Supercookies are a type of tracking cookie that is inserted into an HTTP header to collect data about a user’s internet browsing history and habits. They are often used by internet service providers (ISPs), tracking companies, and technology companies to track users’ online behaviors and create more targeted ads and personalized content. Unlike regular cookies, which are harmless data files downloaded onto a user’s computer when they visit a website, supercookies can be pseudo-malicious and infringe on users’ privacy.
Supercookies can collect a wide array of data on users’ personal internet browsing habits, including the websites they visited and the times of those visits. They can also access information collected by traditional tracking cookies, such as login information, cached images and files, and browser plug-in data. What sets supercookies apart is that they can store this information even after the traditional cookie has been deleted. They can also be as large as 100 KB or more.
One example of a supercookie is the flash cookie, also known as a local shared object (LSO). Flash cookies are associated with the use of the Adobe Flash browser plug-in and store information about flash objects like videos or games to improve user experiences. However, if these cookies are malicious, they can collect and report a user’s data without their knowledge or explicit consent. Flash cookies are stored outside the web browser, making them accessible by all browsers and harder to remove using normal cookie removal methods.
ISPs also insert supercookies into the packets of users’ HTTP traffic. These supercookies are stored on the ISP’s servers and are associated with the devices users use to connect to the web. They include browsing information and a unique identifier header (UIDH) that allows the ISP to recognize the device and track its online activities. Users cannot delete ISP supercookies since they are not stored locally on the device, and browser cookie deletion tools and antivirus software may not always be able to remove them.
Protecting oneself from supercookie tracking can be challenging, as ad-blocking software is often ineffective against them. However, there are steps users can take to minimize the risks. Using encrypted connections over HTTPS or a virtual private network (VPN) can help protect against supercookie tracking. Removing flash supercookies can be done through the Adobe Flash Player Settings Manager page, and Adobe also provides a Global Storage Settings Panel to prevent new supercookies from being written and added to browsers.
Some browsers and tech companies have implemented measures to protect users from supercookies. For example, Firefox maintains separate “cookie jars” or caches for each website a user visits, preventing cookies from one site from being shared across sites. Apple and Google have also strengthened controls in their iOS and Android OS devices to eliminate the risks associated with LSOs.
It is important for users to be aware of the potential risks of supercookies and take steps to protect their online privacy. Understanding the different types of tracking cookies and how to manage them can help users maintain control over their personal information while browsing the internet.