Talk:Zombie cookie
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||
|
Co-defendants
editThe sites mentioned "ESPN, Google, MTV, Hulu, ABC,MySpace, NBC, YouTube, Yahoo, and Scribd" are co-defendants in a now-dismissed lawsuit against Quantcast. None of the sites were even accused of using zombie cookies directly - they merely integrated with Quantcast, which was at one point using zombie cookies. Quantcast has long since stopped using Zombie cookies so the sentence as stated is entirely inaccurate.
- I've removed the mention of sites that use zombie cookies. This article suggest that it is not widespread http://www.informationweek.com/news/security/privacy/229200224?cid=RSSfeed_IWK_All . And looking though Google's privacy policy suggests that they do not do this. If someone wants to add the information back in it needs a citation. Lotu (talk) 19:30, 18 May 2011 (UTC)
Asked, in bad taste
editIs a zombie cookie tasty? --Bluejay Young (talk) 18:53, 31 July 2011 (UTC)
Blocking Zombie Cookies
editIs there any information available to add to the page about how to block zombie cookies? Are there any movements to find a way to block them? Let99 (talk) 05:56, 31 January 2013 (UTC)
I found this IT company blog post[1] that talks about zombie cookies and suggests some freeware called CCleaner to remove these third-party cookies. Not sure if this would be a valid source or not. LanceMillerADM (talk) 14:11, 27 June 2016 (UTC)
References
- ^ "Zombie Cookies: What They Are and How To Disable Them". eSOZO. Retrieved 27 June 2016.
Information in the article on the exact mechanisms that enable non-consensual cookies to be placed on a computer would be appreciated
editWhat are the mechanisms exactly that enable the placement of non-consensual cookies on a computer?
Is JavaScript required? In which case NoScript/ScriptSafe would neuter this mechanism, wouldn't it? (until you allow JavaScript for a specific site)
What other mechanisms are there and how can they be rendered ineffective?
uBlock Origin can block 3rd party requests/scripts/frames, which would stop many cookies/trackers getting onto the computer in the first place (until you allow a specific 3rd party element to unbreak a site), but what about the ones that get through because the uBlock Origin 3rd-party filters don't list a specific cookie/tracker? And what about non-HTTP 1st-party cookies/trackers? How are these 1st-party and 3rd-party cookies/trackers actually placed on the computer, what are the mechanisms at work?
According to the Wikipedia articles on zombie cookies and Evercookies, there are many places that cookies/trackers can be stored on a computer: web history, web cache, ETags, HTML5 storage (session, local, global, database via SQLite), tracking pixels, Flash cookies, Silverlight cookies, MUID cookies, TCP Fast Open, TLS's session ID, window.name caching.
The Evercookie article also states that the developer of Evercookies is looking to add the following features: (a) caching in HTTP Authentication, and (b) using Java to produce a unique key based on NIC information.
Once zombie cookies/supercookies/Evercookies are on your computer, how do you get rid of them all? Will CCleaner or BleachBit get all of them? After all, there are so many places where cookies/trackers can hide. And as the Wikipedia article for zombie cookies states: "If a user is not able to remove the cookie from every one of these data stores then the cookie will be recreated to all of these stores on the next visit to the site that uses that particular cookie."
This is an absolute nightmare for privacy online as websites track you without your consent all over the web.
I use Firefox with 3rd-party cookies blocked in the Preferences, and with the following add-ons: NoScript, uBlock Origin (set to block all 3rd-party requests/scripts/frames & with many 3rd-party ad/tracking/malware filters selected), Self-Destructing Cookies, HTTPS Everywhere, and Random Agent Spoofer (not so much for the user agent spoofing ability, but for its numerous other options such as spoofing If-None-Match ETags, spoofing Referer, protecting window.name, disabling canvas support, etc, etc). And even with all that protection, I know I'm still not blocking every cookie/tracker out there, because when I clear my browsing history in Firefox and then run BleachBit, it always finds data that Firefox was meant to have deleted.
I think it's high time that browsers blocked all non-consensual cookies/trackers and only permitted traditional 1st & 3rd-party HTTP cookies/trackers, which can be enabled/disabled in the Preferences and can be easily deleted. Of course, this is only part of the solution, as there are other ways to track users. See: http://cyberlaw.stanford.edu/blog/2011/08/tracking-trackers-microsoft-advertising — Preceding unsigned comment added by 2.25.65.31 (talk) 17:50, 2 August 2017 (UTC)