daily californian logo


Take a look at our 2022 midterm elections special issue!

Popular websites’ use of ‘supercookies’ raises online privacy issues

article image


We're an independent student-run newspaper, and need your support to maintain our coverage.

AUGUST 24, 2011

The age-old Internet security advice for kids has always been to never release their phone numbers on the Web.

But in an age in which Google and Facebook request phone numbers for increased security, recent studies by UC Berkeley and Stanford University found that Web users are still at risk as popular websites are able to recover browser history immediately after users visit the site.

Websites like Hulu and MSN have utilized new technologies known as “supercookies,” — designed to undo or bypass consumers’ preferences to keep their information private — allowing the sites to access users’ browser history even after they have cleared their browser.

This usage of supercookies can lead to third-party tracking and behavioral advertising, and according to an email from Chris Hoofnagle, a UC Berkeley lecturer in residence and lead on the UC Berkeley study, the supercookies use tricks to make users think they are not being monitored while still tracking them across the Internet.

“Imagine that your RA wanted to monitor your behavior in the dorm, so your RA installed large windows in your room in order to watch over you,” Hoofnagle said in the email. “The RA also tells you that you have the right to opt out of this monitoring.  You opt out, but instead of installing blinds, the RA installs a one-way mirror.”

UC Berkeley published an online study on July 29 about online privacy, and Stanford released a separate, informal study, called the Do Not Track project, to the Federal Trade Commission regarding its research. But Hoofnagle said both universities’ work is complementary and part of the same National Science Foundation group looking at secure computing.

According to Jonathan Mayer, a Stanford graduate student in computer science and leader of the Stanford project, his team began working on the project in March 2011 when they realized that so-called credible supercookie technologies were actually not protecting people on the Web.

“If you don’t want to be tracked, you should be able to check a box that does this,” Mayer said.

Mayer also said that some supercookie technologies should only be used to prevent online fraud and that it is objectionable to be “supercookied” every time a user tries to partake in an action — like opening a credit card — on the Internet.

“We need to be giving users choices based on online tracking, private browsing modes and making sure they don’t leave things behind on the computer,” Mayer said.

One of the websites that was mentioned in both the UC Berkeley and Stanford studies and is currently involved in litigation regarding online privacy is the popular video site Hulu, which can regenerate Web activity between browsers.

Representatives from Hulu declined to comment when contacted but did write a blog post on Aug. 5 on their website about the issue of online privacy,  which states, “Upon reading the research report, we acted immediately to investigate and address the issues identified. This included suspending our use of the services of the outside vendor mentioned in the study.”

Ashkan Soltani, an independent  online privacy researcher and security consultant who collaborated on both studies, said that  the problem is that websites circumvent users’ anonymous choices.

“It highlights the technology arms race that consumers are engaged in,” Soltani said. “It’s this game of privacy Whac-A-Mole where you block one way but there’s another way to get someone’s information.”

Contact Anjuli Sastry at 


AUGUST 24, 2011