A Conversation With Jens Muller, CTO at Maxa Research
Thursday, June 10, 2010
Companies and online advertisers increasingly use both web browser and Flash cookies to track consumers' online usage and to collect personal information, often without notice and consent. Many consumers are unaware or unsure what to do about this.
I discussed this situation recently with Jens Muller, the Chief Technology Officer at Maxa Research. Maxa Research developed and offers the Maxa Cookie Manager software for consumers to manage, review, and delete the variety of cookie types that websites place on consumers' computers. Jens was gracious and answered all of my questions. Our discussion:
I've Been Mugged: Who is MAXA Research and what is your position/duties at MAXA?
Jens Muller: MAXA Research is an established (for 20 years) and innovative company for computer hardware, firmware, and software development. In the last years, our main focus lies in the areas of internet application development and security solutions. I am the CTO at MAXA and responsible for product development.
Mugged: For consumers that don't know, what are browser cookies and the dangers?
Muller: A browser cookie is a mechanism that allows a website to save information on the visitor's computer. This information is then automatically sent back to the original website when opening it the next time. This mechanism can be used for legitimate purposes, like keeping you logged in or retaining website specific settings (i.e., the chosen language). However, a website page can also assign a unique ID to a website visitor and save it in the cookie on their computer. This way, the website is able to recognize you over a long period of time, even years.
When large advertising networks use cookies, they can find out the user's interests and create a profile of the user's surfing habits. When this information is linked with information that can be obtained after logging into accounts, even more is shared with third parties. We call such cookies, which have no use for the user but are only good to track him, "web bugs."
Mugged: How are Flash cookies, "Super Cookies," and Silverlight cookies different?
Muller: Browser plug-ins additionally allow websites to store information on the user's PC, especially Adobe Flash. It is installed on virtually all computers and, for example, is used to display videos in the browser window. After ad companies found out that some users were deleting their standard browser cookies, they had the idea to also store the information in a Flash cookie. In case the browser cookie is deleted, they still are able to find out who the visitor is.
Flash cookies are widely unknown and difficult to delete or manage. Even worse, Flash cookies are browser independent (i.e., shared among all browsers on the user's computer). So, it does not help to use the Firefox browser to visit "privacy sensitive" websites and use the Internet Explorer browser to visit other websites. Flash cookies also stay active during a browser's "private browsing mode."
Our privacy test demonstrates this.
Mugged: When evaluating options to manage browser cookies, what should a consumer consider?
Muller: During the last few years, browser developers have added more options for cookie management. The amount of settings differs from browser to browser. Normal browser cookies can be adequately managed this way, with some manual action needed in every browser. Flash cookies cannot be managed this way and they remain active. Even the "Internet Security/Management" software products available
today cannot handle Super Cookies.
I've Been Mugged: What benefits does the MAXA Cookie Manager software provide?
Muller: MAXA Cookie Manager allows the automatic management of all kinds of cookies:
- Browser cookies of all popular browsers and browser independent cookies are both listed and evaluated.
- Cookies of sites the user wants to keep can be organized in a white list while undesired cookies can be blocked using the black list.
- Known web bugs are recognized and can be deleted automatically.
Our website features two introductory videos about the software: video #1 and video #2.
Mugged: Many consumers like integrated software. Why didn't MAXA offer its cookie management software integrated with anti-virus or web browser software?
Muller: First of all MAXA Cookie Manager is not directly integrated, (like an add-on) into a specific web browser as it must be able to manage all cookies produced by all of the browsers and browser plug-ins on a user's computer. You are right that cookie management can be seen as a sub-task for anti-virus software which is, however, widely neglected. While malware actively harms your computer by executing malicious code, cookies "only" spill information to third parties and therefore infringe upon your privacy without you noticing it.
We are a small and innovative company and have therefore decided to develop this product standalone, as we have no anti-virus product in our portfolio. However, we are always open to other AV and security companies that would like to OEM our code/product.
Mugged: MAXA Cookie Manager currently runs only on Windows ® computers. What about a version for Mac/Apple iPad users?
Muller: Browser independent cookies indeed are a privacy issue for Macs, too. MAXA Cookie Manager is tightly coupled to the operating system and cannot easily be ported to Mac OS. Furthermore, the browsers available for Mac OS are different ones. If we receive enough demand, we might consider developing a MAXA Cookie Manager version for Mac OS in the future.
Mugged: My anti-virus software updates itself about every other day because threats change quickly. What updates can users expect with MAXA Cookie Manager?
Muller: The definition base for the algorithms that evaluate the cookies and recognize web bugs are regularly updated. Furthermore, users can establish their whitelist in MAXA Cookie Manager either by selecting from a list of popular websites we provide and update, or by iteratively adding websites whose cookies they want to keep. Users have the ability to delete all other cookies or to delete only explicitly blacklisted cookies.
Again, it is important to remember that a website setting a cookie itself does in no way immediately "infect" your computer as a virus would do. When the cookie stays present for a longer period of time, the site or ad network can gain more and more information about the user. Also, please note that we do not have a subscription model like most anti-virus solutions. People who buy MAXA Cookie Manager can use it as long as they want in this version. Multiple updates with improvements are free and web bug definition updates stay free. Occasional upgrades which may introduce a new feature to the software can be obtained for a reduced price if wanted - but again - the user can keep using the version he purchased as long as desired.
Mugged: I installed the BetterPrivacy add-on with my Firefox web
browser to delete Flash cookies. Why should a consumer with this add-on also purchase the MAXA Cookie Manager Pro?
Muller: BetterPrivacy allows users to delete Flash cookies. In my opinion, it has a rudimentary whitelist, and it does not support the user's decision about which cookies to save or delete. MAXA Cookie Manager's evaluation feature helps users decide to delete or save a cookie. Also, a BetterPrivacy user would need to make the same settings for Firefox itself (in order to have the same rules to manage regular cookies) and possibly for other browsers he is using.
MAXA Cookie Manager's white and black lists affect all cookies of all technologies. MAXA Cookie Manager allows users to inspect the cookie's contents and to search for strings in cookies -- which BetterPrivacy does not offer. Finally, BetterPrivacy does not handle Silverlight cookies, which have the same power as Flash cookies, though Silverlight is installed on fewer machines than Flash.
Mugged: I visited one of the cookie software sites cookiecentral.com) to find your software. Where is it available for download/purchase, and why isn't it more widely available?
Muller: Good question. In my opinion, cookiecentral.com is trying to make money via website ads and software commission sales using its privileged domain name. Nevertheless we contacted
them in the past and did not get any answer.
UPDATE: I contacted again recently and got a positive answer to add our software soon to the list of cookie managers. Compared to other companies we are relatively small and do not have a huge marketing budget. We try to differentiate via innovative products with fast and individual customer support. Sometimes we have the impression that companies or large websites ignore us and do not want to cooperate as they themselves depend on cookies for user tracking and have no interest in the spread of (good) cookie managers.
Nonetheless, we are listed on many websites like:
- Bits du Jour (having had the 24-hour deal recently)
- Download.cnet.com
- Tips and Tricks For PC
- Softpedia.com
Try a Google search using "maxa cookie manager" and you will find us on many more websites.
Mugged: Download.cnet.com lists dozens of cookie manager software
products. Why should consumers use MAXA Cookie Manager?
Muller: I looked
at the list. First, the large majority of these products do not support Flash cookies. Then, look at the date they were added. It seems nearly all of the software listed here is really old (last release more than 4 years ago). Therefore they already cannot support Google Chrome, a new browser, and probably don't support newer versions of Firefox. Finally, the points I mentioned above about the BetterPrivacy comparison also apply.
Mugged: Some cookies are needed to log into my financial accounts
or similar websites. How can a consumer easily identify which (Flash and HTTP) cookies to keep versus delete?
Muller: The evaluation function in our MAXA Cookie Manager helps by highlighting the active cookies in different colors for: web bug / suspicious / unsuspicious / whitelisted. Furthermore, the whitelist wizard allows a user to add popular websites to the white list if he wants to keep the cookies. For the rest, most often, the domain name of the cookie will have something to do with the website whose service the user wants to use.
Mugged: While consumers can download your software at Download.cnet.com, the site's editors haven't reviewed it. When will a review appear here or elsewhere?
Muller: I had in mind that in the past there was a review, but even in the box "Previous versions" at the very bottom I could not find it any more when going back to all the previous versions. In order to re-schedule a review for download.cnet.com a major change in the software must be provided. So, we cannot trigger one immediately. However, lately we had a great response from the following Belgian CNet/ZDNet review (use an online translator if interested).
About a year ago, ZDNet.de listed MAXA Cookie Manager as its software pick of the week. We were reviewed in a couple of European print PC magazines, if interested I can supply more details. Also, we were mentioned in this EZine article about cookies.
Yet, the most relevant feedback we receive are comments from our existing customers in the product survey we send them after purchasing. These comments are visible at our website. Users often have good suggestions which we incorporate into new versions.
Mugged: What do you see in the future for cookie management
software?
Muller: We see that people are getting more and more privacy aware
lately, which is important as cookie use is spiraling out of control. While this increases the demand for cookie managing software, browsers supporting the new web standard HTML5 will, in the further future, definitely bring a change; and in my opinion render Flash useless. On the other hand, new plug-ins will emerge and with a tighter coupling of online and offline information, could make keeping one's privacy more and more difficult.
Hi George, and thank you Jens Muller for this thoughtful interview!
I think you hit it on the head when you said many sites may not want to help you deliver your merchandise at this point. When it becomes better known as an issue, they will be happier to stand with someone who offers the consumer control. But while they can be undercover, they'll do so, maximizing their use of such marketing tools...
Part of the current challenge for a user is understanding what the ramifications are of deleting flash cookies. I set my flash settings to deny 3rd party content, and then could not watch full screen video without the persistence of the "press esc to exit full screen mode" message. it will be difficult for the average user to enjoy their web experience if flash cookies are entwined at such a fundamental level.
Posted by: R. Michelle Green | Sunday, June 13, 2010 at 03:24 PM