The subject of super cookies has come up a number of times in recent weeks, with browsers adding updates in the hopes of stopping them from infringing on users’ privacy and save themselves from regulatory fines that could be levied.
<blockquote> <p><strong>What are super cookies and why are Internet browsers keen to stop them?</strong></p> <p> </p> <p>Normal web cookies act as little pieces of information that websites can save and remember things about you. Crucially though, for privacy’s sake, users can opt out of them, block them or flat out delete them. Super cookies, however, respawn via scripts or maintain locations outside of the normal locations for normal web cookies. </p> <p> </p> <p>Additionally, they may constantly track the browser and normally users would need a VPN to avoid them. Note that there is no specific single-use for these (good or bad). At some points, super cookies have been part of malware, and others used by legitimate parties such as individual Internet Service Providers (ISPs) for tracking users. </p> <p> </p> <p><strong>Browsers are concerned about the potential security, privacy, and legal challenges linked to them </strong></p> <p> </p> <p>Super cookies track whatever they are designed to track to enable other parties to gather a profile on you. They can be connected to other services; some that people will like and some they will not. In the end, however, they really should not exist. Since super cookies are designed to quietly track a user, they are a privacy violation if undisclosed in many geographical areas – think GDPR, LGPD, CCPA/CPRA, etc. This could land browsers in hot water if they don’t take action. In fact, several browsers such as Firefox, Chrome and Safari have released updates to help combat super cookies, though it’s a constantly moving target. And what makes them worse is that they are designed to be hard to get rid of, by way of being hidden or being able to respawn. </p> <p> </p> <p><strong>What can users do? </strong></p> <p> </p> <p>This is why, when it comes down to it, super cookies should be treated as malware. When possible, use a VPN, activate private browsing sessions, or when accessing privileged business accounts, use a privileged browsing session tool. You need to protect your privacy and your company’s data. Never believe that your browsing is 100% secure, sadly – unless you are always in private mode over a VPN. Even then… if it’s the ISP tracking you, it could be problematic at best. </p> </blockquote>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics