in. Cache cookies in which data is stored in eTags are used to save bandwidth. Microsoft’s supercookie appears to have been a cache cookie, which means the only way to remove it was to clear the cache as well.

      “A Flash cookie acquired while using Firefox is also available to Websites when using Internet Explorer,” Soltani said on his blog.

      Hulu and others were using cookies from KISSmetrics, which saved cookies onto the user’s computer without notice, even if the user had specified that all HTTP and Flash cookies should be blocked, Soltani said. At least 515 Websites used KISSmetrics code to allow cookies to respawn.

      Hulu said in a blog post it was investigating the researchers’ claims.

      KISSmetrics CEO Hiten Shah claimed in a blog post the company does not track users across different Websites, nor does it have the ability to do so. Shah denied the use of persistent cookies and claimed all users have an opt-out feature.

      Websites and advertisers have faced strong criticism for collecting and selling personal data about computer users without their knowledge, or without giving users a clear way to opt out. Despite the industries claims that it could self-regulate itself to protect consumer privacy, drafts of several “do not track” privacy bills are currently making the rounds in both chambers of Congress.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×