Supercookies are similar to the standard browser cookies most folks are familiar with, but are stored in different locations on a user’s machine, for example, in a file used by a plug-in (Flash is the most common). This makes them harder to find and delete, especially since a browser’s built-in cookie detection process won’t remove them either. Furthermore, some supercookies have additional capabilities, like regenerating regular cookies to prevent their removal by the user.
Verizon and AT&T have been quietly tracking the Internet activity of more than 100 million cellular customers with what critics have dubbed “supercookies” — markers so powerful that it’s difficult for even savvy users to escape them.
The technology has allowed the companies to monitor which sites their customers visit, cataloging their tastes and interests. Consumers cannot erase these supercookies or evade them by using browser settings, such as the “private” or “incognito” modes that are popular among users wary of corporate or government surveillance.
The Internet browsing history of more than 100 million Verizon and AT&T smartphone customers has been made trackable.
That's the upshot of the recent revelation that both companies have been running advertising programs that use "supercookies" that can't be evaded by any of the means available for ordinary cookies.
In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.