Highly Persistent Browser Cookies

If you dislike having your Web browsing history tracked, you probably delete cookies and clear your browsers’ caches regularly. But Evercookie, written in Javascript, produces “extremely persistent cookies” that can identify a computer even after you’ve removed standard or Flash cookies, according to Threatpost (find.pcworld.com/70919).

Evercookie stores cookie data in your browser in several ways—HTTP, Flash, force-cached PNG images, various HTML5 storage systems, Web history, and SQLite. If Evercookie detects that you’ve been deleting your cookies, the program re-creates them.

According to Threatpost, Evercookie author samy Kamkar, who spawned a Myspace worm in 2005, created the deletion-resistant cookie to increase public awareness of privacy issues raised by tracking cookies—whether traditional HTML or Flash. The opensource code is available at Kamkar’s Website for free downloading.

One way around Evercookie’s persistence is safari’s Private Browsing feature, which blocks all of the cookie’s methods. Other browsers might stand up to evercookie’s methods of cookie resuscitation, as well; Kamkar has not performed exhaustive testing.

Be careful about which browsers you accept cookies from. Keep tabs, too, on the developing HTML5 standard, which some critics say emphasizes functionality at the expense of security.

No comments:

A big breakthrough: Cloud snapshots

The Microsoft HCS solution incorporates elements from backup, dedupe, and snapshot technologies to create a highly automated data protection...