One of my colleagues just sent this out – it’s truly amazing [1].
Check out the Web History link that uses a CSS trick to reveal your history (all on the latest FF).
From the author himself [2]:
evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Storing cookies in RGB values of auto-generated, force-cached
PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in and reading out Web History
- Storing cookies in HTTP ETags
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
Art is definitely in the eyes of the beholder!
This is a case of layering several techniques (some known, others new) to create an approach that requires some serious thought to defeat. Much like the MS vulnerability disclosed this week, I think this is more about bringing information to light to promote discussion and progress. As one comment put it, “the bad guys don’t make open source announcements, they keep the code to themselves.”)
[1] - Researcher Claims 'Evercookie' Can't Be Removed
http://threatpost.com/en_us/blogs/frankencookie-developer-builds-bulletproof-web-tracking-tool-092210
[2] - Evercookie -- never forget.
http://samy.pl/evercookie/
[3] - Evercookie: A cookie that undeletes itself from 8 different storages
http://news.ycombinator.com/item?id=1714446
14 comments:
You have a great weblog and I like your style of writing about this stuff. Keep up the good work!
Really informative things are provided here, I really happy to read this post.
http://www.dznets.com/lifestyle/travel/213-shaolin-temple.html?hitcount=0#frmCommentPost
The blog post How to Remove the Evercookie? was very interesting! Lot of interesting knowledge which can be supportive in some or the other way,
You made a great point in this post. I just spent some time reading all your posts and I must say you are a genius who always throws out smart opinions. Now you have me as your loyal reader. Keep writing great posts. I am looking forward to them.thank you.
I hope you will continue your same best work and we will get more informative post which can helpful to us. Thanks for this
I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles.Keep up the good work!
This article is trully well-written.There are a lot of interesting things to take into consideration. well done!
I will recommend my friends to read this. I will bookmark your blog and have my children check up here often
I will recommend my friends to read this. I will bookmark your blog and have my children check up here often
Many thanks for such a write-up. I undoubtedly cherished reading it and talk about this it to my friends.
This article is trully well-written.There are a lot of interesting things to take into consideration. well done!
I've always been awed by guys like you. This is not an ordinary talent and only a few may possess. Sharing it through this blog makes you guys outstanding.
You're truly well-informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you've got here.
Post a Comment