Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Lone Grad Student Scooped the FTC On Privacy Issue

Posted by Soulskill on from the dear-ftc-please-hire-people-like-this dept.

Pigskin-Referee sends this excerpt from an article at ProPublica: "Jonathan Mayer had a hunch. A gifted computer scientist, Mayer suspected that online advertisers might be getting around browser settings that are designed to block tracking devices known as cookies. If his instinct was right, advertisers were following people as they moved from one website to another even though their browsers were configured to prevent this sort of digital shadowing. Working long hours at his office, Mayer ran a series of clever tests in which he purchased ads that acted as sniffers for the sort of unauthorized cookies he was looking for. He hit the jackpot, unearthing one of the biggest privacy scandals of the past year: Google was secretly planting cookies on a vast number of iPhone browsers. Mayer thinks millions of iPhones were targeted by Google."

6 of 120 comments (clear)

  1. What are "secret cookies"? by DogDude · · Score: 5, Interesting

    What are "secret cookies"? Does anybody know what in the hell this means? Last I checked, cookies were plain text files stores in a specific place on a computer. How can a cookie be "secret"?

    --
    I don't respond to AC's.
    1. Re:What are "secret cookies"? by BitZtream · · Score: 5, Insightful

      You don't use a cookie.

      You use an image and some nifty tricks to figure out if it was cached and long story short, you trick the browser into giving you info because of how it responds to cached documents.

      This was on slashdot when the story originally came out with a much better description.

      And I seem to recall that it was pretty clear at the time by looking at the java script that it was probably purely accidental rather than intentional.

      Unfortunately, with CmdrTaco gone, sensationalizing of stories has shot up tremendously. You pretty much have to assume the summary is a lie now days. Not an error, an intentional lie.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    2. Re:What are "secret cookies"? by AliasMarlowe · · Score: 5, Informative

      when the locked-down computer/device prevents you from seeing them?

      Not sure if that's what's going on here - but being plain-text does not necessarily mean readable. I don't know how to see/read cookies on my ebook reader, for example.

      A good argument for knowing something about how your device works. I don't have an e-Reader, so don't know whether it's even possible to clear cookies (maybe they're needed to maintain access to purchased ebooks). Anyway, this whole rigmarole strongly reinforces Eben Moglen's recent suggestion. The spying behavior of locked-down devices is making his case very clearly.

      On a PC (not yet locked-down by UEFI), it's not sufficient just to clear cookies and LSOs. We have Opera set to delete its entire cache as well when you exit, and the kids know to clear their browsing history regularly (curious how quickly they learned that one). Firefox is also set to clear its cache and browsing history automatically on exit. On Chromium and Chrome, it's necessary to manually clear the entire cache and browsing history.

      FWIW, this site will tell you what can be discerned from your browser just visiting a page. It's likely to increase your paranoia level a bit, especially when this site tells you just how unique your browser is. Ours all appear to be unique, probably largely due to the installed fonts and plugins.

      Has anyone else noticed the appalling sensationalism in headlines these days? Slashdot is in danger of becoming just another gutter-press gossip site.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    3. Re:What are "secret cookies"? by phantomfive · · Score: 5, Informative

      No, that is a different technique. This one does use cookies, but it gets around the restrictions in Safari by doing a POST in the iframe. Details here, the Wired article is useless.

      --
      "First they came for the slanderers and i said nothing."
  2. from the dear-ftc-please-hire-people-like-this.. by Anonymous Coward · · Score: 5, Insightful

    from the dear-ftc-please-hire-people-like-this dept.

    I doubt that the FTC would pay them well enough to make it worth their while.

  3. Re:google's chrome by Quince+alPillan · · Score: 5, Informative

    http://www.mattcutts.com/blog/google-chrome-communication/

    http://www.google.com/chrome/intl/en/privacy.html

    Really? The Google paranoia is pretty heavy around here and is completely unnecessary. If you're not going to bother to become informed, you should avoid telling the world how uninformed you are.