

Zombie Cookies Slated to Be Killed - danso
http://www.propublica.org/article/zombie-cookies-slated-to-be-killed

======
MichaelGG
"By February?" If they were truly serious, they could effect such a change
much quicker. Also note that in their blog post, they still defend this
practise but are just re-evaluating because people got upset.

A company truly "committed to privacy" would have been insulted by Verizon's
header manipulation and not have touched it in the first place.

And, as they have shown that they feel this type of method is OK, then what's
to say they're not just making a slicker system behind the scenes? Verizon
knows each subscriber->TCP tuple and can easily expose such an API for
companies like Turn. Their actions show they are not opposed to such data
sharing.

~~~
tempestn
February is two weeks away. That seems like a reasonably quick timeline to me.
Many companies have deployment practices - sometimes for good reason - that
preclude getting changes live instantly.

------
WatchDog
This is probably a net loss for privacy in so far as it somewhat reduces the
pressure on verizon to change their ridiculous cookie practice.

Asking the industry to self regulate, by ignoring verizons cookie or adhering
to "do not track", distracts from the real problems that we need to solve
technically.

------
RexRollman
I am of the opinion that user tracking should be illegal unless the user opts-
in to it. And sites should not be able to require an opt-in in order to
provide a service or site.

~~~
woodman
No doubt this sense of entitlement to the service of others is due to some
sort of social contract the site operators implicitly agreed to by breathing
oxygen, right?

~~~
RexRollman
No, there is no entitlement, I just don't believe that using a site entitles
that site's owner to track you all over the Internet. And if you can't see why
it's wrong, you're hopeless.

------
emmab
Maybe they just realized they should make the cookie _look_ different

~~~
dogma1138
These aren't cookies in the traditional sense, they encode tracking data and
store it in a non-volatile storage accessible from the browser this can be
anything from a simple cache to a WebSQL database.

Then they use Javascript to either read the tracking data directly and embed
it into each request manually, or issue you a new cookie immediately if their
tracking cookie is missing but the data is still accessible.

The main problem with these types of tracking is that for the most part
browser manufacturers have no reason to restrict the use of such tracking
techniques because it will affect their business models.

Other techniques abuse unforeseen uses of new standards such as HTML5 and
WebSQL however as the W3C is your usual comity it takes years for any
meaningful stance to be taken, and even then they still have quite a bit of
conflicting interests.

The problem is that people want a free web, both as in free speech, and as in
free beer and these world views tend to collide when pretty much everything
out there is commercial. With how little revenue actually comes from web ads
these days due to the constant devaluation of "ad clicks" companies go out of
there way to squeeze every penny from each visitor. What you end up is with
tracking, tailored advertisement and your habits being sold for data mining.

But hey the cat videos are still free!

~~~
emmab
What I mean is, when they regenerated the HTTP cookie from other sources, they
generated the exact same cookie, so you could tell.

If they change it to say `encrypt(tracking number + nonce)`, then it will be
effectively the same cookie, but you wont be able to tell from the client
perspective.

~~~
dogma1138
Many times don't regenerate the exact same cookie. Many of them generate a
different cookie to avoid detection many of them will have random names and
other "random" identifiers, some of them will even attempt to hide them selves
as GA cookies(UTM UTA etc), however they will always embed the same
identifiable information they've retrieved from other stores in your browser.

------
hawkeyedan
This is a great example of the curative powers of even a little bit if
sunlight. Good job PP!

Now if only Verizon had shame.

