Talk:Zombie cookie

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Networking / Websites Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by Networking task force (assessed as Low-importance). This article is supported by WikiProject Websites (assessed as Low-importance). This article is supported by WikiProject Computer Security (assessed as Mid-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Internet Low‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles Low This article has been rated as Low-importance on the project's importance scale.

The sites mentioned "ESPN, Google, MTV, Hulu, ABC,MySpace, NBC, YouTube, Yahoo, and Scribd" are co-defendants in a now-dismissed lawsuit against Quantcast. None of the sites were even accused of using zombie cookies directly - they merely integrated with Quantcast, which was at one point using zombie cookies. Quantcast has long since stopped using Zombie cookies so the sentence as stated is entirely inaccurate.

I've removed the mention of sites that use zombie cookies. This article suggest that it is not widespread http://www.informationweek.com/news/security/privacy/229200224?cid=RSSfeed_IWK_All . And looking though Google's privacy policy suggests that they do not do this. If someone wants to add the information back in it needs a citation. Lotu (talk) 19:30, 18 May 2011 (UTC)[reply]

Is a zombie cookie tasty? --Bluejay Young (talk) 18:53, 31 July 2011 (UTC)[reply]

Is there any information available to add to the page about how to block zombie cookies? Are there any movements to find a way to block them? Let99 (talk) 05:56, 31 January 2013 (UTC)[reply]

I found this IT company blog post^[1] that talks about zombie cookies and suggests some freeware called CCleaner to remove these third-party cookies. Not sure if this would be a valid source or not. LanceMillerADM (talk) 14:11, 27 June 2016 (UTC)[reply]

What are the mechanisms exactly that enable the placement of non-consensual cookies on a computer?

Is JavaScript required? In which case NoScript/ScriptSafe would neuter this mechanism, wouldn't it? (until you allow JavaScript for a specific site)

What other mechanisms are there and how can they be rendered ineffective?

uBlock Origin can block 3rd party requests/scripts/frames, which would stop many cookies/trackers getting onto the computer in the first place (until you allow a specific 3rd party element to unbreak a site), but what about the ones that get through because the uBlock Origin 3rd-party filters don't list a specific cookie/tracker? And what about non-HTTP 1st-party cookies/trackers? How are these 1st-party and 3rd-party cookies/trackers actually placed on the computer, what are the mechanisms at work?

According to the Wikipedia articles on zombie cookies and Evercookies, there are many places that cookies/trackers can be stored on a computer: web history, web cache, ETags, HTML5 storage (session, local, global, database via SQLite), tracking pixels, Flash cookies, Silverlight cookies, MUID cookies, TCP Fast Open, TLS's session ID, window.name caching.

The Evercookie article also states that the developer of Evercookies is looking to add the following features: (a) caching in HTTP Authentication, and (b) using Java to produce a unique key based on NIC information.

Once zombie cookies/supercookies/Evercookies are on your computer, how do you get rid of them all? Will CCleaner or BleachBit get all of them? After all, there are so many places where cookies/trackers can hide. And as the Wikipedia article for zombie cookies states: "If a user is not able to remove the cookie from every one of these data stores then the cookie will be recreated to all of these stores on the next visit to the site that uses that particular cookie."

This is an absolute nightmare for privacy online as websites track you without your consent all over the web.

I use Firefox with 3rd-party cookies blocked in the Preferences, and with the following add-ons: NoScript, uBlock Origin (set to block all 3rd-party requests/scripts/frames & with many 3rd-party ad/tracking/malware filters selected), Self-Destructing Cookies, HTTPS Everywhere, and Random Agent Spoofer (not so much for the user agent spoofing ability, but for its numerous other options such as spoofing If-None-Match ETags, spoofing Referer, protecting window.name, disabling canvas support, etc, etc). And even with all that protection, I know I'm still not blocking every cookie/tracker out there, because when I clear my browsing history in Firefox and then run BleachBit, it always finds data that Firefox was meant to have deleted.

I think it's high time that browsers blocked all non-consensual cookies/trackers and only permitted traditional 1st & 3rd-party HTTP cookies/trackers, which can be enabled/disabled in the Preferences and can be easily deleted. Of course, this is only part of the solution, as there are other ways to track users. See: http://cyberlaw.stanford.edu/blog/2011/08/tracking-trackers-microsoft-advertising — Preceding unsigned comment added by 2.25.65.31 (talk) 17:50, 2 August 2017 (UTC)[reply]