MSN Cookie Data Crosses Domains

tzanger writes "My brother pointed me to this article on pc-help.org. It explains a clever GUID tagging mechanism employed my MSN which allows cookies to be set and tracked over multiple domains. Of particular interest is that this mechanism works even if cookies are disabled. Finally, IE users may find that their Trusted Sites settings are useless if msn.com is on the list of sites that they do trust." Not a new issue, but a very clear and technical explanation of what is going on behind the scenes. Nice investigative work.

More on msid.msn.com

[Tackhead]

Go on, try it. Block msid.msn.com and cookies in Junkbuster, then try to visit msnbc.com.

Your browser will get caught in a loop, reloading blank pages until eternity.

Think that's bad? How 'bout msid.msn.com cookies set as part of your install, and re-created even after deletion?

Grab a hex editor or other file viewing tool (e.g. LIST.COM) and examine MSIE's cookie files, you'll see that msid.msn.com has a cookie set even if you don't use IE. (Reproduce: Delete - from within DOS, not Windoze, all MSIE cookie files. Reboot. Do not connect to the 'net. Observe that IE has re-created cookies pointing to msid.msn.com with your information in 'em, even though you never connected to the 'net. They're there on a clean install from CD-ROM, and they come back every time you delete 'em.

This is why I've had msid.msn.com firewalled for the past 2-3 years. Nothing comes in, nothing goes out. Ever.

I have no idea what Bill's doing with this data, but I sure as fuck don't like it.

(And I concur with the poster that said this should be on the /. front page. Whatever's going on at msid.msn.com has been going on since the release of Windows 98, and it needs to be investigated by those with more clue than I.)