Some Sites Using Unkillable HTML5 Cookies

+ - Some Sites Using Unkillable HTML5 Cookies-> 0

Submitted by Trailrunner7 on Monday August 01, 2011 @12:51PM

Trailrunner7 writes "Two years after a widely publicized study in which they identified the risks of Web sites silently installing persistent Flash cookies on users' machines, a group of researchers has done a follow-up study that found not only are some of the same sites still re-spawning Flash cookies, but many other sites are using new technologies such as HTML5 to store cookies and at least one was using cache cookies to uniquely identify users even when they've disabled cookies and are in a private browsing session.

"This respawning employed the cache to mirror values, specifically ETags. To our knowledge, this is the first demonstration of this ETag tracking 'in the wild.' ETag tracking and respawning is particularly problematic because the technique generates unique tracking values even where the consumer blocks HTTP, Flash, and HTML5 cookies. In order to block this tracking, the user would have to clear the cache between each website visit. Even in private browsing mode, ETags can track the user during a browser session. Additionally, the ETag respawning we observed set a first party cookie on hulu.com. This means that other sites subscribing to the kissmetrics.com service could synchronize these identifiers across their domains," they wrote."
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.