Privacy vs. Security: Super Cookies in Mobile Browsing

by on Feb 10, 2016

mobile_privacyAs we constantly hover over mobile devices, we’ve become practically immune to the onslaught of advertisements that cloud our screens while we browse the internet. But take a second glance. The most prominent and unnerving ads are those that suspiciously highlight products and events that users have just recently searched for online – the tracking method behind these ads are known as super cookies. While it is no secret that our internet activity is stored and sold for advertising, it begs the question: what are the security implications of super cookies? Although previously used to track information while browsing on a desktop, super cookies have now entered the mobile space, making the choice between privacy and security a difficult one – if users are aware of the choice at all.

Super cookies serve the same function as regular cookies, which contain authentication details, ad-targeting data and browsing history; but super cookies, designed for permanent storage on users’ computers, are much harder to detect. Over the past few months, it has been made public knowledge that Verizon Wireless is tracking clients’ browsing history by inserting a permanent tracking code into their web traffic. Although users can now opt out of the controversial tracking, many clients are unaware that it even exists.


How Verizon Uses Super Cookies


While there are ways to delete super cookies from a desktop browser, not many mobile devices offer the ability to remove them. Mobile giant Apple is one of many phone providers susceptible to this tracking. Certain browsers are more vulnerable than others; for example, Internet Explorer does not support HSTS (HTTP Strict Transport Security), the feature that allows websites to track using super cookies. While Apple allows users to clear cookies on Firefox, Google Chrome or Opera, the capability is not available for Safari on iOS devices.

As a temporary solution to the problem, most browsers offer a privacy mode – a blank slate without the cookies that track browsing history – such as Google Chrome’s “incognito” and Firefox’s “private window.” But while users gain privacy by using this method of browsing, they are compromising their security. Any private browsing that does not carry over the tracking code loads an unencrypted page, making any account or card information susceptible to hacking as it is not protected against unauthorized access.

In the end, it comes down to awareness. Companies are constantly mining individuals’ browsing histories as a way to provide targeted and personalized advertisements that are more likely to result in a purchase. But when many individuals see promotions tailored to their interests, they rarely focus on how the advertisements are chosen or what information was extracted from their personal device. Even desktop and mobile applications that block ads are merely hiding the promotions; but user information continues to be tracked. Those aware of Verizon’s tracking methods overwhelmingly feel that the practice is misleading and unfair. Could this information be sold to private companies in the future to be used in harmful or intrusive ways? Are users at risk when opting to browse using a private window? It is up to users to educate themselves about the risks and rewards before finding out the answers to these questions the hard way.