A group of respected security researchers have published a paper documenting the tactics used by KISSmetrics -- a company that counts Hulu and many other Internet giants among its customers -- to install and read back cookies on your computer even if you don't want them. Using a kind of kitchen-sink approach, KISSmetrics is able to track your computer even if you've got cookies, Flash cookies and other common cookie-setting vectors turned off. It's one thing for companies to say that they only gather information about users who allow such tracking; it's another thing for a company to go to endless lengths to circumvent their users' best attempts to shield themselves from tracking.
“Both the Hulu and KISSmetrics code is pretty enlightening,” Soltani told Wired.com in an e-mail. “These services are using practically every known method to circumvent user attempts to protect their privacy (Cookies, Flash Cookies, HTML5, CSS, Cache Cookies/Etags…) creating a perpetual game of privacy ‘whack-a-mole’.”
Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning (paper)
“This is yet another example of the continued arms-race that consumers are engaged in when trying to protect their privacy online since advertisers are incentivized to come up with more pervasive tracking mechanisms unless there’s policy restrictions to prevent it.”
They point to their research that found that when a user visited Hulu.com, they would get a “third-party” cookie set by KISSmetrics with a tracking ID number. KISSmetrics would pass that number to Hulu, allowing Hulu to use it for its own cookie. Then if a user visited another site that was using KISSmetrics, that site’s cookie would get the exact same number as well.
So that makes it possible, the researchers say, for any two sites using KISSmetrics to compare their databases, and ask things like “Hey, what do you know about user 345627?” and the other site could say “his name is John Smith and his email address is email@example.com and he likes these kinds of things.”
Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged (Wired)
The Smile Makers 88 was sent to McDonald’s franchise managers in 1987, filled with garments they could buy for themselves, their families, and their workers. It. Is. Terrible.
Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies — and how we can prevent the same things from happening next time.
Corrections Corporation of America (CCA) is one of the world’s largest private jailers; it runs prisons and immigration detention centers across the USA (and is diversifying into halfway houses, mental health center, and surveillance for poor neighborhoods). Mother Jones’s Shane Bauer went undercover at CCA’s Winn Prison in Louisiana, the state with the highest incarceration […]
Experienced shutterbugs with DSLR cameras have boatloads of lens options for capturing the moment. Unfortunately, smartphone photographers often get stuck with their one crummy lens, which means limited zoom and focus for their final image.Step up your smartphone’s photographic power with the Acesori 5-Piece Smartphone Camera Lens Kit, now just $9.99 in the Boing Boing Store.Magnetic rings easily […]
Some truths are universal. For one, your phone will always run out of power when you most need it. For another, the charging cords that come packaged with your Apple device will fray, split, and rip faster than Usain Bolt in a game of tag.Instead, pick up a charging cord that anyone would have a tough […]
Some people say magic tricks are nerdy and best left to your 12-year-old asthmatic cousin. But others see value in perfecting the slight of hand and showmanship associated with a perfectly executed routine. We’re firmly in the latter camp. And now, we’re giving you the ability to put a few parlor tricks up your sleeve with the Penguin […]