What is your internetcookies main hightlight of the 2010s decade? Feel free to comment! Is it the Facebook’s Cambridge Analytica scandal of March 2017? Becoming awareness of the impact of social media on daily live? Cookies will follow you every click on your digital journey also in the 2020s.
Apple and Cloudfare adopt in Safari a new feature to resolve the not encrypted solving of DNS to up-address translation.
Every time you enter a website address, this address must be translated for your device: translate to an up-address to browse to.
The new feature resolves this translation as ‘regular internet traffic’ decoupling the requester from the request. By unbundling, you can browse to a website without your Internet Service Provider, or Virtual Private Network provider knowing to which website you browse to, and also not the men in the middle.
In short, supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.
Flash storage More than 50% of the sites in a scientific sample are using flash cookies to store information about the user. Some are using it to ‘respawn’ or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.
ETags ETags are capable of unique tracking even where all cookies are blocked by the user. reference
HSTS flags HTTP Strict Transport Security (HSTS) is a security standard that provides a mechanism for web sites to declare themselves accessible only via secure connections, and to tell web browsers where to go to get that secure version. Web browsers that honor the HSTS standard also prevent users from ignoring server certificate errors. reference
While submitting a bank transaction a tracking pixel is placed. So a third party is involved with a financial transaction by consumers, is there a privacy risk?
Content from this third party domain is used. This online tracking is regulated by GDPR, by Consumer Rights Law and by Banking Law. A bank has the right to involve companies to supply services, e.g. mailing, customer service support, hire temporary staff or co-selling product and services.
informs users if a site’s certificate may be of insufficient strength
on-demand site inspector designed to determine if a site hosts malicious code.
Response Google engineer
A Google engineer publicly disclosed a serious security vulnerability in Comodo Dragon after Comodo failed to respond to the issue within the 90 days Google provides software vendors. The advisory warns users who install Comodo Dragon that Dragon replaces their default browser, hijacks DNS settings, and disables the same-origin policy, which exposes users by allowing malicious websites to access private data.
Comodo subsequently claimed the problems were fixed.
Their privacy statement says that only in California is the IP address considered personal information. Comodo creates log files which track users, identifiable by cookie or browser features (and IP address outside California): “Comodo uses log files comprising of non-personally identifiable information to … track movements throughout the site … and gather broad demographic information for aggregate use.”[21