Why do supercookies have the prefix “super” attached to them? Do they have more chocolate chips than regular ones? Not really. In fact, supercookies have a whole different meaning and consequence on the internet. To the privacy conscious user, they are a bane in every way. Browser-based cookies have almost as long a history as the internet itself. They were created by an engineer around 1994. The idea was to help e-commerce websites maintain purchase carts of individual clients. But they soon began to be used widely. Lately, a new kind of cookie, ominously termed as supercookie, brings a lot of privacy issues with it. Certain companies like Verizon make heavy use of them. They primarily track your activities, steal your data, and sell this data to advertisers. What’s worse is that supercookies are really hard to detect and delete.
What Are Supercookies?
What Do Cookies Actually Do?
Basically, a cookie is a data bit leftover from your browsing activities. This data bit contains information to identify you at a later visit. Obviously, anyone who values online privacy is not a fan of these. Further, some cookies can even map out a behavior pattern by checking the websites visit next.
Cookies are, at least in principle, tasty treats you get from websites. They are optional and you can delete them when you want. However, supercookies are mandatory and once you have them, you are not going to escape their surveillance. Naturally, online privacy proponents want corporations to pull the plug on this thing.
If we go in more detail, supercookies are not actually cookies at all. We say so because they are not downloaded and stored on browsers. Rather, they use something called Unique Identifier Headers or UIDH and inject into your connection at the network level. Essentially, UIDH is any data bit that makes your net connectivity a unique quantum in the entire web.
The issue came to light when the FCC charged Verizon a fine worth $ 1.35 million for tracking people through UIDH-based supercookies. Because of this revelation, Access Now began offering an online service called AIBT (Am I Being Tracked?). Access Now is an NPO which wants to campaign for a free and open internet.
Their website could help users find out if they were being tracked by their mobile carriers. According to studies, more than 15 percent of all users were being tracked using UIDH-based supercookies.
At the same time, the study revealed as many as nine mobile connectivity carriers making use of supercookies. Such tracking is present all over the world. Mobile companies in countries like US, Canada, Mexico, Peru, Venezuela, Spain, the Netherlands, Morocco, China, and India etc. had tracking headers deployed on users.
Are These Things Really Bad?
Tracking through cookies of any kind is no technically harmful. However, they do undermine your privacy and this can be even more dangerous than any malware or virus.
ISPs have long been known to use supercookies for better advertising pitching. The collected data can be used by them as well as other parties. Some third parties can even catch hold of tracking headers on their own. They could then use the data for pitching targeted ads to users. Not to mention that this data can be stolen by hackers, leading to a huge loss.
Supercookies are data gathering machines that will track everything you do online. Further, they have access to data gathered by common cookies. So they can get your caches as well as data from your plugins. They can do this even after you have deleted the cookies.
This is naturally very worrying as people have no recourse against such tracking. Further, this opens up a can of worms. Data leaks, tracking by governments, and damaging use by cybercriminals are just the top concerns from supercookie use.
Supercookies are like Predators from the Arnold Schwarzenegger movie. Getting rid of them is next to impossible. Since they are not based on your online browser, a common cookie cleaner is not going to work on them. You could have supercookies on your device right now and you don’t even know it. Worse, there is no way of eliminating them once they make their way in.
Protecting yourself from these monsters is rather complicated. Just setting a ‘do not track’ on your browser settings will not do the job. Going Incognito or in private mode will not help either. The only way you can avoid them is by going only to websites with encrypted connections. At least, in theory, you could avoid supercookies by visiting HTTPS websites exclusively. These are the ones which have SSL or TLS (Secure Socket Layer or Transport Layer Security) certificates.
What about Alternatives?
Supercookies are unique data packets inserted at the ISP network level on HTTP requests. So, they can potentially be avoided by a network reroute through different channels. This sounds more complicated than it actually is.
To make it simple, you can use a VPN or a virtual private network. A VPN provides provide encryption throughout the network and will create a secure tunnel for the data to pass through. Thus, ISP tracking will become impossible.
Make sure you get a VPN that offers strong encryption and a firewall that blocks unwanted traffic coming to your device.
If you use Version, make sure you opt out of tracking. This option is now available to Verizon users after the FCC investigation. Further, they are going to need to ask your permission for sharing supercookies with other parties.
And if you do not use Verizon, you will basically have to watch your own back. Encrypted connections to HTTPS websites or VPNs is the best thing you can do for your online privacy.
Apart from that, we can only hope that the companies who use supercookies can be brought into the public spotlight. However, they are more likely to have become cautious after Verizon getting the fine. So their covert supercookie activities are going to get even sneakier and stealthier.