Supercookie Monster Eating Your Privacy for Lunch

You already know that every word you type on your browser is being tracked and used to profile and deliver highly-relevant advertisements to you (Big Brother Lives in Your Browser). And you know that most websites install “cookies” onto your computer in order to store relevant information about you (account numbers) that make surfing more convenient, and to gather information that allows advertisers to know more about you. You probably even know how to delete them.

But new research has shown that deleting cookies doesn’t always help. A new breed of cookies, called supercookies, can reconstruct all of your profile history even after the cookie has been deleted. and just got caught using supercookies to track your surfing habits in stealth mode (you have no way of knowing that it’s happening, and you can’t do anything about it). The Wall Street Journal had this to say about supercookies and history stealing:

Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies… The spread of advanced tracking techniques shows how quickly data-tracking companies are adapting their techniques… [“history stealing”] peers into people’s Web-browsing histories to see if they previously had visited any of more than 1,500 websites, including ones dealing with fertility problems, menopause and credit repair… Supercookies are stored in different places than regular cookies… | WSJ 8/18/11Supercookies on WSJ for non-subscribers.

So here is the simple scenario of why this matters to you: Your daughter is doing a high-school report for a business class on bankruptcy. In her research, she visits sites like,,, all while being tracked by small pieces of software (cookies and supercookies) that embed themselves on your computer. The software is probably developed by an internet software company like Epic Media Group and installed on the websites above. Let’s say you have set up your security software to delete cookies at the end of each browser session. Your daughter closes out of the session, deleting the cookies that have tracked her history on sites dealing with poor credit. The cookies are deleted.

But the supercookies remain, so that when you log on to a credit card web site to apply for a new card, they know that you (actually it wasn’t you) have been surfing on sites that indicate you might have bad credit. Instead of sending you to a signup page for a credit card with a 15% annual fee, they send you to a page offering a card with a 23% fee. The credit card company has paid for that profile information on you. And you will never know it and you can’t easily delete it.

So what is the solution? That’s just it, there really isn’t one at this point, which is why you should be concerned. Long term, you can contact your congress person and all those other things you won’t probably do to encourage them to pass digital privacy regulations. In the meantime, be careful of where you surf, because you are being watched closely.


John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at or contact him directly on 800.258.8076.

Internet Explorer 9 Privacy Feature Limits Tracking

Microsoft has announced that the latest version of Internet Explorer will offer users a new anti-tracking privacy feature. This will help prevent marketing and advertising companies from watching where you surf and what you do online without your consent. Users will be able to set their preferences to prohibit companies from obtaining sensitive tracking information. This is a first step in the right direction – browsers should step up as the first line of defense against unwanted information collection.

This comes at a time where advertisers want to reintroduce the use of deep packet inspection in order to more closely watch and market to consumers online.  This method reads and analyzes raw packets of your personal data as they travel across the Internet – for obvious reasons deep packet inspection has been the subject of much controversy. Internet users are becoming more aware that what they do online is not private and are beginning to ask for tools to protect their browsers from spying.

Internet Explorer already offers InPrivate Filtering, a feature that works on blocking third-party scripting and tracking devices. This is only a temporary solution that is not very reliable because it often fails to block many tracking devices.

The new changes are no surprise, due to increased concerns on browser tracking. Both consumers and the government have been working to allow a more “opt-in and opt-out”  friendly version of internet browsing.  The FTC called for  a “do not track” button on browsers in order to block any kind of third-party usage tracking.

Tracking Protection Lists would potentially be a finer-grained equivalent, allowing users to opt out of some or all tracking systems depending on their preferences. Tracking Protection Lists will be an opt-in-feature and Internet Explorer 9 will not provide any lists themselves.  The lists will update weekly and most likely come from third parties and privacy advocacy groups.The lists will be useful to prevent the kind of spying that is getting many companies into trouble.

Support for Tracking Protection Lists will first arrive in a release candidate of Internet Explorer 9. Redmond did not give a date for this, but it is likely to be early next year.