Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zombie Cookies Just Won't Die

Posted by CmdrTaco on from the zombie-want-caaaaache dept.

GMGruman wrote in to say "Microsoft embarrassed itself last week when it got caught using 'zombie cookies' — a form of tracking cookies that users can't delete, as they come back to life after you've 'killed' them. Microsoft says it'll stop the 'aberrant' practice. But Woody Leonhard says you ain't seen nothing yet. It turns out HTML5 offers a technical mechanism to give zombie cookies a new lease on life — and the Web browsers' private-browsing features can't stop them."

3 of 189 comments (clear)

  1. No problem by maxwell+demon · · Score: 5, Informative

    The "standard" Firefox plugins already take care of it.

    No DOM storage without JavaScript, no Flash cookies without Flash -> NoScript
    Most tracking cookies come from ad networks -> AdBlock Plus
    Most tracking cookies come from third party domains -> RequestPolicy.
    And if you get one anyway, you can also get rid of it -> BetterPrivacy.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  2. "zombie cookies" means Flash cookies by Sloppy · · Score: 5, Interesting

    Can't you setup browsers to prompt to create local storage?

    The article does a major disservice to everyone (and I wish we could mod it down) by making up the term "zombie cookies." This new bullshit term hides what's going on and makes us all a little bit stupider. All I have to do to answer your question, is tell you what the article is really about. Instead of making up a bullshit term to confuse you, I'll use a descriptive term.

    Ready?

    Flash Cookies. The article is about websites caught using Flash cookies instead of browser cookies.

    See, asshole-who-wrote-the-article, that wasn't hard. Flash cookies. Now instead of misleading people into thinking their browsers have a problem with cookies and other local storage, people see that the real problem they have with their browsers is plugins, which allows them to run native code that totally bypasses all the browsers' policies.

    Flash cookies. Watch all the questions disappear .. but oops .. all the traffic to the fucking article disappears too, since people don't have to click through, read the first article that makes the weird reference to zombies, then click through to another article that explains WTF "zombie cookies" are about.

    Slashdot should not have linked to this piece of shit.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    1. Re:"zombie cookies" means Flash cookies by BitZtream · · Score: 5, Insightful

      It actually wasn't about flash cookies.

      It was about using browser cache as storage medium by doing some neat tricks on the server to get the browser to keep a javascript file in cache, which inturn functions as a cookie when used by various pages that reference it.

      Page requests cookie.js, the server then serves cookie.js with a cache expiry of a hundred years into the future, and says it hasn't changed in a hundred years either.

      Your browser caches it and then doesn't request a new copy for a 100years, why should it, it was told the file isn't going to change.

      The data in the file now serves as a unique ID which can be used to associate your browsing habits.

      THAT IS A ZOMBIE COOKIE. It has nothing to do with flash. This isn't new, a friend of mine and I discovered this years ago by accident due to a bug in a web app we were working on.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager