Jump to content

User:Sohom Datta/zc

From Wikipedia, the free encyclopedia

A zombie cookie is a piece of data usually used for tracking users, which is created by a web server while a user is browsing a website, and placed on the user's computer or other device by the user's web browser, similar to regular HTTP cookies, but with mechanisms in place to prevent the deletion of the data by the user. Zombie cookies could be stored in multiple locations—since failure to remove all copies of the zombie cookie will make the removal reversible, zombie cookies can be difficult to remove.[1] Since they do not entirely rely on normal cookie protocols, the visitor's web browser may continue to recreate deleted cookies even though the user has opted not to receive cookies.

Context

[edit]

What are cookies, historically why do they need to be deleted

Zombie cookies violate this principle

Purpose

[edit]

Web analytics collecting companies use cookies to track Internet usage and pages visited for marketing research.[2] Sites that want to collect user statistics will install a cookie from a traffic tracking site that will collect data on the user. As that user surfs around the web the cookie will add more information for each site that uses the traffic tracking cookie and sends it back to the main tracking server.

Zombie cookies allow the web traffic tracking companies to retrieve information such as previous unique user ID and continue tracking personal browsing habits. When the user ID is stored outside of a single browser's cookie storage, such as in a header injected by the network into HTTP requests, zombie cookies can track users across browsers on the same machine.[3]

Zombie cookies are also used to remember unique IDs used for logging into websites. This means that for a user who deletes all their cookies regularly, a site using this would still be able to personalize to that specific user.

Techniques

[edit]

<stuff>

History

[edit]

Litigation

[edit]

Controversies?

[edit]

In 2015, TURN, an online advertising clearinghouse,[4] introduced zombie cookies based on Flash Local Shared objects.[5] Privacy advocates quickly denounced the technology.[6]

An academic study of zombie cookies was completed in 2009, by a team of researchers at UC Berkeley,[7] where they noticed that cookies which had been deleted, kept coming back, over and over again. They cited this as a serious privacy breach. Since most users are barely aware of the storage methods used, it's unlikely that users will ever delete them all. From the Berkeley report: "few websites disclose their use of Flash in privacy policies, and many companies using Flash are privacy certified by TRUSTe."[7]

Ringleader Digital made an effort to keep a persistent user ID even when the user deleted cookies and their HTML5 databases. The only way to opt-out of the tracking, was to use the company's opt-out link, which gives no confirmation.[8] This resulted in a lawsuit against Ringleader Digital.

The Zombie Cookie lawsuits were filed suit in the United States District Court for the Central District of California against Quantcast, Clearspring, VideoEgg, and affiliated sites owned by Walt Disney Internet Group, Warner Bros. and others. According to the charges, Adobe Flash cookies are planted to "track Plaintiffs and Class Members that visited non-Clearspring Flash Cookie Affiliates websites by having their online transmissions intercepted, without notice or consent".[9]

Two "supercookie" mechanisms were found on Microsoft websites in 2011, including cookie syncing that respawned MUID cookies.[10] Due to media attention, Microsoft later disabled this code.[11]

Consumer outrage related to Flash cookies and violation of consumers' privacy caused U.S. Congressional Hearings, led by Senators Al Franken and John Rockefeller. Reportedly, the "Zombie Cookie", aka Flash Cookie filings, forced Adobe Systems Inc. to stop processing flash cookies on 98% of all consumers' computing devices.[citation needed]

The online advertising clearinghouse TURN implemented zombie cookies on Verizon mobile phones, using a hidden, unremovable number by which Verizon could track customers. After an article by ProPublica revealed this fact in January 2015, TURN claimed it had suspended usage of their zombie cookies.[4]

References

[edit]
  1. ^ Sorensen, Ove (2013). "Zombie-cookies: Case studies and mitigation". 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013). London: IEEE. pp. 321–326. doi:10.1109/ICITST.2013.6750214. ISBN 978-1-908320-20-9.
  2. ^ "Google Analytics Cookie Usage on Websites - Google Analytics - Google Developers". Retrieved 2014-03-29.
  3. ^ Mayer, Jonathan (14 January 2015). "The Turn-Verizon Zombie Cookie". WebPolicy.org. Retrieved 22 April 2015.
  4. ^ a b "Zombie Cookie: The Tracking Cookie That You Can't Kill"
  5. ^ "Company Bypasses Cookie-Deleting Consumers - InformationWeek". informationweek.com. 31 March 2005. Archived from the original on 2014-04-30. Retrieved 2017-04-10.
  6. ^ "EPIC Flash Cookie Page". epic.org. Retrieved 2014-03-29.
  7. ^ a b Soltani, Ashkan; Canty, Shannon; Mayo, Quentin; Thomas, Lauren; Hoofnagle, Chris Jay (11 August 2009). "Flash Cookies and Privacy". SSRN Electronic Journal. doi:10.2139/ssrn.1446862. S2CID 6414306.
  8. ^ Cheng, Jacqui (September 22, 2010). "Zombie cookie wars: evil tracking API meant to "raise awareness"". Ars Technica. Retrieved 2014-03-29.
  9. ^ "Web users sue companies claiming use of Flash cookies is a hack". out-law.com. Retrieved 2014-03-29.
  10. ^ Cite error: The named reference mayer was invoked but never defined (see the help page).
  11. ^ Burt, David. "Update on the issue of 'supercookies' used on MSN". Retrieved 28 September 2011.

Papers

[edit]

[1][2][3][4][5][6][7][8][9][10][11][12][13][14]

[edit]

Category:Internet privacy

  1. ^ Sorensen, Ove (2013-12). "Zombie-cookies: Case studies and mitigation". IEEE: 321–326. doi:10.1109/ICITST.2013.6750214. ISBN 978-1-908320-20-9. {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
  2. ^ Singel, Ryan. "Online Tracking Firm Settles Suit Over Undeletable Cookies". Wired. ISSN 1059-1028. Retrieved 2025-05-12.
  3. ^ "Sites pulling sneaky Flash cookie-snoop". Archived from the original on 2024-09-08. Retrieved 2025-05-12.
  4. ^ Soltani, Ashkan; Canty, Shannon; Mayo, Quentin; Thomas, Lauren; Hoofnagle, Chris Jay (2009). "Flash Cookies and Privacy". SSRN Electronic Journal. doi:10.2139/ssrn.1446862. ISSN 1556-5068.
  5. ^ Ayenson, Mika; Wambach, Dietrich James; Soltani, Ashkan; Good, Nathan; Hoofnagle, Chris Jay (2011). "Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning". SSRN Electronic Journal. doi:10.2139/ssrn.1898390. ISSN 1556-5068.
  6. ^ "Tracking the Trackers: Microsoft Advertising". Stanford CIS. 2011-08-18. Retrieved 2025-05-12.
  7. ^ Singel, Ryan. "Researchers Expose Cunning Online Tracking Service That Can't Be Dodged". Wired. ISSN 1059-1028. Retrieved 2025-05-12.
  8. ^ "Samy Kamkar - evercookie - virtually irrevocable persistent cookies". samy.pl. Retrieved 2025-05-12.
  9. ^ Acar, Gunes; Eubank, Christian; Englehardt, Steven; Juarez, Marc; Narayanan, Arvind; Diaz, Claudia (2014-11-03). "The Web Never Forgets: Persistent Tracking Mechanisms in the Wild". ACM: 674–689. doi:10.1145/2660267.2660347. ISBN 978-1-4503-2957-6. {{cite journal}}: Cite journal requires |journal= (help)
  10. ^ Schmidt, Jonathan. "Does the dark side still have (ever)cookies?" (PDF).
  11. ^ Somé, Dolière Francis (2024). Maggi, Federico; Egele, Manuel; Payer, Mathias; Carminati, Michele (eds.). "Extended Abstract - Tracking Manifests - Persistent Identifiers in Progressive Web Apps". Detection of Intrusions and Malware, and Vulnerability Assessment. Cham: Springer Nature Switzerland: 251–260. doi:10.1007/978-3-031-64171-8_13. ISBN 978-3-031-64171-8. {{cite journal}}: no-break space character in |title= at position 67 (help)
  12. ^ "Tales of Favicons and Caches: Persistent Tracking in Modern Browsers". NDSS Symposium. Retrieved 2025-05-12.
  13. ^ Vega, Tanzina (2010-09-21). "Code That Tracks Users' Browsing Prompts Lawsuits". The New York Times. ISSN 0362-4331. Retrieved 2025-05-12.
  14. ^ ashkansoltani (2011-08-11). "Flash Cookies and Privacy II". Ashkan Soltani. Retrieved 2025-05-13.
Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Sohom_Datta/zc&oldid=1290248601"