Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning. In 2009, my team at Berkeley showed that many top websites were tracking users through Flash cookies, and that some advertising networks were "respawning" or reinstantiating HTTP cookies that the user deleted. Over the past two years, a chorus of advocates, regulators, and businesses condemned the practice of using Flash for unique user tracking. This chorus was heard by many. In our followup survey of Flash cookie practices, we found that fewer websites were using Flash cookies. Thirty-seven of the top 100 websites were doing so, down from 54 in 2009. However, we found two sites respawning HTTP cookies with Flash. One--hulu.com--deserves particular attention, because we also identified that site as respawning using a third-party service (QuantCast) in 2009.
Hulu is also worth mentioning because it was using a different, more persistent tracking technique to respawn user ids as well. We also focused upon HTML5 local storage. More Facebook Privacy Woes: Gay Users Outed To Advertisers | Epicenter Facebook’s privacy problems continue this week after researchers discovered that Facebook may inadvertently be outing gay users to its advertisers.
Saikat Guha from Microsoft and Bin Cheng and Paul Francis from the Max Planck Institute for Software Systems set out to study the challenges in targeted advertising systems (PDF) online, but found that advertisers can ferret out gay users from straight users just by looking at who’s clicking — even when that sexual preference is hidden. The team set up profiles for straight men, straight women, a gay man, and a lesbian to see how the ads differed between the different types of users.
The ads did change for the gay and lesbian users, though the difference in the ads was much greater for the gay males (compared to the straight males) than gay females, “indicating that advertisers target more strongly to [gay males]” reads the paper. Further reading: via Christopher Soghoian (paranoia.dubfire.net) 'Scrapers' Dig Deep for Data on the Web.
The Zombie Network: Beware 'Free Public WiFi' Hide captionFree Public WiFi — too good to be true. iStockphoto.com It's in your airports, your coffee shops and your libraries: "Free Public WiFi. " Despite its enticing name, the network, available in thousands of locations across the United States, does not actually provide access to the Internet. But like a virus, it has spread — and may even be lurking on your computer right now. Wireless security expert Joshua Wright first noticed it about four years ago at an airport. "I went to connect to an available wireless network and I saw this option, Free Public WiFi," he remembers. Free Public WiFi isn't set up like most wireless networks people use to get to the Internet. Though it doesn't actually provide Internet access, the network has spread across the country thanks to an old Windows XP bug.
How It Works Not a lot of people, judging from the spread of Free Public WiFi. Microsoft is aware of the issue and says it has eliminated the network in more recent versions of Windows. Web Upgrade HTML 5 May Weaken Privacy. “That wouldn’t have been difficult,” he said. Instead, he has made the code open to anyone who wants to examine it and says the cookie should be used “as a litmus test for preventing tracking.” A recent spate of class-action lawsuits have accused large media companies like the Fox Entertainment Group and , and technology companies like Clearspring Technologies and Quantcast, of violating users’ privacy by tracking their online activities even after they took steps to prevent that. Most people control their online privacy by adjusting settings in today’s most common Web browsers, which include Internet Explorer by , Firefox by , Safari by and Opera, which is used mostly in Europe and Asia and on mobile devices.
Each browser has different privacy settings, but not all of them have obvious settings for removing data created by the new Web language. “Now there are so many sources of data storage, it’s very hard for browser manufacturers to handle that,” Mr. Mr. Mr.