Why Supercookies are not as Tasty as They Sound

Last Update: February 8, 2021 • Fraud • Identity Theft • Scams •

One mobile carrier in America now allows consumers to opt-out of being tracked by “supercookies,” which hackers can use to abuse consumers’ identities. A supercookie is actually a unique kind of browser cookie specially intended to be permanently stored on a consumer’s PC.

Companies and organizations use this type of technology to follow consumers’ activities online, but advertisers and others reportedly may also be able to access them for malicious reasons. Consumers who don’t opt-out could be at risk of having their mobile activities spied on, but opting out often requires following specific company guidelines.

Here’s how supercookies are used to track consumer behavior—and how you can be more aware of them.

Why are Supercookies not as Tasty as They Sound?

Supercookies explained.

Regular cookies are tiny pieces of data that websites store on your device’s hard drive to remember information about you. When a site automatically remembers your username without you typing it, for example, it’s because of a cookie. Advertisers and companies use cookies to deliver ads targeted to you, but the cookies are easily deleted from a site, removing potential privacy risks.

Supercookies are bigger, stronger versions of regular cookies that serve a similar purpose.

“The number one reason they have these supercookies is for advertising purposes,” says Alok Kapur, president, and chief operating officer at Private WiFi, a service that encrypts your activity on public Wi-Fi networks.

What Supercookies Track?

Large companies can use supercookies to track consumers’ behavior across multiple websites to target ads.

“The intent is to recognize you and establish a pattern where they can understand how to advertise to you,” says Kapur.

Supercookies allow companies to follow their mobile customers across devices. While the company never shared this data with third parties, outsiders still could access and abuse it.

If a hacker can see where you go online, what you are doing, and how much time you spend doing it, then the hacker could craft a more informed attack against you.

According to Kapur, if consumers do not take steps to protect their devices, supercookies could make them vulnerable to outsiders. “The minute you have information permanently available on a device and a person is not taking precautions. Your information is definitely up for being exposed,” he says.

New Breed of Super Cookie Defies Removal – Almost…

New research has shown that deleting cookies doesn’t always help. A new breed of supercookies can reconstruct all of your profile histories even after the cookie has been deleted.

So here is the simple scenario of why this matters to you: Your daughter is doing a high-school report for a business class on bankruptcy. In her research, she visits sites like creditrepair.com, poorcredithelp.net, wiki.answers.com/Q/How_do_you_repair_bad_credit, all while being tracked by small pieces of software (cookies and supercookies) that embed themselves on your computer. The software is probably developed by an internet software company like Epic Media Group and installed on the websites above. Let’s say you have set up your security software to delete cookies at the end of each browser session. Your daughter closes out of the session, deleting the cookies that have tracked her history on sites dealing with poor credit. The cookies are deleted.

But the supercookies remain so that when you log on to a credit card web site to apply for a new card, they know that you (actually, it wasn’t you) have been surfing on sites that indicate you might have bad credit. Instead of sending you to a signup page for a credit card with a 15% annual fee, they send you to a page offering a card with a 23% fee. The credit card company has paid for that profile information on you. And you will never know it, and you can’t easily delete it.

Protecting Yourself

Consumers who have no interest in targeted online ads may prefer to opt-out of this type of tracking. “It’s unrealistic to assume that you’re not going to be advertised against,” Kapur says.

Consumers who prefer not to opt-out can focus on improving their security in other ways.

“You can use steps and mechanisms to protect yourself against any information leakages on your devices,” Kapur says. This can include using antivirus programs, keeping your devices updated, and using a virtual private network (VPN), which conceals your mobile activities from outsiders.

To help protect your identity online, be sure to take precautions and stay informed of how your data are being used.