You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy
Found on The Register on Friday, 19 October 2018
The privacy risks associated with web tracking, however, persist, and now it appears there's yet another mechanism for following people online. Blame researchers from the University of Hamburg in Germany for the latest expansion of the privacy attack surface.
They note that Facebook and Google, due to their behavioral ad businesses, specify longer session resumption ticket lifetimes than most. Facebook's lifetime hint setting of 48 hours is higher than 99.99 per cent of all session ticket hints found. Google's 28 hour value exceeds 97.13 per cent of Alexa's top million websites.
Facebook and Google track you. Facebook in the most aggressive way. Clearly they have learned absolutely nothing from the privacy scandals they went through and just keep on doing business like before.