Stanford University researcher Jonathan Mayer discovered a super cookie in the employ of Microsoft on MSN.com. A cookie, as a moderately savvy Internet user would know, is a kind of tracking and logging tool — sometimes useful in storing data a user may not want to enter into forms for the rest of the portion of their lives involving forms, sometimes obnoxious in storing data that a user may not wanted stored — used primarily in web browsing. Dissimilar from the extremely super cookie pictured above, the super cookie in Microsoft’s employ is essentially a cookie that can ignore a web browser’s cookie management, thus avoiding extermination.
After Mayer exposed the super cookie, Microsoft associate general counsel Mike Hintze provided a less shady explanation as to why the tech giant might’ve been employing a fairly shady tracking device.
We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued.
Microsoft promptly disabled the code, which Mayer claims appeared on MSN.com, Live.com, and its Atlas third-party advertising networks, and would’ve caused cookies to regenerate themselves after a user had deleted them. Discussing the spread of the super cookie, Mayer said:
“It is difficult to estimate the number of users affected by Microsoft’s respawning without knowing more about traffic to Microsoft’s web properties and the conditions under which it would set an MUID [the identifier ID].”
Though we’ll probably never know how extensive of a reach Microsoft’s super cookie had, one can assume that, since it is Microsoft and some fairly prominent domains involved, the super cookie’s reach was something akin to a grizzled yoga instructor’s who may or may not have seen some things in his day. Yoga things.
Some probably-deserved harsh words from Mayer:
“One of the most prolific ad networks was using technologies that are widely frowned upon for circumventing user privacy choices.
At minimum this was a colossal privacy gaffe.”