Supercookie Monster Eating Your Privacy for Lunch
You already know that every word you type on your browser is being tracked and used to profile and deliver highly-relevant advertisements to you (Big Brother Lives in Your Browser). And you know that most websites install “cookies” onto your computer in order to store relevant information about you (account numbers) that make surfing more convenient, and to gather information that allows advertisers to know more about you. You probably even know how to delete them.
But new research has shown that deleting cookies doesn’t always help. A new breed of cookies, called supercookies, can reconstruct all of your profile history even after the cookie has been deleted. MSN.com and Hulu.com just got caught using supercookies to track your surfing habits in stealth mode (you have no way of knowing that it’s happening, and you can’t do anything about it). The Wall Street Journal had this to say about supercookies and history stealing:
Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies… The spread of advanced tracking techniques shows how quickly data-tracking companies are adapting their techniques… [“history stealing”] peers into people’s Web-browsing histories to see if they previously had visited any of more than 1,500 websites, including ones dealing with fertility problems, menopause and credit repair… Supercookies are stored in different places than regular cookies… | WSJ 8/18/11 | Supercookies on WSJ for non-subscribers.
So here is the simple scenario of why this matters to you: Your daughter is doing a high-school report for a business class on bankruptcy. In her research, she visits sites like creditrepair.com, poorcredithelp.net, wiki.answers.com/Q/How_do_you_repair_bad_credit, all while being tracked by small pieces of software (cookies and supercookies) that embed themselves on your computer. The software is probably developed by an internet software company like Epic Media Group and installed on the websites above. Let’s say you have set up your security software to delete cookies at the end of each browser session. Your daughter closes out of the session, deleting the cookies that have tracked her history on sites dealing with poor credit. The cookies are deleted.
But the supercookies remain, so that when you log on to a credit card web site to apply for a new card, they know that you (actually it wasn’t you) have been surfing on sites that indicate you might have bad credit. Instead of sending you to a signup page for a credit card with a 15% annual fee, they send you to a page offering a card with a 23% fee. The credit card company has paid for that profile information on you. And you will never know it and you can’t easily delete it.
So what is the solution? That’s just it, there really isn’t one at this point, which is why you should be concerned. Long term, you can contact your congress person and all those other things you won’t probably do to encourage them to pass digital privacy regulations. In the meantime, be careful of where you surf, because you are being watched closely.
John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com or contact him directly on 800.258.8076.