NEWS


Computing Now Exclusive Content — November 2011

News Archive

July 2012

Gig.U Project Aims for an Ultrafast US Internet

June 2012

Bringing Location and Navigation Technology Indoors

May 2012

Plans Under Way for Roaming between Cellular and Wi-Fi Networks

Encryption System Flaw Threatens Internet Security

April 2012

For Business Intelligence, the Trend Is Location, Location, Location

Corpus Linguistics Keep Up-to-Date with Language

March 2012

Are Tomorrow's Firewalls Finally Here Today?

February 2012

Spatial Humanities Brings History to Life

December 2011

Could Hackers Take Your Car for a Ride?

November 2011

What to Do about Supercookies?

October 2011

Lights, Camera, Virtual Moviemaking

September 2011

Revolutionizing Wall Street with News Analytics

August 2011

Growing Network-Encryption Use Puts Systems at Risk

New Project Could Promote Semantic Web

July 2011

FBI Employs New Botnet Eradication Tactics

Google and Twitter "Like" Social Indexing

June 2011

Computing Commodities Market in the Cloud

May 2011

Intel Chips Step up to 3D

Apple Programming Error Raises Privacy Concerns

Thunderbolt Promises Lightning Speed

April 2011

Industrial Control Systems Face More Security Challenges

Microsoft Effort Takes Down Massive Botnet

March 2011

IP Addresses Getting Security Upgrade

February 2011

Studios Agree on DRM Infrastructure

January 2011

New Web Protocol Promises to Reduce Browser Latency

To Be or NAT to Be?

December 2010

Intel Gets inside the Helmet

Tuning Body-to-Body Networks with RF Modeling

November 2010

New Wi-Fi Spec Simplifies Connectivity

Expanded Top-Level Domains Could Spur Internet Real Estate Boom

October 2010

New Weapon in War on Botnets

September 2010

Content-Centered Internet Architecture Gets a Boost

Gesturing Going Mainstream

August 2010

Is Context-Aware Computing Ready for the Limelight?

Flexible Routing in the Cloud

Signal Congestion Rejuvenates Interest in Cell Paging-Channel Protocol

July 2010

New Protocol Improves Interaction among Networked Devices and Applications

Security for Domain Name System Takes a Big Step Forward

The ROADM to Smarter Optical Networking

Distributed Cache Goes Mainstream

June 2010

New Application Protects Mobile-Phone Passwords

WiGig Alliance Reveals Ultrafast Wireless Specification

Cognitive Radio Adds Intelligence to Wireless Technology

May 2010

New Product Uses Light Connections in Blade Server

April 2010

Browser Fingerprints Threaten Privacy

New Animation Technique Uses Motion Frequencies to Shake Trees

March 2010

Researchers Take Promising Approach to Chemical Computing

Screen-Capture Programming: What You See is What You Script

Research Project Sends Data Wirelessly at High Speeds via Light

February 2010

Faster Testing for Complex Software Systems

IEEE 802.1Qbg/h to Simplify Data Center Virtual LAN Management

Distributed Data-Analysis Approach Gains Popularity

Twitter Tweak Helps Haiti Relief Effort

January 2010

2010 Rings in Some Y2K-like Problems

Infrastructure Sensors Improve Home Monitoring

Internet Search Takes a Semantic Turn

December 2009

Phase-Change Memory Technology Moves toward Mass Production

IBM Crowdsources Translation Software

Digital Ants Promise New Security Paradigm

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

What to Do about Supercookies?

by George Lawton

Ongoing concerns about online privacy have led two members of the US Congress to call for the prohibition of supercookies, which users can't remove from their browsers even with a common delete-cookies command.

These complaints have caused a renewed interest in supercookies.

Representatives Joe Barton and Edward Markey — cochairs of the Congress' Bipartisan Privacy Caucus — wrote the US Federal Trade Commission (FTC) about their concerns.

"I think supercookies should be outlawed because their existence eats away at consumer choice and privacy," argued Baron. "How can you protect yourself from unwanted online tracking of your browsing history when you don’t even know your information is at risk?"

Markey wrote, "Companies should not be … gobbling up personal, sensitive information without users' knowledge. Consumers, not corporations, should have the choice about if, how, or when their personal information is used."

The two Congress members are proposing legislation to help combat supercookies and other online-tracking technologies.

However, some critics are not convinced that legislation banning supercookies is justified.

"I don't think that legislatures or regulators are well positioned to figure out the answers right now," said Jim Harper, a privacy scholar at the Cato Institute, a conservative public-policy research organization.

According to Harper, public pressure, lawsuits, and FTC action based on existing laws will better work out many of the biggest concerns about supercookies.

"And I am hesitant to say that any technology should be banned outright," he noted.

In some cases, Harper explained, tracking users across sites may offer technical benefits such as improving service quality or performance.

"This is just another juncture in a long conversation about what people share when they go online and what kinds of information operators can collect," he said.

Supercookies 101

Cookies — which can work across either single or multiple websites — are useful for storing users' website preferences, shopping-cart items, and so on.

However, they can also store information about what visitors do on the Web across a host site and its partners. Companies can use this information to generate advertisements that target specific users.

A supercookie is a piece of code stored on a computer that collects and regenerates user information after normal cookies have been deleted.

For example, a Flash local stored object lets a website store tracking code on a user's computer. Because it operates as part of the Adobe Systems Flash plug-in, not the browser, it is more difficult for users to control via their browsers' privacy settings. This capability also lets the Flash LSO track users across multiple browsers.

Flash LSOs have grown in usage as Adobe's Flash browser plug-in has increased in popularity.

Another concern is zombie cookies. Individuals who plant these cookies on a victim's site could recreate them even after the recipient deletes them.

When the tracking party places the zombie cookie on a computer, a user ID is stored in the Adobe Flash player storage bin. If the user deletes the cookie, the tracking party can still retrieve the ID and continue collecting information.

Browser fingerprinting identifies users for tracking based on their browser-configuration signatures, IP addresses, plug-ins, system fonts, and operating system.

A website uses a client-side script to collect the data from a visitor's website and store the information in its own database.

ETags: A New Threat

Researchers recently determined that hackers could use entity tags like supercookies.

An ETag is an identifier that a Web server assigns to a specific version of a resource found at a URL. If the content at that URL changes, the Web servers assign it a new ETag.

This lets a system recognize when content hasn't changed between server requests for URL and that the information that browsers have cached is still current. The tags thereby eliminate the need for servers to resend the same information. This makes the process more efficient.
However, the approach also lets online advertisers utilize ETags — which contain information about visitors to sites — as another technique for tracking users.

People who track users via ETags generate unique identifiers that recognize visitors across multiple returns to a given site.

ETags are stored in a browser's cache and aren't eliminated when users delete cookies. Instead, users must manually clear their browser caches to get rid of ETags.

Researchers have already found that some websites are using ETags to track visitors.

A recent US class-action lawsuit — claiming that ETags violate the federal Wiretap Act by tracking Web users in ways that circumvent browser privacy controls — has led some sites to stop employing them.

The War against Supercookies

Several class-action lawsuits against websites using Flash LSOs led to a $3.4 million out-of-court settlement, as well as pledges not to utilize the approach again. Other litigation is pending.

Adobe has updated Flash to make it easier for users to control Flash cookies, noted Seth Schoen, a staff technologist at the Electronic Frontier Foundation, a digital-rights advocacy organization.

The World Wide Web Consortium has launched the Tracking Protection Working Group to improve tracking-control mechanisms.

The group plans to work with browser and search-engine makers, content providers, advertiser networks, and various experts to create standards by mid-2012 that would let users express their tracking preferences and select which parties can track them online.

In addition, major browser makers are experimenting with antitracking approaches.

For example, Microsoft is working with tracking-protection lists, in which users could specify which sites they would let track them.

Mozilla has developed a technique that lets users transmit a do-not-track header to websites.

Google designed the Interface CookieManager API, which makes it easier to filter, edit, preserve, and otherwise handle cookies.

Several other companies have developed improved cookie-management tools for the Chrome browser.

However, Carnegie Mellon University associate professor Lorrie Cranor said she and her research team just finished a study (www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdf) of nine tracking-prevention tools and found that they required many manual settings and were difficult for the average consumer to use and configure.

George Lawton is a freelance technology writer based in Guerneville, California. Contact him at glawton@glawton.com.