Obey Do Not Track? Forget it. Now advertisers are using zombie super cookies

After users delete them, supercookies rise from the dead and rebuild your tracking profile

Online ad-business observers are shocked that advertisers not only didn't respect the Do Not Track features built into the latest version of all the major browsers, They pushed their invading forces further into what remains of browsers' privacy by using an even-more-powerful type of supercookie and services that will copy users' browsing history without permission.

A Wall Street Journal story Thursday morning touched off outrage that companies like Epic Media Group would build and distribute code that would embed itself in browsers and report which of 1,500 sites they visit.

Epic tracks 2,500 data segments of data on individuals and embeds a cookie that continues to sent browser-history information after users opt out of the service.

Other companies cited by the WSJ but not named specifically, attach cookies that re-launch theselves after a user deletes them and recreate the user's behavioral profile.

Lee Peeler, executive vice president of the Council of Better Business Bureaus, said the techniques violate the guidelines if they are used “to negate consumer choices” related to the display of online advertising, according to the Journal story.

Last December the Federal Trade Commission proposed a Do Not Track list both advertisers and sellers of advertising could promise to use to respect the privacy of customers without having to put up with a lot of pesky regulation.

The regulations would have been hard to push through a newly Republican-dominated House of Representatives, anyway, so why bother, when self-regulation and the obvious willingness of Corporate America to venerate the rights of its customers would take care of any potential problems.

Some pundits went waaaay out on a limb to predict hoping for a result you can't enforce might not be the most effective approach.

Of course they'd be wrong, if advertisers and publishers hadn't ignored the do-not track technology and wishes of their customers to such an extent that it was hard for researchers at the Center for Internet and Society to find any at all that stopped tracking all a user's behavior after the user asked them to stop using the Do Not Track feature.

After DNT policies went into effect only two companies -- Media6Degrees and BlueKai stopped tracking users, according to a CIAS study in July. Another eight later did the same, deleting their tracking cookies when users DNT'd, though they were only obligated to stop targeting those users with ads based on tracking data.

Of the 64 companies in the self-regulatory group Network Advertising Initiative – the companies most likely to respect DNT, remember, because they're all excited about self regulation – half continued to track users who asked not to be, but only by neglect. They didn't delete tracking cookies after users opted for Do Not Track.

Another eight companies promised to delete their cookies and stop tracking when a user chooses DNT. They didn't. The left the cookies in place.

Now, according to the WSJ, Hulu, MSN and others are using zombie cookies that return from the dead after you delete them.

Some of the companies in the Journal story said use of the zombie supercookies was inadvertent and they would stop.

Inadvertent? As if you convert to raise-themselves-from-the-dead cookies by accident?

Or was the accident just offending users, who weren't supposed to find out?

MSN and Hulu, by the way, after being "notified they had been using supercookies," according to North Georgia's Sky Valley Chronicle, "announced they would investigate the matter."

Wouldn't want them to be surprised by their own skulduggery.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies