Supercookies是对互联网隐私的严重威胁。它们不存储在您的计算机上,但可以识别您的网络流量并且非常难以检测。您可能听说过“Cookies”,而不是可食用的甜食,但我们谈论的是在您浏览Internet时跟踪您的计算机 cookie 。简单来说,cookie 是包含有关您的在线活动信息的文本文件。
谈谈HTTP cookie,它也是您访问过的网站留在您的网络浏览器中的一小段代码。此 cookie 会在您的设备上放置信息,以便网站稍后在您再次访问时将您识别为回访用户。所以,现在当您了解 Cookie 后,让我们再深入一点,了解Cookie(Cookies)的工作原理以及称为Supercookie 的现象。(Supercookies.)
详细了解 Cookie
大多数 PC 用户接受网站在访问网站后会从计算机系统下载“ Cookies ”。这些基于浏览器的文件携带的基本信息使网页浏览在连续的站点访问中变得更轻松、更快捷。尽管它们的操作有些可疑,但大多数 cookie 都是无害的,并且对增强您的浏览体验做出了积极贡献。它们存储的信息可减少不同页面的加载时间。
让我们以您访问电子商务网站进行一些在线购物为例。您登录,将商品添加到您的数字购物车,然后决定在几天之前不购买任何东西。现在,当您在几天后重新登录到同一个网站时,您会看到您仍然登录到该网站,并且您之前添加的所有项目都在您的数字购物车中是安全的。在这里,顽固的登录和存储的购物车项目被记录到一个 cookie 文件中,当您再次访问该网站时,该网站会快速读取该文件。因此,cookie 有助于改善您的浏览和购物体验。
现在,浏览器 cookie 也有不同的类型,必须记住,并非所有 cookie 都是为了篡改您的在线安全,而是有益的。以下是一些常见的浏览器 cookie。
- 仅 HTTP cookie(HTTP-only cookies)有助于减少 cookie 对跨站点脚本 ( XSS ) 攻击的脆弱性
- Flash cookie(Flash cookies)(一种超级cookie)
- (Third-party cookies)源自第三方域并被归类为有害的第三方 cookie
- 第一方 cookie(First-party cookies)也称为永久 cookie,它们帮助站点在将来重新访问时记住用户的信息和设置
- 会话 cookie(Session cookies)以网站的短时记忆而闻名
- (Secure cookies)只能通过加密连接传输的安全 cookie
- Zombie cookie(Zombie cookies)与 flash cookie 密切相关,如果有人删除它,它可以立即重新创建自己
很少有 cookie 在几天后被删除或被编码为在固定时间段后自动删除,这些是持久性 cookie。还有一些难以删除的Supercookie(Supercookies),因为它们旨在规避常见浏览器 cookie 中的删除功能。让我们更多地了解他们。
什么是超级饼干?
术语“ supercookies ”、“ permacookies ”或“ zombie cookies ”——这些跟踪器通常被称为——根本不是 cookie(not cookies)。
超级cookie 是一种跟踪cookie,但具有更具威胁性的用途。Supercookies 具有与普通 cookie 完全不同的功能。它是一种由互联网服务提供商 ( ISP )插入HTTP标头的跟踪 cookie,它收集有关用户的互联网浏览历史、习惯和偏好的数据。也称为唯一标识符标头(Unique Identifier Header)( UIDH ),supercookie 在技术上不是HTTP cookie,而是注入从用户设备及其连接的服务发送的数据包中的信息。因此,当ISP发现用户的HTTP流量时,它会插入一个额外的HTTP在数据包离开用户计算机后将其标头。
Supercookies 可用于收集有关用户个人互联网浏览习惯和偏好的广泛数据,包括网站用户偏好访问和访问时间。而且,使用哪个浏览器或用户是否切换浏览器都无关紧要。Supercookies 也易于访问和收集来自传统跟踪 cookie 的信息;其中包括登录信息、插件数据、缓存图像和文件。即使在传统 cookie 被删除后,它也可以存储该信息。
为什么 Supercookies 是致命的
使用普通 cookie,您可以通过简单地清除浏览器数据、cookie 等来限制它在互联网上跟随您。Cookie 和第三方 Cookie 可以通过设置从浏览器中屏蔽,也可以在浏览器会话结束后自动删除。但超级cookie 完全不同——清除(Clearing)或删除浏览数据无济于事。这是因为 supercookie 不是真正的 cookie,它没有存储在浏览器中,而是在设备和它所连接的服务器之间注入。简而言之(Simply),它们与传统的 cookie 不同,它们更难检测和清除,因为它们中的许多不存在于您的计算机上或正常的 cookie 存储位置。用户对此无能为力。
Supercookie不是 cookie,它不像普通 cookie 那样保存在您的本地商店中。相反,它们是由Internet 服务提供商(Internet Service Provider)( ISP ) 注入的,它出现在您的网络和HTTP站点的服务器之间。他们可以轻松地收集用户的登录凭据、插件数据、图像和文件缓存。
Supercookie是一种跟踪 cookie,您几乎不可能将其删除。不幸的是,它们无法通过删除浏览器缓存数据来清除。广告拦截器或隐私跟踪器也不能阻止它们。如果ISP(ISP)允许,用户可以选择退出。
超级饼干的危险
美国最大的无线运营商Verizon(Verizon)因使用“超级cookies”在用户不知情的情况下跟踪用户的网络浏览活动而被美国联邦通信委员会(US Federal Communications Commission)罚款 135 万美元。
显然,Supercookie是一种隐私泄露形式。传统 cookie 仅与单个网站绑定,不能与其他网站共享,但UIDH可以向任何网站披露,并包含有关用户习惯和历史记录的大量潜在信息。Supercookie可被破坏性地用于收集大量数据然后转售。
电子边境组织(Electronic Border Organization)( EFF ) 还指出,广告商可以使用超级 cookie 从用户设备中恢复已删除的 cookie,并将它们与新策略相关联,从而规避用户采取的预防策略。此外,EFF指出,UIDH也可以应用于从应用程序发送的数据。这种组合允许创建用户互联网使用习惯的详细图片。
阅读(Read):什么是独立于浏览器的 Cookie?
如何删除超级cookie
到目前为止,我们了解到Supercookies存储了大量有关用户的信息。其中一些可以恢复常见的已删除 cookie,而另一些可能不会存储在您的设备上。那么,有什么办法可以去除呢?由于跟踪发生在“幕后”,用户可以做的“很少”来了解或阻止网站使用Supercookies 。
Supercookies 取决于HTTP连接,因此,与网站建立加密连接会破坏跟踪标头的功能。仅访问HTTPS网站(包括使用TLS或SSL证书的网站)有助于避免 Supercookies 跟踪用户的活动或捕获它们。此外,您可以通过安全网络重定向您的互联网流量 - 最好使用VPN在您和互联网的其余部分之间创建加密连接。
Firefox、Chrome、Edge、Safari和其他浏览器正在打击超级cookies。
最后,作为一般的最佳安全应用程序使用(best security application)最好的浏览器安全工具(best browser security tools)。使用 HTTPS 和VPN可能是一个有用的选择,但最终互联网用户需要的是一项强有力的法律,要求ISP(ISPs)允许用户拒绝此类跟踪其互联网足迹的程序。
What are SuperCookies? Difference between Cookies and SuperCookies
Supercookies are a serious threat to internet privacy. They are not stored on your computer but can identify your web traffic and are tremendously tough to detect. You would have heard of “Cookies”, no not the sweet edible ones, but we are talking about computer cookies that track you while you are browsing on the Internet. In simple terms, cookies are text files with pieces of information about your online activity.
Talk about an HTTP cookie which is again a small piece of code that is left in your web browser by a website that you visited. This cookie places info on your device so that the website could identify you as a returning user later when you visit it again. So, now when you have understood Cookies, let’s deep dive a bit further and know how Cookies work and the phenomenon called as Supercookies.
Understanding Cookies in detail
Most PC users accept that websites will download “Cookies” from the computer systems after they have visited the website. These browser-based files carry basic information that makes web browsing an easier and faster experience with successive site visits. Though their operation is somewhat fishy, most of the cookies are harmless and contribute positively towards enhancing your browsing experience. They store information that reduces loading times on different pages.
Let’s take an instance of you visiting an e-commerce website for some online shopping. You logged in, added items to your digital cart, and then decided not to buy anything until few days. Now, when you logged back to the same website after a few days you would see that you are still logged into the site and all the items that you added earlier are safe in your digital cart. Here, the dogged login and stored cart items are recorded onto a cookie file that the website quickly reads as you visit the website again. So, cookies help in improving your browsing and shopping experience.
Now, browser cookies are also of different types, and it has to keep in mind that not all cookies are made to tamper with your online security but are instead beneficial. Here are some of the common browser cookies.
- HTTP-only cookies help in reducing a cookie’s vulnerability to a cross-site scripting (XSS) attack
- Flash cookies ( a type of supercookie )
- Third-party cookies that originate from a third domain and are categorized as harmful
- First-party cookies are also known as permanent cookies, they help sites to remember user’s information and settings when they revisit them in the future
- Session cookies are best known as website’s short time memory
- Secure cookies that can only be transmitted over an encrypted connection
- Zombie cookies are closely related to flash cookies and can instantly recreate themselves if someone deletes it
Few cookies are removed after a few days or are coded to automatically delete after a fixed time period, these are persistent cookies. Then there are Supercookies that are tough to delete as these are designed to evade deleting capabilities in common browser cookies. Let learn more about them.
What are Supercookies?
The terms “supercookies,” “permacookies,” or “zombie cookies”—as these trackers are commonly referred to—are not cookies at all.
A supercookie is a tracking cookie but has a more threatening use. Supercookies have completely different functionality to a normal cookie. It is a type of tracking cookies that are inserted into an HTTP header by an internet service provider (ISP) that gathers data about a user’s internet browsing history, habits, and preferences. Also known as a Unique Identifier Header (UIDH), a supercookie is not an HTTP cookie in technicality, but rather information injected into packets sent from a user’s device and the service it connects to. So, when the ISP spots a user’s HTTP traffic it inserts an extra HTTP header into the packets after they leave the user’s computer.
Supercookies can be used to gather an extensive range of data on users’ personal internet browsing habits and preferences including the website’s users prefer visiting and the time they are visiting. And, it doesn’t matter which browser is being used or if the user switch browsers. Supercookies are also apt to access and collect information from traditional tracking cookies; these include login information, plug-in data, cached images, and files. It can store that information even after the traditional cookie has been deleted.
Why Supercookies are lethal
With a normal cookie, you can restrict it to follow you around the internet by simply clearing the browser data, cookies, and more. Cookies and third-party cookies can be blocked from the browser through settings, they can also be auto-deleted once the browser session ends. But a supercookie is completely different – Clearing or deleting browsing data does not help. This is because a supercookie is not a real cookie and it’s not stored in the browser but it’s injected between the device and the server it’s connecting to. Simply put, these are different from traditional cookies, they are harder to detect and get rid of because many of them don’t exist on your computer or in normal cookie storage locations. And there is not much a user can do about it.
Supercookie is not a cookie and it is not saved in your local stores like normal cookies. Instead, they are injected by the Internet Service Provider (ISP) and it appears between your network and the server of the HTTP site. They can easily gather the user’s login credentials, plug-in data, image, and file caches.
Supercookie is a tracking cookie that you are nearly impossible to remove. Unfortunately, they cannot be cleared by deleting browser cache data. Nor can adblockers or privacy trackers block them. Users can opt-out if their ISP allows.
The dangers of Supercookies
Verizon, the largest US wireless carrier by subscribers, was hit with a $1.35 million fine by the US Federal Communications Commission for its use of “supercookies” that track users’ web browsing activity without their knowledge.
Clearly, Supercookie is a form of a privacy breach. Traditional cookies are tied only to a single website and cannot be shared with another site, but UIDH can be disclosed to any website and contain a huge amount of potential information about the user’s habits and history. Supercookie can be damagingly used to collect a lot of data and then resell it.
The Electronic Border Organization (EFF) also states that supercookies can be used by advertisers to essentially recover deleted cookies from user devices and link them with a new strategy, evading the preventing strategies taken by the users. Also, EFF notes that UIDH can also apply to data sent from applications. This combination allows creating a detailed picture of the user’s internet usage habits.
Read: What are Browser Independent Cookies?
How to remove a Supercookie
By now we understand that Supercookies stores a lot of information about users. Some of them can recover common deleted cookies and some may not be stored on your device. So, what can be done to remove it? There is very “little” a user can do to know or prevent a site from using Supercookies because tracking happens “behind the scenes”.
Supercookies hinge on HTTP connections, hence, making an encrypted connection with a website breaks tracking headers from functioning. Visiting only HTTPS websites including those that use TLS or SSL certificates helps in avoiding Supercookies from tracking the user’s activity or catching them. Also, you can redirect your internet traffic through a secure network- it’s best to use a VPN to create an encrypted connection between you and the rest of the internet.
Firefox, Chrome, Edge, Safari, and other browsers are cracking down on supercookies.
Lastly, as a general use the best browser security tools for the best security applications. Using HTTPS and VPN may be a useful option, but in the end internet users need is a strong law that requires ISPs to allow the users to reject such programs that track their internet footprints.