Oh crumbs! Cookies left unblocked by code errors, say academics

US— Thousands of websites may be dropping cookies on people’s computers against their wishes because of flaws in the codes web browsers like Internet Explorer use to assess site privacy policies, according to Carnegie Mellon researchers.

Academics at the Pennsylvania university uncovered the issue through analysis of Platform for Privacy Preferences (P3P) compact policies (CPs), which are a string of three- and four-character tokens that summarise a website’s privacy policy pertaining to cookies.

These CPs are used by web browsers to evaluate a website’s data collection practices and they allow, reject or modify cookies accordingly.

Errors in the CPs, however, can result in cookies remaining unblocked. Of 33,000 websites analysed by the Carnegie Mellon researchers 11,000 were found to contain flawed CPs – including 21 of the top 100 most-visited sites, as measured by Quantcast.

“We found thousands of sites using identical invalid CPs that had been recommended as workarounds for Internet Explorer cookie blocking,” the researchers said in a paper published last week.

“It appears that large numbers of websites that use CPs are misrepresenting their privacy practices, thus misleading users and rendering privacy protection tools ineffective.”

The allegations contained within the paper will further strengthen the cause of privacy advocates who are lobbying legislators to introduce online privacy legislation, arguing that self-regulation is not working to the advantage of consumers.

Last year academics at the University of California, Berkeley, drew attention to the practice known as ‘cookie respawning’, whereby data stored for use by Flash applications was also used to recreate cookies that had been deleted by users.

The work of the Berkeley researchers recently led to lawsuits being brought against a number of companies over their alleged use of respawning.

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments


Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts