No, this is not a new line of ultra amazing cookies fresh from the bakery. Unfortunately, supercookies are not as rewarding, at least not for the average user. Instead, it is a new technique that companies such as Microsoft and Hulu have used to track  a user's activities online."Supercookies" are not only capable of tracking activities but can also recreate users' profiles even after regular cookies have been deleted in a manner that is almost impossible for users to detect...
This is because supercookies, such as the ones Microsoft used, are stored in different locations than regular cookies where users may not locate as easily. In addition, as Mr. Mayer, researcher at Stanford's Computer Science Security Lab, pointed out individuals could have had the supercookie installed on their machines without visiting Microsoft websites directly and regardless of whether they deleted regular cookies Microsoft could retrieve their web-browsing information. Hulu's website, on the other hand, contained codes from Kissmetrics, a company that analyzes website-traffic data. With this in mind, supercookies were inserted into users' browser caches and files associated with HTML5, a standard program language used to build webpages. Ultimately, the unawareness of users illustrates the strength and potential breach of privacy these supercookies present.

Naturally, these techniques face scrutiny with respect to privacy issues and many companies have stopped using these tactics. According to the Wall Street Journal (WSJ), Mike Hintze, associate general counsel at MSN parent company Microsoft Corp., proclaimed that "when the supercookie 'was brought to our attention, we were alarmed. It was inconsistent with our intent and our policy.' He said the company removed the computer code, which had been created by Microsoft."

Similarly, Hulu posted an online statement announcing the company "acted immediately to investigate and address" the issues identified by researchers, which "included suspending [Hulu's] use of the services of the outside vendor mentioned in the study." This, of course, was Hulu's attempt to save face and maintain their current customer base and although they stated the company takes the issue "very seriously" and "recognize[s] that it is incumbent on [Hulu] to earn the trust of [their] users each and every day (as [they] have these past four years) and [they] will be tireless in doing just that going forward," they have not made any further comments regarding the issue. 

Interestingly enough, according to WSJ "researchers at the University of California at Berkeley, led by law professor Chris Hoofnagle, found supercookie techniques used by dozens of sites. One of them, Hulu, was storing tracking coding in files related to Adobe Systems Inc.'s widely used Flash software, which enables many of the videos found online, the researchers said in a report." This, of course, I find interesting because just last year Hulu was one of the many companies that faced a $2.4 million class-action settlement regarding Flash cookies. I guess it is not very surprising that neither Hulu nor Kissmetrics would comment any further on the issue.

Although, gathering information through web-browsing history offers insight into people's interests, taking people's information without their consent is questionable. With this in mind, according to WSJ, "the potential for privacy legislation in Washington has driven the online-ad industry to establish its own rules, which it says are designed to alert computer users of tracking and offer them ways to limit the use of such data by advertisers." Granted, this sounds rather wishy-washy. The online-ad industry is establishing its own rules? They may alert users that they are tracking their information, but do you think they will notify them of the extent in which they are taking their information? Apparently, using "self-imposed" guidelines to retrieve health and financial data is acceptable so long as the information does not contain SSN or medical records, etc. However, does this mean they have access to this information and they are just not allowed to put it in the data?

Ultimately, regardless of how tech savvy users become, unless stronger regulations are enforced, companies relying on this method to attain information will continue to make technological advances to retrieve their desired information. Although stronger regulations and repercussions will not terminate privacy violations, as there are often loopholes to laws, they will help limit some of these unjust privacy violations.

Written By: Jenna Elizabeth


Leave a Reply.