[Infowarrior] - Paper: Persistent Web Cookies

Richard Forno rforno at infowarrior.org
Mon Aug 15 07:09:54 CDT 2011



RESPAWN REDUX

(Follow up to Flash Cookies and Privacy II)

Ashkan Soltani

08/11/2011



I thought I'd take the time to elaborate a bit further regarding the technical mechanisms described in our 'Flash Cookies and Privacy II' paper that generated a bit of buzz recently. For a bit of background, I, along with Chris Hoofnagle and Nathan Good, had the honor of supervising Mika Ayenson and Dietrich J. Wambach in replicating our previous 2009 study which found that websites were circumventing user choice by deliberately restoring previously deleted HTTP cookies using persistent storage outside of the control of the browser (a practice we dubbed ‘respawning’).

In our follow up study, we found that Hulu was still respawning deleted user cookies using homegrown Flash and Javascript code present on the Hulu.com site. Additionally, Hulu, Spotify, and many others were also respawning using code provided by analytics firm KISSmetrics.* Hitten Shah, the founder of KISSmetrics, initially confirmed that the research surrounding respawning was correct in an interview with Ryan Singel although he later criticized the findings after a lawsuit was filed.

< - >

http://ashkansoltani.org/docs/respawn_redux.html


More information about the Infowarrior mailing list