Posted on 01/08/2015 3:04:25 PM PST by Swordmaker
A security flaw means that users of almost every modern web browser can be surreptitiously tracked online without their knowledge, Ars Technica reports, even when they make use of private browsing.
Apple users are particularly vulnerable, as their devices do not have a function that lets users delete super cookies from their browsers.
Most websites place whats called a cookie on visitors computers, which is used to track them and record their preferences. Its how websites can remember your password, for example. Like your web-browsing history, cookies are easy to delete. If you use your browsers private browsing mode, theyre never saved in the first place. As a result, advertisers can't track you and other computer users can't go back and see what you looked at.
However, a flaw in a modern web-security feature called HTTP Strict Transport Security (HSTS) allows websites to plant super cookies that can be used to track web users browsing habits even when private browsing is enabled.
Heres how it works.
Security researcher Sam Greenhalgh writes that HSTS allows a website to indicate that it should always be accessed using a secure connection that encrypts your communication with the site. This flag is then saved by your web browser, ensuring that any future visits to the website are secure. But websites can also abuse this power by using the feature to store a unique number that can be used to track your web browser.
And because HSTS carries over into private browsing, it means the super cookie can be used to track you whether youre attempting to cover your steps or not.
(Excerpt) Read more at businessinsider.com ...
Yup. That's my experience as well. I've been using Ghostery for a couple of years now, and I've noted that very few sites are benign when it comes to this stuff. Some blogs and sites like FR are trackerless, but most of them attach a posse of bots to your computer.
It’s really quite remarkable.....after just a few hours I could not believe how many trackers are on sites....truly astounding! Thank you for posting that link.
You're most welcome, caww.
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">_uacct = "UA-2288668-1"; urchinTracker();</script>Why is FR using a sophisticated tracking system that can geographically locate users? Or can track which other web sites they visit?
You will have to ask John Robinson that question. . . it is not my place to answer for FreeRepublic. Nor do i see what relevance it has in reference to this discussion from January about a proof of concept exploit that is not in the wild.
It makes as much sense as you spamming FR 24x7 with Apple trolling.
The article you posted was about upper Cookies and tracking. I guess my comment relating to tracking wasn’t in your Apple orders for the day.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.