what a great idea
1/2 cookie, 1/2 rootkit :-D
bastards
Privacy activists got hot under the collar about the use of flash cookies to respawn traditional website cookies* but an even more persistent type of cookie that's almost impossible to kill off may lie just around the corner. So-called in invulnerable evercookies use eight different techniques and locations to hide on tagged …
As far as Firefox tells me every cookie and cached object is removed when I close Firefox (Including Flash cookies but only with an add-on).
So: are Mozilla lying to me, will this not work on my machine, or do I have to wait for a Firefox "Special HTML5 new persistent data" edition?
This has been around for years. In Linux, one straightforward solution is to create a small temporary filesystem for flash related storage, the contents of which won't survive a re-boot.
Some good solutions (including the above) are explained in this thread:
http://forums.fedoraforum.org/showthread.php?t=232855
I've done some experiments, at a root bash prompt, setting file permissions on "settings.sol" (the Flash "master cookie").
When I run Flash as a normal user, the Flash changes the file permissions back to what it wants them to be. It appears Flash is somehow gaining root privileges (or convincing a root-privileges program to do the dirty work on Flash's behalf). This is unsettling from a security perspective.
I have more VMs to build and more experiments to do... :-(
How likely is this to affect a user who usually only goes to specific sites (BBC, Amazon, here) and blocks third-party sites by default?
Surely this sort of nonsense is the playground of ad-trackers and dodgy sites? Is it worth the risk of exposure for a more serious site? Just... to track which user is which? Seems like a hell of a bother for little in return.
You might be interested in this article:
http://www.theregister.co.uk/2009/02/06/bbc_omniture/
Then there's the facebook button that the BBC were using for a time that included all sorts of facebook scripts.
Just because it's an institution that you think you can trust doesn't guarantee that they will act in a trustworthy way.
There simply are too many sites that won't work without it. If you really feel that blocking untrusted Javascript will help, then use the Firefox NoScript plugin. You'll then get to decide which site's Javascript you really want to run by denying access to the rest. But if you visit more than a few sites you'll then have many decisions to make. I tried this, got fed up and found that most of the really bad and unwelcome stuff seems to be blocked by Adblocker plus which takes a few moments to setup and then just does its job.
To company responsible for placing a cookie on my PC that reconstructs itself in multiple locations following an attempted deletion.
This constitutes an abuse of my computer equipment.
You are using my disk space and my processor time.
Please find attached an invoice to cover the disk and processor usage.
Plus my time billed in 30 minute intervals while I remove it from my computer.
{Paris - because she doesn't eat cookies}
"Does this work when I erase my session on exit?"
Well, if you clear your cache as well. The method of storing some image and checking RGB value is particularly nasty (I'm not sure if it's truly HTML5 specific, I think current HTML and Javascript could do this). But if the cache was cleared there'd be no cached image to check the RGB value of.
Really, though, would anyone REALLY go to this much trouble to circumvent people's wishes regarding cookies? They'll get caught for sure, and it'll be ugly for them.
a browser that does not write anything to a physical harddisk but uses a ramdrive ? ( remember ramdrives under dos ? )
Wwhen the browsing session ends : unmount the ramdrive. Game Over.
it should be easy to create a ramdrive under windows and move the temporary file folder to that volume.
This post has been deleted by its author
A cursory examination of the code seems to indicate that disabling many (almost all?) of the browser features that Evercookie uses to store its persistent data would have the side-effect of breaking basic interfaces that would be necessary for the proper functioning of most modern web sites (especially AJAX/Web2.0 pages).
The use of CSS to embed the cookie into your history cache (line 580 and sundry, evercookie.js) -- if I'm interpreting things correctly -- is both ingenious and disturbing. Storing your browser history as data linked to a custom CSS attribute (line 785 and there-abouts, evercookie.js) is just as twisted.
Looks like the dev's got all the bases covered.
No doubt about it, this code is EVIL.
Big Brother, indeed...
1) Mods - any reason why my last few posts on various topics haven't been posted?
2) The original post :
Sandboxie prevents this - it logs all files written to, and removes them on emptying the sandbox after the browser closes. This will also highlight which files are changed/written, and thus enable removal (albeit the cache images may be hard to individually go after)
A combination of FlashBlock and perhaps RequestPolicy, combined with caching set to 0 and a block on the ever cookie creator domain results in no ever cookies being successfully set on FF 3.6.10 on RHEL 5.4 I assume the same is the case for FF on any OS.
If I don't block the domain cookie creation then just a standard cookie is created.
So you have a /home/<user>/bin/<browser> that contains a script to delete /home/<user2> then copy /etc/skel to /home/<user2> and then su - <user2>; run <browser> and then at the end of the script rm -r /home/<user2>.
Nothing gets by that unless it can root your box. If that happens you have more problems than just cookies ...
because I have several weapons to respond :
- Running the browser from a virtual machine that can be roll-backed
- Running the browser from a LiveCD
- good old text browser (yep, I'm old enough to know about its existence !)
So let them come with their cookies, I'm fully prepared.
I am using firefox on a Ubuntu Linux machine. No mods whatsoever. No Flash.
I go to
http://samy.pl/evercookie/
and let him set his cookie. Then I close his page, hit CTRL-SHIFT-DEL and go again to
http://samy.pl/evercookie/
No cookie there whatsoever. Which is totally reasonable, as I configured FF to really delete all the crap - cookies, history, cache. Only my bookmarks survive.
No, Mr Smartguy, try to hack up something better, like
-sucking my Bookmarks (is it possible at all ?)
-fingerprinting by all means possible, including the IP address, DNS name and all the crap transmitted in the browser capability string.
FAIL.
One way to re-assign cookies is to use the browser capability string ("user-agent string") as a fingerprint. Here's a FF plugin to make your browser look a bit different (say like the Baidu search engine):
http://chrispederick.com/work/user-agent-switcher/
If you need capability strings, use these:
cat /var/log/apache2/access.log|cut -d " " -f12,13,14,15,16,17,18,19,20,21,22,23,24,25,26|sort|uniq
"-"
"-" "-"
"Baiduspider+(+http://www.baidu.com/search/spider.htm)"
"Baiduspider-image+(+http://www.baidu.com/search/spider.htm)"
"Googlebot-Image/1.0"
"Huaweisymantecspider (compatible; MSIE 8.0; DSE-support@huaweisymantec.com)"
"Morfeus Fucking Scanner"
"Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)"
"Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; Creative)"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET
"Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"
"Mozilla/5.0 (compatible; YandexBot/3.0; MirrorDetector; +http://yandex.com/bots)"
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10"
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en_US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100908 Firefox/3.6.9"
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"
"msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
"Wget/1.9+cvs-stable (Red Hat modified)"
And if you really want to be untraceable, use The Onion Router (http://www.torproject.org/). The bastards will soon use all the entropy they can harvest out of DSL addresses. They often come from a very small pool.