While the advertising industry pays lip service to demands that they do not use zombie cookies to track punters, a large number of popular sites have signed up to a service called Kissmetrics.
According to boffins at Berkeley, Kissmetrics is a tracking service that can’t be stopped even when users block cookies, turn off storage in Flash, or use browsers’ steath functions.
Kissmetrics is used by sites to track the number of visitors, what the visitors do on the site and where they have been. According to the Berkeley boffins it uses sneaky techniques to prevent users from opting out of being tracked.
It had been used by Hulu, but when Berkeley revealed the nature of the service, the outfit cut ties straight away. Spotify, another Kissmetrics customer named in the report, said that it was concerned and has suspended its use of the service.
Kissmetrics founder Hitten Shah told Wired that the research was correct, but there was nothing illegal about the techniques it was using.
Shah said that Kissmetrics is used by thousands of sites to track incoming users, and it does not sell or buy data about those visitors.
The Berkeley research team, which was headed by privacy lawyer Chris Hoofnagle, and included privacy researcher Ashkan Soltani, described the code as damning.
The code works even if you have all cookies blocked and private-browsing mode enabled. If a user deletes the cookies, the software resurrects them.
Kissmetrics used a number of methods to recreate cookies, and the persistent tracking can only be avoided by erasing the browser cache between visits.