IT Security: Microsoft ceases use of "supercookies."

The code used the an identifier generated by user's PCs to provide unique reference for the user, then tracked the user across half-a-dozen sites with reference to that number.

When Jonathan Maye, a student at Stanford University found it and reported it, Microsoft was defensive.

A statement issued 18 August, issued via a blog post not through the press release route, says "According to researchers, including Jonathan Mayer at Stanford University, "supercookies" are capable of re-creating users' cookies or other identifiers after people deleted regular cookies. Mr. Mayer identified Microsoft as one among others that had this code, and when he brought his findings to our attention we promptly investigated. We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued. We accelerated this process and quickly disabled this code."

The statement, by Mike Hintze, a Microsoft lawyer, says "At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft."

But that is hardly the point: the code, a short piece of javascript, is said to reside in one of two files set by the MS sites. If the cookie is deleted, then the javascript, which is put into the browser's cache directory recreates it, defeating the intention of users to prevent being tracked.

The UK is putting in place new laws relating to the use of cookies and increasingly such tactics will be viewed with some dismay.