EmailSafety.net - Watch out for hidden cookies

Watch out for hidden cookies

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- and because plug-ins are nonstandard browser components, users are often unaware that these silent conversations are even taking place.

Browser cookies are invaluable for storing things like usernames and shopping cart contents between e-commerce sessions, among many other legitimate uses. But cookies can also give Web sites the ability to track your surfing habits for the purpose of data mining or other, more malicious goals. That's why modern browsers give users fine-grained control over their cookies -- we can view them, delete them, or even block them completely. These controls don't apply to plug-ins, however, which add nonstandard features outside the customary browser UI.

The paper cites Google's Gears as one example of a plug-in that can mimic cookies. While in general it gives Gears high marks for walling off users' data from unwanted accesses, it also cautions that users might not fully understand how to specify what data Gears is allowed to store. Gears always asks you if you permit it to talk to a given Web site, but it will only ask once. If you later decide that you'd like to disable Gears for that site, you have to remove the site from a list via a special control panel. Your browser's normal privacy settings have no effect on Gears' behavior.

The paper was even more critical of Adobe's Flash plug-in, which it says will store persistent data on the local PC without notifying the user. Furthermore, the paper says this data will be available across any and all Web browsers the user might launch, even ignoring the "private modes" (otherwise known as "porn modes") of modern browsers. Adobe publishes a Web page that allows you to view and edit the cookie-like data stored by the Flash plug-in, but there is no way to access this data from within the browser's normal menu hierarchy.

Related Content

While the risks identified by the iSec paper are relatively low, they do bring up an important point, of which all Web surfers should be aware: Cookies are only the beginning. As Web-based applications become increasingly sophisticated, incorporating an ever-widening array of technologies, don't assume that a couple of checkboxes in your browser's preferences panel will protect you from all of the data-collection methods on today's Web.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites