Commentary

Companies Resort To Browser 'Hacks' To Track Cookie-Deleters

For years, people who wanted to avoid online tracking have regularly deleted their cookies in hopes of also erasing any profiles of them compiled by ad networks or other Web sites. But Web companies are increasingly developing work-arounds to track people regardless of how their browsers treat cookies.

Consider, two years ago researchers from UC Berkeley reported that Web sites were using Flash cookies to track users who delete their HTTP cookies. Last year, a report out of University of California, San Diego showed how companies could use "history-sniffing" techniques to figure out which sites users had visited in the past regardless of their privacy settings.

And late last week, another report from UC Berkeley revealed that the analytics company KISSmetrics was using ETags to track people regardless of their attempts to opt out by deleting their cookies. On Friday, KISSmetrics went so far as to advise users that the only way to avoid its tracking was to install the AdBlock Plus extension. (By today, however, KISSmetrics had revised its privacy policy to say that it honors opt-out requests.)

Obviously companies believe that the data they can glean from tracking Web users is valuable. But whether the data is really so valuable that it warrants circumventing people's efforts to avoid tracking is an open question. Either way, once these companies are caught, litigation and probes inevitably follow.

Already three companies -- Quantcast, Clearspring and Say Media (formerly VideoEgg) -- have paid a total of $3.4 million to settle litigation over Flash cookies. History-sniffing allegations have resulted in a lawsuit against ad network Interclick and a probe of Epic Marketplace by the self-regulatory group Network Advertising Initiative. KISSmetrics and Hulu were sued on Friday and more cases are in the pipeline.

Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum, tells MediaPost that honoring users' decisions to activate do-not-track headers could potentially put an end to the increasing efforts to develop workarounds to cookie-deletions. "When everything depends on cookie controls, there are all sorts of browser hacks," he says. "It's the death of 1,000 cuts."

On the other hand, he says, a do-not-track option that users could activate would serve as "a powerful 'no thank you' for the minority that wants to say no."

He adds: "It's a good way to move beyond this constant chaos of 'Whoops' and 'Gotcha.'"

1 comment about "Companies Resort To Browser 'Hacks' To Track Cookie-Deleters".
Check to receive email when comments are posted.
  1. Catherine Dwyer from Pace University, August 2, 2011 at 1:21 p.m.

    I agree with Jules Polonetsky, but do not track cannot function merely as privacy on the honor system. These methods must be validated by third party audit mechanisms and more transparency from advertising networks.

Next story loading loading..
About the Author

Wendy Davis is a Senior Writer at MediaPost. You can reach Wendy at wdavis@mediapost.com