‘Super cookies’ can track you even in private browsing mode, researcher says

If there’s one thing websites love to do it’s track their users. Now, it looks like some browsers can even be tracked when they’re in private or incognito mode. Sam Greenhalgh of U.K.-based RadicalResearch recently published a blog post with a proof-of-concept called “HSTS Super Cookies.” Greenhalgh shows how a crafty website could still track users online even if they’ve enabled a privacy-cloaking setting.

The key to the exploit is to use HTTP Strict Transport Security (HSTS) for something it wasn’t intended for. HSTS is a modern web feature that allows a website to tell a browser it should only connect to the site over an encrypted connection. 

To read this article in full or to leave a comment, please click here

Read more: ‘Super cookies’ can track you even in private browsing mode, researcher says

Story added 8. January 2015, content source with full text you can find at link above.