Browser cookies: How they could be undermining your privacy

Hello there!
From time to time, we at the business desk are pleased to bring you articles
that can help you to deal more effectively and efficiently with the wide
world of technology. If you are struggling to keep up or are a bit lost
when it comes to being able to do things on your own without having to ask
or pay for help then we invite you to read on.
Today we have a great little article for you;
Browser cookies: How they could be undermining your privacy

We hope you find this article useful. Have a great day.
The business desk team
Follow us on Twitter @accessibleworld

+++++++++++++++
A Gaston Bedard contribution

Browser cookies: How they could be undermining your privacy

New research shows cookies picked up by your web browser can tell snoopers a
lot about you

By Dan Misener, CBC News, April 08, 2014

The link between cookies and tracking isn’t new. But what is new is the
extent to which an eavesdropper can use those cookies to build a very
accurate picture of your browsing history. (Francisco Seco/Associated Press)

Related Stories
Digital surveillance: How you’re being tracked every day
End of Windows XP tech support: How it will affect you
Data Privacy Day highlights need for action: Dan Misener
45% of Canadians willing to sell their digital data
iBeacon: How much privacy would you give up for a coupon?
Fingerprint scanning a balance of security and convenience: Dan Misener

In-store WiFi is great for comparison shopping, but it comes with risks

Through the eyes of an online advertising network, I’m not Dan Misener.

Rather, I’m 002113fd47dacc02c64de16f75.

That’s just one of the unique IDs assigned to me by an online ad company.
It’s stored in a cookie on my computer, and according to new research from
Princeton University it’s part of what makes it surprisingly easy to piece
together a fairly complete picture of my web browsing history.

In a new paper called “Cookies that give you away,” researchers describe how
an eavesdropper could use cookies from advertising and tracking companies to
“reliably link 90 per cent of a user’s web page visits to the same
pseudonymous ID.”

What’s more, those pseudonymous IDs can often be linked to real-world
identities. “Many sites display real-world attributes such as real name,
username, or email on unencrypted pages to logged in users, which means that
the eavesdropper gets to see these identifiers,” the report says.

To be clear, the link between cookies and tracking isn’t new. But what is
new is the extent to which an eavesdropper can use those cookies to build a
very accurate picture of your browsing history.”It’s pretty astounding,”
says Dillon Reisman, an undergraduate researcher who co-wrote the paper.

The technique, called “cookie linking,” works in part because of the
ubiquity of third-party trackers. They’re everywhere, and they’re largely
invisible to most web users.

To get a sense of this, I used the tracking visualization software Lightbeam
to snoop on some of my own web surfing.

I started by visiting cbcnews.ca. Lightbeam reported connections not only to
CBC’s servers, but also to 28 third-party sites: advertising networks,
tracking services, social media sites, and so on. Then I visited Buzzfeed,
which connected to 17 third-party sites.

Now here’s the important bit: cbcnews.ca and Buzzfeed use some of the same
third-party trackers: doubleclick.net, scorecardresearch.com, and adnxs.com.

In other words, there’s overlap.

And according to Reisman, that overlap is the key to cookie linking.

“One site alone isn’t really a problem,” he says. “It’s the fact that there
are these possible hubs of sites that embed a lot of cookies that allows
this cookie linking to happen.”

Who’s watching?

But who exactly might be eavesdropping?

Spy agencies for one.

“An inspiration for this [research] obviously was the recent news that the
NSA has used third-party cookies before,” Reisman says. “It could be done by
a lot of people. Say, someone sitting in a coffee shop, listening in on
traffic.”

Since cookies are often sent without encryption, he says, an eavesdropper
could listen in to traffic on an unsecured wireless network.

Cookie linking could also be done by internet service providers, or
individuals with access to ISPs.

“So the threat can be from a large eavesdropper with a massive view of the
network, or it could even be someone a couple of tables over.”

Connection to real-world identities

In theory, cookie-based tracking IDs like mine
(“002113fd47dacc02c64de16f75”) are pseudonymous.

But according to the researchers, cookie linking can allow eavesdroppers to
connect pseudonymous IDs to real-world identities.

‘Over half of popular sites with account creation leak some form of
real-world identity.’

– Princeton University researchers

Reisman gives an example: “Say, if I log into a website and it says, ‘Hi,
Dillon,’ that might be transmitted across the wire in a way that an
eavesdropper
can read it.”

The researchers found that “over half of popular sites with account creation
leak some form of real-world identity.”

Due to the nature of cookie linking, those leaks can spread, according to
the report. “If one website leaks your identity, then your identity has now
been
leaked for all of these websites you can connect with third-party tracking
cookies.”

Privacy tools

If you don’t like the idea of this kind of tracking, there are a few
countermeasures individuals can take.

The first is to use anti-tracking tools. These block or limit trackers and
cookies as you browser around the web.
Ghostery and Disconnect are popular free options.

The researchers also suggest that the anonymity tool Tor can thwart cookie
linking threats.

Reisman believes the onus also falls on website operators. “Actions should
be
taken on the parts of the sites you visit to use HTTPS to encrypt your
traffic, and also take better care when they transmit personal information,
or cease the
transmission of personal information if it’s not necessary.

“These are all action that, unfortunately, a user can’t take upon
themselves,” Reisman adds. “But [they] should be encouraging the services
they use to take.”

This entry was posted in Uncategorized. Bookmark the permalink.