Wednesday, August 24, 2011

Stanford Researcher Identifies Microsoft's Use of Persistent or "Super" Cookies

This comes on  the heels of a similar report/finding by a UC Berkeley study, concerning Hulu and which I blogged about at an earlier date. Here, Microsoft, on its MSN.com and other sites, utilized so-called "Super" Cookies to continue tracking web users web viewing activities, even when those very users took the affirmative step to "disable" cookies in their browser settings. Based on this article from Computer World, Microsoft did not deny any of this and immediately stopped the activity.

http://www.computerworld.com/s/article/9219312/Microsoft_disables_supercookies_used_on_MSN.com_visitors

A few thoughts:

1. Is this an issue of Microsoft, channeling the Captain Renault character from the movie Casablanca (Claude Rains) being "shocked, shocked that cookies have been persistent on the MSN site?


2. The privacy statement/privacy policy on the MSN.com site takes you straight to the Microsoft corporate website policy http://privacy.microsoft.com/en-us/fullnotice.mspx#EBCAC.  In relevant parts, here is what it says about the ability of users to disable cookies:


"You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer...(emphasis added)
If you choose to accept cookies, you also have the ability to later delete cookies that you have accepted. In Internet Explorer 8, you can delete cookies by selecting “Tools”, “Delete browsing history”. Then select the control box “Cookies" and click the “Delete” button. If you choose to delete cookies, any settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated."
3.  Based on the foregoing language, isn't Microsoft violating its own privacy policy? Haven't they mislead consumers?  While the damages analysis is always difficult in cases like this, can a class action suit be far behind? What about an FTC Section 5 action?
4. Ironically, Microsoft prominently displays that it is certified as by Truste, as being compliant with its own privacy policies and statements. Does this give rise to a set of independent claims?

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by Blogger