New ‘Super Cookies’ Can Track Your Private Web Browsing — And Apple Users Can’t Get Rid Of Them
by Rob Price, provided by Business Insider, San Francisco Chronicle
A security flaw means that users of almost every modern web browser can be surreptitiously tracked online without their knowledge, Ars Technica reports, even when they make use of “private browsing.”
Apple users are particularly vulnerable, as their devices do not have a function that lets users delete super cookies from their browsers.
Most websites place what’s called a “cookie” on visitors’ computers, which is used to track them and record their preferences. It’s how websites can remember your password, for example. Like your web browsing history, they’re easy to delete. If you use your browser’s “private browsing” mode they’re never saved in the first place — and advertisers can’t track you, and other computer users can’t go back and see what you looked at.
However, a flaw in a modern web security feature called “HTTP Strict Transport Security” (HSTS) allows websites to plant “super cookies” that can be used to track web users’ browsing habits even when private browsing is enabled.
Here’s how it works.