What is cookiepro.com? Why does cookie-cdn.cookiepro.com execute a script on a visiting website?
The #1 Trusted Solution for Website Compliance
https://www.cookiepro.com/
So a compliance web service company.
According to their website it contains 31 Million+ Categorized Cookies with the ability to scan a website and easily generate a geotargeted cookie banner, preference center, and cookie policy. Meeting regulatory requirements like GDPR, CCPA, LGPD, ePrivacy, CNIL, ICO, SB-220 and PDPA.
How VPN service companies could use data selling, advertising and affiliate programs but infringing your privacy
— blog.windscribe.com/were-not-paying-for-1-25b4e55ca10f
In short, supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.
Flash storage
More than 50% of the sites in a scientific sample are using flash cookies to store information about the user. Some are using it to ‘respawn’ or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.
ETags
ETags are capable of unique tracking even where all cookies are blocked by the user. reference
HSTS flags
HTTP Strict Transport Security (HSTS) is a security standard that provides a mechanism for web sites to declare themselves accessible only via secure connections, and to tell web browsers where to go to get that secure version. Web browsers that honor the HSTS standard also prevent users from ignoring server certificate errors. reference
For what purpose (and privacy risk) is JavaScript from tiqcdn.com involved in a bank transaction?
While submitting a bank transaction a tracking pixel is placed. So a third party is involved with a financial transaction by consumers, is there a privacy risk?
Content from this third party domain is used. This online tracking is regulated by GDPR, by Consumer Rights Law and by Banking Law. A bank has the right to involve companies to supply services, e.g. mailing, customer service support, hire temporary staff or co-selling product and services.
Why has a bank opted for this solution instead of including the effect in their own JavaScript?
A Google engineer publicly disclosed a serious security vulnerability in Comodo Dragon after Comodo failed to respond to the issue within the 90 days Google provides software vendors. The advisory warns users who install Comodo Dragon that Dragon replaces their default browser, hijacks DNS settings, and disables the same-origin policy, which exposes users by allowing malicious websites to access private data.
Chirgwin, Richard (2 February 2016). “Google calls out Comodo’s Chromodo Chrome-knockoff as insecure crapware”. The Register. Retrieved 13 November 2018.
Comodo subsequently claimed the problems were fixed.
Comodo and its partners use cookies and Google Analytics. “Comodo may disclose data to its affiliates and business partners who have established similar privacy standards.”
Their privacy statement says that only in California is the IP address considered personal information.[21] Comodo creates log files which track users, identifiable by cookie or browser features (and IP address outside California): “Comodo uses log files comprising of non-personally identifiable information to … track movements throughout the site … and gather broad demographic information for aggregate use.”[21
Continue reading “Chrome without Chrome’s user tracking”
European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer …
No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs
Why Privacy Is the Most Important Concept of Our TimeWhy Privacy Is the Most Important Concept of Our Time
Nice essay on Privacy. Recommended reading.
Data has become a liability, especially as it’s expensive to store and you have to justify every single piece of data. Companies are tired of it, there are only a few companies that want to hold data. Other companies never wanted to be in the first place but they’re stuck with it.
Interesting view on companies other than the social media, AI and algorithm based companies. A professor gives his view on client data for companies.
Facebook has warned that it could be forced to pull out of the European market if European regulators push forward with limits on data sharing …
Facebook Warns Privacy Rules Could Force It to Exit European Market
Limit the geographical distribution of privacy sensitive personal data, could force Facebook to exit EU market. How does this underline Facebook intentions to not conform itself to strict General Data Protection Regulation aim: to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
“Google is proposing a new standard called WebBundles,” according to Brave’s senior privacy researcher. Brave is an alternate web browser, …
THE BLOB! – Google’s new threat to Internet privacy and security
Will this be the momentum for The Onion Route TOR networking?
Why internet cookies are almost never all right? 