comScore
Uncategorized Monday, August 22nd 2011 at 3:05 pm

Stanford Researcher Exposes MSN.com Super Cookie, Microsoft Shuts it Down

By ( ) Comments

Stanford University researcher Jonathan Mayer discovered a super cookie in the employ of Microsoft on MSN.com. A cookie, as a moderately savvy Internet user would know, is a kind of tracking and logging tool — sometimes useful in storing data a user may not want to enter into forms for the rest of the portion of their lives involving forms, sometimes obnoxious in storing data that a user may not wanted stored — used primarily in web browsing. Dissimilar from the extremely super cookie pictured above, the super cookie in Microsoft’s employ is essentially a cookie that can ignore a web browser’s cookie management, thus avoiding extermination.

After Mayer exposed the super cookie, Microsoft associate general counsel Mike Hintze provided a less shady explanation as to why the tech giant might’ve been employing a fairly shady tracking device.

We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued.

Microsoft promptly disabled the code, which Mayer claims appeared on MSN.com, Live.com, and its Atlas third-party advertising networks, and would’ve caused cookies to regenerate themselves after a user had deleted them. Discussing the spread of the super cookie, Mayer said:

“It is difficult to estimate the number of users affected by Microsoft’s respawning without knowing more about traffic to Microsoft’s web properties and the conditions under which it would set an MUID [the identifier ID].”

Though we’ll probably never know how extensive of a reach Microsoft’s super cookie had, one can assume that, since it is Microsoft and some fairly prominent domains involved, the super cookie’s reach was something akin to a grizzled yoga instructor’s who may or may not have seen some things in his day. Yoga things.

Some probably-deserved harsh words from Mayer:

“One of the most prolific ad networks was using technologies that are widely frowned upon for circumventing user privacy choices.

At minimum this was a colossal privacy gaffe.”

(Computerworld via Geek.com)

Filed Under |
  • Anonymous

    tinyurl.com/2df4ccp

  • http://smudgethefirst.tumblr.com Smudge

    Cookies aren’t really tools, per se. They are a storage feature used by just about every website to store session information. (Authentication, preferences, shopping carts, etc). Basically the mechanism by which most sites “remember” things for you. When you visit a website, chances are it has created a harmless cookie for you.

    Cookies can sometimes be used for tracking and logging, but it isn’t the cookie itself which does that. Rather, websites use the cookie track what you do on their pages and recognize you when you return. Most browsers have good cookie management with checks to prevent malicious use. For instance, cookies set from one site cannot be accessed from a different site (at least without exploiting browser bugs).

    The term “supercookie” describes Adobe Flash cookies. Unlike normal cookies, Flash cookies can be allowed to persist longer and without the same checks as a normal cookie. This is one of several reasons to be wary of leaving Flash enabled by default.