Supercookie Monster Eating Your Privacy for Lunch

, ,

You already know that every word you type on your browser is being tracked and used to profile and deliver highly-relevant advertisements to you (Big Brother Lives in Your Browser). And you know that most websites install “cookies” onto your computer in order to store relevant information about you (account numbers) that make surfing more convenient, and to gather information that allows advertisers to know more about you. You probably even know how to delete them.

But new research has shown that deleting cookies doesn’t always help. A new breed of cookies, called supercookies, can reconstruct all of your profile history even after the cookie has been deleted. and just got caught using supercookies to track your surfing habits in stealth mode (you have no way of knowing that it’s happening, and you can’t do anything about it). The Wall Street Journal had this to say about supercookies and history stealing:

Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies… The spread of advanced tracking techniques shows how quickly data-tracking companies are adapting their techniques… [“history stealing”] peers into people’s Web-browsing histories to see if they previously had visited any of more than 1,500 websites, including ones dealing with fertility problems, menopause and credit repair… Supercookies are stored in different places than regular cookies… | WSJ 8/18/11Supercookies on WSJ for non-subscribers.

So here is the simple scenario of why this matters to you: Your daughter is doing a high-school report for a business class on bankruptcy. In her research, she visits sites like,,, all while being tracked by small pieces of software (cookies and supercookies) that embed themselves on your computer. The software is probably developed by an internet software company like Epic Media Group and installed on the websites above. Let’s say you have set up your security software to delete cookies at the end of each browser session. Your daughter closes out of the session, deleting the cookies that have tracked her history on sites dealing with poor credit. The cookies are deleted.

But the supercookies remain, so that when you log on to a credit card web site to apply for a new card, they know that you (actually it wasn’t you) have been surfing on sites that indicate you might have bad credit. Instead of sending you to a signup page for a credit card with a 15% annual fee, they send you to a page offering a card with a 23% fee. The credit card company has paid for that profile information on you. And you will never know it and you can’t easily delete it.

So what is the solution? That’s just it, there really isn’t one at this point, which is why you should be concerned. Long term, you can contact your congress person and all those other things you won’t probably do to encourage them to pass digital privacy regulations. In the meantime, be careful of where you surf, because you are being watched closely.


John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at or contact him directly on 800.258.8076.

WSJ Article Quotes Identity Theft Expert, John Sileo


How To Beat The Online Scammers

(A Wall Street Journal Excerpt by Jennifer Waters)

Your pet’s name is a fraudster’s best friend.

You may think you’re giving up precious little when you tell your Facebook friends that you’re dressing your pooch, Puddles, in your favorite color, red, for brunch at Grandma’s on Sunday. But you’ve actually just opened a Pandora’s box of risks.

The information consumers willingly, and oftentimes unwittingly, unleash on social-media websites sets off a feeding frenzy among fraudsters looking to steal everything from your flat-screen TV to your identity…

Too much information can hurt you in other ways. John Sileo, a Denver-based identify-theft expert, says your online chatter could equip an ex-spouse with ammunition for a court challenge. Future or current employers could have a problem with information about your personal life that they deem inappropriate for a member of their staff, he says. You also could be furnishing a would-be stalker with information about your whereabouts. Click Here to Continue Reading….

Facebook Privacy Breach – Eventually, We'll Lose our Trust


According to a Wall Street Journal investigation, Facebook apps are sharing more about you than you think.

The Journal stated in their article, Facebook in Privacy Breach, that many of the most popular applications on the site are transmitting personal information about you and even your friends to third party advertisers and data companies. Apps such as BumperSticker, Marketplace, or Zynga’s Farmville (with over 50 million users) can be sharing your Facebook User ID with these companies. This can give as little information as your name, or as much as your entire Facebook Profile. In some cases, your data is being shared even if you have set your Facebook privacy settings to disallow this type of sharing.

According to the Journal:

“The most expansive use of Facebook user information uncovered by the Journal involved RapLeaf. The  San Francisco Company compiles and sells profiles of individuals based in part on their online activities.. The Journal found that some LOLapps applications, as well as the Family Tree application, were transmitting user’s Facebook ID numbers to RapLeaf. RapLeaf then linked those ID numbers to dossiers it had previously assembled on those individuals… RapLeaf then embedded that information in an Internet-tracking file known as a cookie.”

RapLeaf in turn transmitted this Facebook ID and user information to a dozen other advertising firms.

Rapleaf has said that it was inadvertent and they are working to fix the data leakage problem. On their website they have posted a response to the article.

“RapLeaf has taken extra steps to strip out identifying information from referrer URLs…When we discovered that Facebook IDs were being passed to ad networks by applications that we work with, we immediately researched the cause and implemented a solution to cease the transmissions.  As of last week, no Facebook IDs are being transmitted to ad networks in conjunction with the use of any RapLeaf service”.

This Facebook privacy breach is affecting tens of millions of users and even those that have taken the proper precautions with high privacy settings.

This revelation goes against my latest post Facebook, Cigarettes and Information Control. I used this post to make users aware that although there are privacy issues with Facebook, they have given you the proper controls to protect yourself. The Wall Street Journal investigation clearly shows that Facebook is not doing their part. While you can supposedly better secure your privacy settings after last week, Facebook is clearly not holding their third party applications to the same standard.

Many of these third-party applications have declared that they are not keeping or using this data. Regardless, the transmission of this information violates the Facebook Privacy Policy. Facebook has said that it is the applications that are violating their privacy policy – not them directly. A Facebook spokesperson had this to say:

“Our technical systems have always been complimented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information.”

Many wonder if there is there anything you can do to prevent this or protect themselves from personal data leakage. The answer right now – is no.  Because many of the most popular applications used on Facebook are transmitting your personal data, it is hard to do much more than adjust your privacy settings to the highest level and realize that you are trading the security and privacy of your personal information in order to connect with your Facebook friends. This is where Facebook needs to step up and deliver on what they promise their users. If you go the extra mile to hide your personal information from third parties, they need to make sure that your information is protected.

Big Brother Lives in Your Browser

The world is spying on you, and you don’t really even know it. A recent investigation by the Wall Street Journal concludes that spying on consumers in order to sell their data is one of the fastest-growing internet businesses. Here is a summary of the most striking findings:

“The Study found that the nation’s 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning… the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. These profiles of individuals, constantly refreshed, are bought and sold on stock-market like exchanges.”

The tracking software records and analyzes your browsing patterns. It knows if you’re surfing porn sites, researching bipolar disorder or watching teen movie trailers. With startling accuracy, it interpret’s these patterns and sells the information to websites, sometimes within seconds, that want access to your wallet. What’s the big deal, you ask? Why not let them market to us in highly targeted ways?

That seems reasonable, within limits. According to John Sileo, Identity Theft Expert and author of the newly released book on information survival, Privacy Means Profit, “We are all slowly being boiled like frogs. This month, Big Brother knows which movies I ‘Like’,  what keywords I typed into Google and what books I checked out at the library. Next month they’ll attach our name, address and credit profile to the database so that they can instantly evaluate whether I should be their customer. Because they erode our privacy over time, we don’t notice that we’re being boiled alive!”

According to the Journal, if the tracking software estimates that you are a low income individual, you will likely be shown a higher interest rate credit card when you visit the Capital One website. If you’ve been researching bipolar disorder on (which downloads 234 tracking programs onto your computer without alerting you), the next insurance website you visit might no longer have a policy that fits you. In another example listed in the article, banks are beginning to consider looking at the credit worthiness of your social networking friends to determine your credit worthiness.

“We can’t just blame this on the businesses that want to market to us,” says Sileo. “They exist to make money and strive to advertise to us in the best way possible. But we don’t have to just sit around and give away all of our precious information.” Sileo recommends a handful of steps we can take to keep our selves out of the hot water, including:

  • Delete the cache of tracking cookies on your computer that share information without your consent
  • Customize the privacy settings in your browser to minimize information leakage and to regularly delete tracking software like cookies
  • Use the “Private Browsing” feature in Safari, Firefox and IE when you don’t want your browsing history stored on your computer
  • Lock down your social networking profiles so that marketing companies can’t skim your personal information
  • Consider using anonymizing software like the Tor Project, Abine or Better Privacy
  • Understand that when you are on the Internet, you are being tracked, and surf accordingly

John Sileo’s identity was used to commit a series of felonies and steal more than $300,000 from his business customers.

His story and how you can avoid the same are detailed in his new book, Privacy Means Profit (Wiley, August 2010).

John speaks professionally to organizations that want to protect their profits against identity theft, social media exposure and corporate espionage. His recent clients include the Department of Defense, FDIC, FTC and Pfizer.

Learn more at

Cybercrime on the Rise: Reported Losses over $550 million!


According to a new article in the Wall Street Journal, cybercrime has significantly risen 22.3% in 2009 from 2008. Identity thieves and white collar criminals have taken to the internet and caused over $550 million in reported losses. There were also over 60,000 more complaints of cybercrime in 2009. Many experts say the plummeting economy is responsible for the great rise last year.

The article goes on to discuss the new and more technologically savvy way that criminals are stealing our information.

Criminals’ tactics also are changing, with a growing number of crimes involving malicious applications installed on mobile devices and embedded in news and celebrity gossip Web sites. In this type of crime, Web criminals are using search-engine optimization to allow fake Web sites to rise to the top of searches. When users click on the links or pop-ups, malware or key loggers infect their computers, usually with the intent of hijacking personal and financial information such as bank passwords and account information. Scam artists also are switching from email to social-networking sites to perpetrate “phishing” scams designed to steal sensitive information from victims.

Top scams now include nondelivery of ordered merchandise, fraudulent emails claiming to be from the FBI seeking personal and financial information, identity theft, credit-card fraud, online auction fraud, and job and investment scams. Online auction fraud, which was a top complaint in the past, has declined and losses have fallen as awareness and auction-site security protections have improved, officials said.

In order to minimize your risk, share as little personal and identifying information on the internet as possible. The less that is out there, the less there is to steal. Verify web addresses and don’t click on unknown links or advertisements that come through on email and other sites. If you are the least bit suspicious don’t enter financial information onto the site!

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.