Hulu and MSN Caught Using Supercookies to Track User Data

Illustration for article titled Hulu and MSN Caught Using Supercookies to Track User Data

The WSJ says that Hulu and MSN, among others, have been found using supercookies to monitor the info of those who visit their sites. Extremely difficult to detect and erase, supercookies can provide significantly more information than standard cookies.


Supercookies can be used to steal a users entire browser history, which can provide highly valuable information on their financial and health status. Microsoft claims they don't know why supercookies were being used. They say removed the code once informed, and that the data was for internal use only nonetheless. Hulu says they're investigating the matter. WSJ says that a company called Kissmetrics was responsible for the supercookie code on hulu. When asked about the issue, Kissmetrics claimed they will no longer use supercookies for tracking user data.

The supercookie can infiltrate browsers in a few different ways. The most common deployment of a supercookie is through flash content, which stores its cookies in a separate folder, and therefore isn't erased when you delete normal cookies through your browser. Another common way is to drop supercookies into people's browser cache through HTML 5 code.


And there are ways to get rid of (and prevent) supercookies. If you use Firefox, the browser extension BetterPrivacy is a good way to block many supercookies. Windows users can use an app called CCleaner to eliminate most cookies, though some pesky ones may remain (or return). Mac users can use a program called [WSJ]

Share This Story

Get our newsletter


So basically this is a browser-level security issue. Browser vendors need to read Flash cookies and include them in the list of deletable cookies AND offer users a way to selectively delete content from the new HTML 5 client-side caching functions. That would solve both of these problems fairly easily.

Even without these "supercookies", ad serving companies and Google Analytics/AdWords have the best tracking capabilities. Whatever site you visit, the next site you pop up on, they can see where you have been. AdBlock Plus is a pretty good starting point to restoring privacy (and it gets rid of ads - but maybe enable ads on Giz?). If you are truly paranoid, use Tor.