[Infowarrior] - Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning
Richard Forno
rforno at infowarrior.org
Sat Jul 30 16:17:12 CDT 2011
Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390
Mika Ayenson
Worcester Polytechnic Institute (WPI)
Dietrich James Wambach
University of Wyoming
Ashkan Soltani
University of California, Berkeley - School of Information
Nathan Good
Good Research
Chris Jay Hoofnagle
University of California, Berkeley - School of Law, Berkeley Center for Law & Technology
July 29, 2011
Abstract:
In August 2009, we demonstrated that popular websites were using “Flash cookies” to track users. Some advertisers had adopted this technology because it allowed persistent tracking even where users had taken steps to avoid web profiling. We also demonstrated “respawning” on top sites with Flash technology. This allowed sites to reinstantiate HTTP cookies deleted by a user, making tracking more resistant to users’ privacy-seeking behaviors.
In this followup study, we reassess the Flash cookies landscape and examine a new tracking vector, HTML5 local storage and Cache-Cookies via ETags.
We found over 5,600 standard HTTP cookies on popular sites, over 4,900 were from third parties. Google-controlled cookies were present on 97 of the top 100 sites, including popular government websites. Seventeen sites were using HTML5, and seven of those sites had HTML5 local storage and HTTP cookies with matching values. Flash cookies were present on 37 of the top 100 sites.
We found two sites that were respawning cookies, including one site—hulu.com—where both Flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used ETags, and is capable of unique tracking even where all cookies are blocked by the user and “Private Browsing Mode” is enabled.
Our 2009 study is also available at SSRN: http://ssrn.com/abstract=1446862
Number of Pages in PDF File: 21
Keywords: Privacy, tracking, flash, cookies, local shared object, local stored object, online advertising, behavioral targeting, self-help, persistent identification element
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390
More information about the Infowarrior
mailing list