

Congress asked to investigate Internet “supercookies”   - gburt
http://oregonbusinessreport.com/2011/10/congress-asked-to-investigate-internet-supercookies/

======
Jach
I just don't see any good that can come from legislators getting involved
here. Also, if you want to do your own supercookies, check out:
<http://samy.pl/evercookie/>

~~~
bpodgursky
If you don't want legislators to get involved, then please stop promoting
underhanded techniques which abuse browser features.

~~~
burgerbrain
It doesn't need promoting. Anybody that wants to do it is already, or can
figure it out themselves. In the meantime, it's nice to keep the general
population informed.

------
GigabyteCoin
I investigated supercookies (evercookie? no mention of samy in the article?)
the other day in all of 5 minutes.

Yes, they work on most modern browsers, and are very difficult to remove
entirely.

No, they do not store anything on any modern browser surfing in "privacy"
mode.

I was pretty disappointed to be honest. I was hoping to use them to track
fraudulent free trial abusers.

~~~
tingletech
Did you look into Etag tracking?
<http://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags>

This might work in "privacy" mode as far as I understand, unless you disabled
the local cache? I have not tested this.

~~~
daeken
I don't know about other browsers, but Chrome's Incognito Mode has a separate
cache completely, which is wiped on closing.

~~~
mike-cardwell
Wiping the cache on browser close isn't a "good" solution. It doesn't prevent
cross site tracking across a single session, which means your accounts can be
linked together.

I completely disabled the cache in Firefox two months ago for this very
reason. I haven't noticed any performance problems with this in my general day
to day browsing, but I have a decent broadband connection, and good
connectivity at work so YMMV. Here's how I did it:
[https://grepular.com/Preventing_Web_Tracking_via_the_Browser...](https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache)

------
finnw
Did you know that Java has its own version of Flash's Local Shared Objects?
They are also known as "muffins" and have pretty much the same abilities
(including resurrecting HTTP cookies.) So far they aren't used much, but any
new regulations that apply to one are also likely to apply to the other.

~~~
GigabyteCoin
Interesting. Even java would be blocked by browsers using "privacy mode"
though would it not?

~~~
finnw
No. I Just tested in FireFox (7.0.1; Private Browsing) and Chrome
(14.0.835.202 m; Incognito.) Both still run the applet without prompting and
allow it to read & write the muffin store.

------
9085
This is not the answer. Why don't we invent technology that beats the
"supercookie" instead of passing laws that restrict innovation and ideas?

~~~
mike-cardwell
Easier said than done. You can create a "cookie" by simply sending a unique
image to a users browser with a long cache time, and then reading that back
with JavaScript on each page.

If you disable your browsers cache and/or JavaScript, I guess that would fix
_this_ particular issue.

If you want to keep both the cache, and JavaScript, then you need to stop
people from doing this sort of thing, with legislation.

~~~
9085
So the solution for really hard technology problems is government laws?
Ridiculous.

~~~
mike-cardwell
Explain why what I said is ridiculous, or I'll discard your comment as
nonsense.

If we don't have a technical solution for a problem (which we don't in this
case), then regulation is appropriate. If and when we find a technical
solution for this problem, then the legislation will be deprecated. Until that
point, it is useful.

What _is_ "ridiculous", is assuming that all problems have technical
solutions.

------
goodweeds
Congress only wants to investigate because they're hoping to get new sources
of data to use against the people.

------
10101010
Hey, what this .swf file? Oh, that's a "Small Web File". LOL!

Flash just needs to die. It adds nothing to my "user experience". Except
stealth tracking of course.

~~~
stingraycharles
This has nothing to do with Flash per se. There are many techniques for
storing persistent data that survives a regular cookie cleanup, of which Flash
cookies are just one.

