Update on the issue of ‘supercookies’ used on MSN

In response to recent attention on "supercookies" in the media, we wanted to share more detail on the immediate action we took to address this issue, as well as affirm our commitment to the privacy of our customers. According to researchers, including Jonathan Mayer at Stanford University, "supercookies" are capable of re-creating users' cookies or other identifiers after people deleted regular cookies. Mr. Mayer identified Microsoft as one among others that had this code, and when he brought his findings to our attention we promptly investigated. We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued.  We accelerated this process and quickly disabled this code. At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft. We are committed to providing choice when it comes to the collection and use of customer information, and we have no plans to develop or deploy any such "supercookie" mechanisms.

Microsoft has strong privacy standards that govern the development and deployment of our products and services. We work hard to build privacy into products, and we also engage with government, industry, academia and public interest groups to develop more effective privacy and data protection measures.

- Mike Hintze, Associate General Counsel, Regulatory Affairs, Microsoft

Comments (8)

  1. AnonyMouse says:

    "we have no plans to develop or deploy any such "supercookie" mechanisms."

    That's because you already did.

    I love it how companies get caught doing this redhanded and then spin it as "We are committed to providing choice when it comes to the collection and use of customer information".

    The doublespeak is palpable.

    Also, "when he brought his findings to our attention we promptly investigated". Really? A rogue employee implemented this functionality? How many people are being fired over this allegedly unsanctioned violation of users' privacy?

    What's even worse is that this is par for the course.

  2. Good job. says:

    Of course, Microsoft, like any reasonable company does the right thing when something is made known to them. Thanks MS!

    However, there's still the threat of Supercookies from "unknown" websites. There will always be companies that (oops) do this on purpose or simply by accident.

    So, I put together a video to show how IT Admins and Managers can stop Supercookies at the Enterprise level using Microsoft Group Policy. Here's the short video:


  3. So... says:

    To sum up this post:

    We're sorry we got caught. Won't happen again…until we get caught again.

  4. FW says:

    just looking at how ugly, hobbled and dated looking this site is conveys so much that could never be expressed in words. i must exit immediately.

  5. sdf says:

    reasonable company? are you kidding me? they do the bare minimum to protect them from fallout after their shady practises are exposed.

    this evil snooping has been going on for how long?

  6. A.e Mouse says:

    Under the data protection act all information must be made available to the individuals from whom it was collected.

    Who do I apply to?

  7. les folles says:

    couples cherche femmes ou transexules

  8. A.e Mouse says:

    Still no answer from MS or blog author.

    Who accepts data access requests at MS please?

    22 Aug 2011 1:50 AM my request was made in writing there is a time limit to respond.

Skip to main content