Super cookie is a type of tracking cookies inserted into an HTTP header by an internet service provider (ISP) to collect data about a user’s internet browsing history and habits. Also known as a Unique Identifier Header, a super cookie isn’t technically an HTTP cookie, but rather information injected into packets sent from a user’s device and the service it connects to. When the internet service provider (ISP) detects a user’s HTTP traffic it inserts an extra HTTP header into the packets after they leave the user’s computer.
Cookies and Super Cookies
Super cookies are a blessing for advertisers as they facilitate user ad targeting. On the contrary, they are a nightmare for the privacy enthusiasts. In fact, ad targeting is not the only reason for their existence. Comparing with an ordinary cookie, it is more difficult to get rid of a super cookie. They are permanently saved on your device when you visit a particular website. Also, locating them on your device is much harder than a regular cookie.
Further, the process to find a super cookie is as difficult as the process to delete them. Most users assume that super cookies work the same way a regular cookie does. They store packets of information containing user’s identification, login credentials, browsing history and other forms of details. However, they are a totally different ball game.
Unlike regular cookies, super cookies are not stored in your browser, instead super cookies are saved on your device. They are able to penetrate at network level and act as UIDHs, also known as, Unique Identifier Headers. These UIDHs work as ID tags, distinguishing your connection from that of another user. These identifiers allow different websites to track its visitors’ without them ever knowing.
Cookies vs. Super Cookies
In this part we are introducing the differences in more details and in a clearer way for you.
- Super cookies don’t use local storage as regular cookies do. Instead, they are injected at the network level as Unique Identifier Headers (UIDH).
- Super cookies are inserted by your Internet Service Provider (ISP) rather than the website itself.
- You may not be aware of their existence as the ISP might use them in secret.
- UIDH personal data can be revealed to any website and potentially sold to third parties. Verizon has previously told their partners that they use this type of tracking and have received a $1.35 million fine from the Federal Communications Commission (FCC).
- Super cookies allow third parties to track you too. They can independently identify tracking headers themselves and use the data to serve you targeted ads across the web.
- Super cookies can restore the data of your deleted cookies and link the data with new ones. They can access your login credentials, image and file caches, and plug-in data.
- Ad blockers can’t block them, and you can’t clear them by deleting your browser history and cache data.
- You can’t simply delete super cookies. You only opt-out if your ISP allows you to.
How Bad Are Them?
Despite the fact that super cookies track user activity, they do not pose a threat to your device’s security like malware. They have no effect on your device’s performance or cause unwanted halts. However, super cookies are surely a threat for users concerned about their privacy. As explained before, super cookies are advertisers’ favorite tool to infiltrate your privacy.
Injecting super cookies into your device, websites can access your personal information, behavior and preferences. Super cookies can extract data from your cache files and regular cookies even after being deleted. Super cookies also track the time you are most active on the internet. Such information is precious than gold for advertisers. This information can either be used or shared with a third-party to create targeted ads – facilitated by user profiling and preferences.
Further, super cookies store information about your browsing habits and the websites you visit more frequently. This helps a lot with ad placements as the advertisers select websites that are frequently visited by users. Albeit, such information is not always limited or useful to advertisers. Since super cookies track your behavior and collect critical information, they make users susceptible to online surveillance, unauthorized access, exploits and leaks.
What Can You Do about Them?
So supercookies store a lot of information about you, resurrect deleted normal cookies, and aren’t stored on your device. What can you do about them?
Unfortunately, the answer is “not very much.” Verizon now allows subscribers to opt out of their UIDH tracking, which is a big improvement over the secrecy that they kept around this type of tracking in the past. To opt out of this program, go to www.vzw.com/myprivacy, log into your account, and go to the Relevant Mobile Advertising section. Select “No, I don’t want to participate in Relevant Mobile Advertising.”
If you are not a Verizon customer, you are pretty much out of luck. If someone else is tracking you with a super cookie and you don’t know about it, your best bet is to use an encrypted connection over HTTPS or a virtual private network (VPN) to mask your traffic. These two methods aren’t susceptible to super cookie tracking.
Beyond that, you just have to hope that the names of other companies using this technology come to light sooner rather than later. Though with Verizon getting hit by a fine (albeit a very small one), that doesn’t seem likely to happen anytime soon.
Use a VPN
As discussed before, the only viable alternate is data encryption. Thus, in this regard, a good VPN service always comes in handy. A VPN allows you to browse the internet securely and anonymously. Whenever you surf a website, your device sends a request to the server, in return, the server responds and you are displayed a desired result. Super cookies infiltrate this request and ascribe to the HTTP request by your internet service provider.
If your traffic is routed to your device from a different server other than the server your requested the information from, you would be saved from this debacle. A VPN can reroute your traffic through different servers – disallowing super cookies to cling to the traffic. A VPN makes it impossible for the tracking headers to be applied to your traffic as it encrypts all of your data and secures your information. Since, detection and deletion of super cookies is next to impossible, a VPN can be considered as an ultimate defender against them.
It must be noted that a super cookie should not be confused with regular cookies. Unlike regular cookies, super cookies are not stored on your browser. They gain access to your confidential information – making it accessible to the third parties. This information can be used by online surveillance agencies, advertisers and unauthorized personnel. They make your information susceptible to exploits and information leaks.
Super cookies are impossible to detect or locate as they do not affect your device’s performance. This makes it even more difficult to get rid of them. One way to secure your device from them is by visiting secure protocol websites only. Besides, VPN can also be considered a strong defender against super cookies as it facilitates you to surf the internet privately and anonymously. A VPN restricts your ISPs and websites from attaching unique identifier headers (UIDHs) to your traffic and encrypts your data – making it safe from the unwanted eyes and super cookie free.
If you would like to know about different types of browser cookies, read our previous article about it.