Browsing and privacy: How to not get tracked

If you're old enough to remember the Cold War, you know what an arms race is. One side comes up with a new weapon, the other side matches it, and then the first comes back with something even bigger and so on and so on. That also describes the ongoing battle between computer users who value their privacy and the Web sites and their advertisers that don't.

Every time browser developers and others come up with a defense against tracking -- the use of tiny bits of computer code that tells Web sites where you've been on the Internet -- the other side ups the ante with a new trick. And it's happening again.

A researcher at Stanford University recently found that Microsoft has been using an online tracking technology that allowed the company to sneakily track users on even though it had used some of the standard techniques developed to avoid tracking.

Another group of researchers found that other sites, including, employed super cookie techniques to track users for advertising purposes. They wrote: "We found two sites that were respawning cookies, including one site -- -- where both flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used Etags, and is capable of unique tracking even where all cookies are blocked by the user and 'private browsing mode' is enabled." (The authors are from The University of California at Berkeley, Worcester Polytechnic and the University of Wyoming. The emphasis is mine.)

Shortly after the report by Stanford's Jonathan Mayer surfaced last week, Microsoft announced that it would stop the use of the so-called super cookies on MSN. A few days after the UC Berkeley report was published, Hulu announced in a blog post: "Upon reading the research report, we acted immediately to investigate and address the issues identified. This included suspending our use of the services of the outside vendor mentioned in the study."

Hulu says that the super cookie technology was used by two of their outside vendors, an attempt, the report notes, by Hulu to absolve itself of responsibility. You can decide for yourself if you buy that. But more to the point, what can you do to defend yourself?

Some super cookies live in the cache, which is where the browser stores Web pages you've visited recently. By clearing the cache, you'll get rid of them. That works, but there are two caveats: Dumping the cache will slow down your browser. That's because cached Web sites load right away; without the cache the browser has to render them from scratch. And when you visit that site again, a new super cookie will glom on to your browser.

Clearing the cache is easy: In Firefox, go to "tools," then "clear recent history." In Internet Explorer 9, go to "tools" and "safety," then "delete browsing history." In Chrome, go to settings and then "under the hood." Then click "clear browsing data."

But remember. We're talking arms race here. The UC Berkeley report also talks about a nasty technique called "respawning," which means just what it sounds like: The cookie recreates itself. These are hard to defeat. One way is to block any caching at all, but as I mentioned, not having a cache will slow your browser down.

There are two Firefox add-ons that are probably helpful, but I haven't had a chance to try them yet. One is called SafeCache, which doesn't yet work with Firefox 6 and RequestPolicy, which does work with Firefox 6.

RequestPolicy blocks what are called "cross-site requests," which means that a site you're visiting requests data about a site you've visited in the past. That's important information for advertisers and for Web sites that want to know where people are coming from.

But you may think that's intrusive, which is why you may want to use RequestPolicy. (Note: This add-on is probably not suitable for you if you're not comfortable digging under the hood of a browser and making changes.) If other browsers have similar add-ons, I haven't heard of them.

Lastly, let's go over the basic defenses you can use against the most common and less sophisticated tracking techniques.

All of the major browsers have some built-in defenses. The first is called private browsing, which stops your browser from making note of where you've been in its history file. That's worth doing if you're visiting sites that you don't want other users of that computer to know you've visited. It's very easy to turn on private browsing; in Firefox for example, simply click the "Firefox" button and select private browsing. IE 9 has an option called "inPrivate" browsing you can find on the tools tab and Chrome has incognito mode.

But private browsing isn't necessarily all that private. In addition to the super cookie issue, some of the extensions you might add to those browsers can reduce their effectiveness. Still, it's certainly worth using private browsing modes if you're concerned about tracking. You can also check a box that says something like "tell Web sites I don't want to be tracked", and as you'd expect, some Web sites will honor that and others won't.

Finally, drill down. Each of the three major browsers has quite a few settings involving privacy, and it's worth a few extra clicks to check them out.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from on Twitter @CIOonline

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Microsoftsecurityinternetmozillaprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Shane O'Neill

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?