January 12, 2015

Internet Cookies Gain Super Powers

By Nick K.

Upon recent news, a London software consultant named Sam Greenhalgh has created a new type of Internet cookie that can be used to track a user’s private Internet browsing information. Some are calling this new creation “the super cookie.”

Internet cookies are used to gather information about a user’s website browsing information. This information includes pages a user has visited and items they have downloaded, in order to enhance webpage loading times when returning to the same page.

How Does an Internet Cookie become SUPER?

The discovery of the super cookie was actually a result of finding a bug in the enhanced web security feature called “HTTP Strict Transport Security” (HSTS). According to Business Insider, HSTS allows websites to indicate whether the websites connection should be public or private, and is that saved by the user’s browser to speed up the future use of those websites.  

What makes the super cookie so dangerous is that it confuses the HSTS on whether the connection should be public or private, making a browsers “privacy mode” futile. Their browser information will now be tracked, regardless of the browser mode they use. (ZDNET). Once a super cookie has been placed in the browser, it can be used by numerous website domains, like third party websites, to track a user’s browsing activity. (Ars Technica).

Who is Vulnerable?

According to Gizmodo, all versions of Google Chrome, Safari, and certain versions of Mozilla Firefox are all susceptible to the malicious super cookie. Furthermore, iOS users are not able to erase any kind of cookies that are saved on their devices. Super cookies are also synced with the iCloud, which makes Apple devices the most vulnerable to its tracking superpowers (PC World).     

How do I Avoid the Super Cookie?

Taking proper precautions can decrease your chance of being a victim of the super cookie. Thankfully, most browsers allow users to erase browsing information, such as cookies and HSTS database information. If the user erases their Internet cookies before entering the private browsing mode, it decrease the possibility of super cookies monitoring a user’s website information. However there is a weakness to the super cookie. The super cookie will work only if a user visits a webpage while using the public browsing mode and then switches over to the private browsing mode without wiping out the cookies first.

Surprisingly, Internet Explorer does not have to worry about super cookies because it does not support HSTS. On the other hand, other browsers have taken steps against the invasion of super cookies, as Mozilla Firefox’s latest update prevents HSTS information from being transferred from public to private browsing modes. Google Chrome eliminates HSTS information when a user deletes cookies (PC World).

What is your opinion on Super Cookies? Do you think Internet browsers should favor privacy over security or vice versa? Feel free to share your thoughts in the comments.

No comments:

Post a Comment