'Supercookies' just won't go away

Difficult to remove new type of cookie which can track user history and preference, giving rise to privacy concerns, note experts.

User privacy is the biggest concern surrounding the use of supercookies which secretly collect user data beyond the limitations of common industry practice, noted Jason Pearce, security director of sales engineering at M86 Security Asia-Pacific. Elaborating in an e-mail, he told ZDNet Asia that many were still unaware of supercookies and browser cookies themselves provide an avenue for "identity thieves" to find people's personal information.

Pearce cited that a likely scenario would be for someone to install a supercookie which a malicious hacker had used to commit identity theft or for a reconnaissance before the launch of a larger scale advanced persistent threat attack. Organizations that also practised the use of supercookies to track usage on their Web sites risked legal liability, he added.

Last month, major Web sites including MSN.com and Hulu.com were found to be tracking people's online activities using supercookies, which researchers at Stanford University and University of California said could be used to re-create users' profiles after people had deleted regular cookies.

For more on this story, read User privacy concerns emerge over supercookies on ZDNet Asia.