Posted on 01/08/2015 3:04:25 PM PST by Swordmaker
A security flaw means that users of almost every modern web browser can be surreptitiously tracked online without their knowledge, Ars Technica reports, even when they make use of private browsing.
Apple users are particularly vulnerable, as their devices do not have a function that lets users delete super cookies from their browsers.
Most websites place whats called a cookie on visitors computers, which is used to track them and record their preferences. Its how websites can remember your password, for example. Like your web-browsing history, cookies are easy to delete. If you use your browsers private browsing mode, theyre never saved in the first place. As a result, advertisers can't track you and other computer users can't go back and see what you looked at.
However, a flaw in a modern web-security feature called HTTP Strict Transport Security (HSTS) allows websites to plant super cookies that can be used to track web users browsing habits even when private browsing is enabled.
Heres how it works.
Security researcher Sam Greenhalgh writes that HSTS allows a website to indicate that it should always be accessed using a secure connection that encrypts your communication with the site. This flag is then saved by your web browser, ensuring that any future visits to the website are secure. But websites can also abuse this power by using the feature to store a unique number that can be used to track your web browser.
And because HSTS carries over into private browsing, it means the super cookie can be used to track you whether youre attempting to cover your steps or not.
(Excerpt) Read more at businessinsider.com ...
As one knowledgeable commentor puts it:
"Apple products (in this case) are both safer and more secure, but (in some very unique circumstances) can still be tracked. They are trading security (against hackers) for a very minor amount of privacy (against a threat that hasn't been seen in the wild)."
The real method to avoid this issue is to NOT go to secure websites such as your Banking institution or Financial institution when you are using Private Browsing. Problem solved.
If you want on or off the Mac Ping List, Freepmail me.
Interesting.
I am constantly at war with the cookies on my computer. Some of them really mess things up until I delete them. I am not an expert in these matters so I can’t tell you why. I just know that deleting them helps.
Has anyone noticed that hackers have really ratcheted their activities since Obama started pushing “net neutrality” (which has absolutely nothing to do with neutrality but rather gaining more control of it).
BTTT
You want to get rid of super cookies...no problem....just use this , its free, just configure it properly:
http://www.alexandrugroza.ro/mptec/software/DisCleaner/_download/index.html
And you still will be able to sign in to your bank etc..no worries.
Switch to Microsoft, no Super Cookies. =) Sorry, just had to do it.
Along with my security programs, I use HTTPS Everywhere, and Malwarebytes Anti-Exploit free, Disconnect, and Adblock Plus.
Where does that put me, in regards to the issue you just described?
I’m an apple eater, not an Apple user
.
Some cookies are good to delete. Some cookies are good to keep. Some of these keep track of what is important. Trying to decide which is which is a mystery, the whichness of the which is often inscrutable.
Not unless the bank allows unsecured connections in the first place. What bank does that?
The feature in question forces an encrypted HTTPS connection when you attempt an unencrypted HTTP connection, thus sparing you an error message. But the absence of that cookie will not get you an unencrypted connection if the server does not allow it.
I use CCleaner (CrapCleaner) ... have for years. One nice feature is that it allows you to select which cookies are good and those don’t get deleted when you clean. Also has a good registry cleaner. Both free and paid versions.
For anyone not using an Apple , I use Ghostery . One site I use every day had 54 cookies , mostly advertizing cookies, running on it. Not any more.
“Switch to Microsoft, no Super Cookies. =) Sorry, just had to do it.”
****************************************************************************************************
Oh yuk, I’ve been there and done that for too many years. I’m NEVER going back. But thanks anyhow.
A few I know to keep. The rest I figure if they are important they will return.
Don’t know that I want to download an executable piece of software from a Romanian website.
No 64bit?
Same here. I've gotten into the habit of checking the list of trackers of every site I visit for the first time.
And Ghostery kills not just trackers, but widgets, advertising bots, and all sorts of little nasties.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.