[OPLIN 4cast] OPLIN 4Cast #246: Zombie cookies

Editor editor at oplin.org
Wed Sep 7 10:29:12 EDT 2011 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4Cast #246: Zombie cookies
September 7th, 2011

<http://www.oplin.org/4cast/wp-content/uploads/2011/09/zombie-with-cookie-sm.png>Internet 
websites routinely use browser "cookies," small files that collect and 
store data about website visitors and their activities. Cookies are 
necessary for a smooth Internet user experience; otherwise, for example, 
you'd be constantly entering and re-entering your username and password 
on limited-access sites. But cookies are designed to have a set 
"time-to-live" after which they go away, or the user is also supposed to 
be able to block or kill them. Companies that collect Internet usage 
data for marketing purposes, however, don't want their cookies to die, 
so they might take the sneaky step of creating user cookies that cannot 
be killed: zombie cookies, also known as evercookies or supercookies. 
Some very big companies use them, which makes privacy advocates 
concerned and angry.

    * Super cookies, ever cookies, zombie cookies, oh my!
      <http://www.ensighten.com/node/185> (Ensighten blog/Josh Goodwin)
      "The internet, as we noted earlier, was designed to allow for a
      very narrow allowance of data storage and retrieval on end-user
      systems. As companies build value around data collection, the
      motivation to break out of that narrow privacy oriented data
      protection scheme has also grown. The company that provides
      website owners with the most relevant and accurate information
      about how users interact with the website owner's site has an
      advantage over other companies looking to do the same thing."
    * Supercookies: what you need to know about the web's latest
      tracking device
      <http://mashable.com/2011/09/02/supercookies-internet-privacy/>
      (Mashable/Christian Olsen) "The kind of data supercookies track
      isn't typical cookie material. A browser limits the typical cookie
      to be written, read and ultimately removed by the site that
      created it. The supercookie, on the other hand, operates outside
      of established safeguards. It can track and record user behavior
      across multiple sites. While it's easy to understand that a site
      would want to track a user's activity while she navigates its
      turf, it's ethically questionable that site operators are able to
      record a user's actions beyond site parameters."
    * Attack of the zombie cookies
      <http://techcitement.com/software/attack-of-the-zombie-cookies/>
      (Techcitement*/Tom Wyrick) "This time, both a cache-based cookie
      and a more advanced 'supercookie' are used to survive users'
      attempts to block or delete them. Microsoft implements both
      methods by use of a script called wlHelper.js, which they store
      along with a cookie in the browser cache. If a user deletes the
      cookie but doesn't empty the browser cache, the script recreates
      the deleted cookie. The second approach, termed ETags, saves a
      bogus version number in the browser cache. In the event the cookie
      is erased, wlHelper.js retrieves it from the bogus version number."
    * 'Zombie cookies' won't die: Microsoft admits use, HTML5 looms as
      new vector
      <http://www.infoworld.com/t/internet-privacy/zombie-cookies-wont-die-microsoft-admits-use-and-html5-looms-new-vector-170511>
      (InfoWorld/Woody Leonhard) "Perhaps even scarier, as HTML5 gains
      traction: Its local storage is a great feature, but one wide open
      for abuse for such items as zombie cookies. And Internet
      Explorer's InPrivate Browsing, Firefox's Private Browsing, and
      Chrome's Incognito browsing modes won't protect you from the ETag
      form of zombie cookies or from HTML5-based zombies."

*/Anniversary fact:/*

The evercookie code was released as open source software on September 
13, 2010 by Samy Kamkar <http://samy.pl/>, who also created the worm 
that disabled the MySpace website in 2005.
------------------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent headlines, topics, 
and trends that could impact public libraries. You can subscribe to it 
in a variety of ways, such as:

    * *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
      subscribing to the following URL:
      http://www.oplin.org/4cast/index.php/?feed=rss2.
    * *Live Bookmark.* If you're using the Firefox web browser, you can
      go to the 4cast website (http://www.oplin.org/4cast/) and click on
      the orange "radio wave" icon on the right side of the address bar.
      In Internet Explorer 7, click on the same icon to view or
      subscribe to the 4cast RSS feed.
    * *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
      OPLINlist and OPLINtech) by subscribing to the 4cast mailing list
      at http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oplin.org/pipermail/oplin4cast/attachments/20110907/576ddf0e/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
Url : http://lists.oplin.org/pipermail/oplin4cast/attachments/20110907/576ddf0e/kubrickheader-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zombie-with-cookie-sm.png
Type: image/png
Size: 48504 bytes
Desc: not available
Url : http://lists.oplin.org/pipermail/oplin4cast/attachments/20110907/576ddf0e/zombie-with-cookie-sm-0001.png

More information about the OPLIN4cast mailing list