Microsoft Drops Use of ‘Supercookies’ on MSN

In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users’ PCs to track their movements, Microsoft says it has discontinued the practice of using so-called “supercookies.”

In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users’ PCs to track their movements, Microsoft says it has discontinued the practice of using so-called “supercookies.”

In July, Jonathan Mayer, a graduate student at Stanford, revealed that some companies were still employing techniques that enabled browser history sniffing, which give the companies information on what sites users have visited and what links they’ve clicked on. The research also found that some companies were using cookies that re-spawn even after users have deleted them. Microsoft was using this technique on one of its sites, MSN.com, and now the company said that it is no longer doing so.

“According to researchers, including Jonathan Mayer at Stanford University, ‘supercookies’ are capable of re-creating users’ cookies or other identifiers after people deleted regular cookies. Mr. Mayer identified Microsoft as one among others that had this code, and when he brought his findings to our attention we promptly investigated. We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued.  We accelerated this process and quickly disabled this code,” Mike Hintze, associate general counsel at Microsoft, wrote in a blog post on the topic.

The use of undeletable cookies or cookies that re-spawn after deletion has become a highly controversial practice in the last year or so, and users and privacy advocates have pressured online ad companies and site operators to stop using such techniques. However, some companies have resisted or found ways around the ad industry’s self-regulation attempts.

Many, if not most, consumers have little idea how history sniffing works or that the practice even exists. They also may not know that cookies can be used to track their movements outside of the sites that they’ve approved them on, or that the cookies can be recreated after they’ve deleted the files. So now, some of the larger companies that have been using some of these techniques are reconsidering them.

“We are committed to providing choice when it comes to the collection and use of customer information, and we have no plans to develop or deploy any such ‘supercookie’ mechanisms,” Hintze said.

Suggested articles

Discussion

  • Anonymous on

    Welcome to the wonderful world of online privacy, there is none.

  • Anonymous on

    One word: NoScript.
  • Anonymous on

    Second word: Ghostery

     

    Both NoScript and Ghostery on Firefox make a powerful duo to stop such nonsense.

  • Any mouse on

    Note they do not state they are discontinuing the tracking, only this particular, well publicized vector.

  • Anonymous on

    How do I remove and prevent cookies from  being rebuilt on Internet Explorer 8?

    Thanks.

  • andifox on

    Will anyone at Threatpost answer questions such as the above posted in this comments section?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.