Loading ...
Sorry, an error occurred while loading the content.

Re: [PanoToolsNG] Evercookies -- something I didn't know about that seems important to me...

Expand Messages
  • Eric O'Brien
    For even more, you might look at evercookie is a javascript API available that produces extremely persistent cookies in a
    Message 1 of 2 , Feb 18, 2011
    • 0 Attachment
      For even more, you might look at <http://samy.pl/evercookie/>

      "evercookie is a javascript API available that produces extremely
      persistent cookies in a browser. Its goal is to identify a client
      even after they've removed standard cookies, Flash cookies (Local
      Shared Objects or LSOs), and others. evercookie accomplishes this by
      storing the cookie data in several types of storage mechanisms that
      are available on the local browser. Additionally, if evercookie has
      found the user has removed any of the types of cookies in question, it
      recreates them using each mechanism available."

      I'm particularly impressed with "Storing cookies in RGB values of auto-
      generated, force-cached PNGs using HTML5 Canvas tag to read pixels
      (cookies) back out" (!) ... just in case you hadn't thought of
      (yikes!) THAT trick.


      On Feb 11, 2011, at 8:31 AM, Ken Warner wrote:

      > http://en.wikipedia.org/wiki/Evercookie
      > Evercookie is a JavaScript-based application which produces zombie
      > cookies in a web browser that are
      > intentionally difficult to delete.
      > A traditional HTTP cookie is a relatively small amount of textual
      > data that is stored by the user's
      > browser. Cookies can be used to save preferences and login session
      > information; however, they can
      > also be employed to track users for marketing purposes. Due to
      > concerns over privacy, all major
      > browsers include mechanisms for deleting and/or refusing to accept
      > cookies from websites.
      > The size restrictions, likelihood of eventual deletion, and simple
      > textual nature of traditional
      > cookies motivated Adobe Systems to add the Local Shared Object (LSO)
      > mechanism to the Adobe Flash
      > player. .[1] While Adobe has published a mechanism for deleting LSO
      > cookies (which can store 100KB
      > of data per website, by default),[2] it has met with some criticism
      > from security and privacy
      > experts.[3] In response to the relative difficulty of removing LSO
      > cookies, browser add-ons such as
      > Firefox's "Better Privacy" plugin have been developed.[4] As of
      > 2010-10-23, the "Better Privacy"
      > plugin has been downloaded roughly 3.5 million times.
      > Evercookie is not merely difficult to delete, it actively "resists"
      > deletion by redundantly copying
      > itself in different forms on the user's machine, and resurrecting
      > itself if it notices some of the
      > copies are missing or expired. As such, it serves to highlight the
      > ways in which creators of malware
      > can attack browsers.[5]
      > -------------
      > Firefox has a plugin that will remove evercookies -- *I had 11 of
      > them on my computer!!!*
      > https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/

      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.