Cookies - new trends

As part of our technology watch activities we investigated the latest developments with regard to the use of cookies. Cookies are a well-known mechanism used in web browsers that store the traces left by the user during surfing. In a way they are the browser's memory. At the beginning, cookies were just text files, but with technological development they have become more and more powerful and are now a real threat to our privacy.

A cookie is a small file that is sent by a website to the browser the first time a user visits it, and is sent back to the website each time the user returns. Thus, the website recognises the browser and, by the same token, it recognises the computer and the user. Certain user preferences can be memorized and reactivated by the website on each subsequent visit.

One of the first developments were the so-called third-party-cookies. These are not stored on the computer by the website that is being visited, but by third party sites whose adverts appear on the visited site. This definitely constitutes a more drastic violation of privacy, as the user does not know that cookies have been placed on his computer. When adverts appear on several other websites, the user can be traced by the tracks left by third-party-cookies.

Flash cookies (local shared objects) have considerably more storage space available than conventional cookies. The information they contain is thus far more significant. Furthermore, what is special about these cookies is that they are visible to different browsers and not just to the browser that was used at the time the cookie was placed on the computer.

Finally, the latest development which we examined is the evercookie. What sets these cookies apart is that they have the ability to multiply and to place copies of themselves in different parts of the computer. In order to deactivate this type of cookie, the Ā«originalĀ» as well as all the copies - and there can be up to 13 of them - have to be deleted. Even if only one copy is overlooked, the cookie will replicate itself automatically. This means that deleting these cookies in the standard manner will not protect the anonymity of the user when he returns to one of the websites.

After carrying out a number of tests we have come to the conclusion that these evercookies are extremely difficult to get rid of. A combination of various deletion methods must be used, and even then copies may still remain which cannot be easily destroyed. In order to counteract this development, various projects are currently being deployed, but our tests have not shown them to be particularly reliable.

As the development of these new cookies has shown, it is becoming increasingly difficult to surf the Net and remain anonymous. The information that is downloaded on to the computer and which is so difficult to remove provides websites with a lot of knowledge about the surf habits of the each user, including his preferences, his interests, and much more besides.