W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Re: html5 local storage

From: Perez, Aram <aramp@qualcomm.com>
Date: Wed, 22 Sep 2010 10:24:48 -0700
To: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <C8BF89F0.12A86%aramp@qualcomm.com>
Hi Folks,

On 9/22/10 10:03 AM, David Singer  wrote:

> Ar article on whether local storage bypasses users' expectations about cookies
> 
> <http://www.macworld.com/article/154266/2010/09/html5_lawsuit.html?lsrc=rss_ma
> in>
> 
A scary tool that takes advantage of HTML5 and other mechanisms is
"evercookie". Here's its decription:

evercookie is a javascript API available that produces
    extremely persistent cookies in a browser. Its goal
    is to identify a client even after they've removed standard
    cookies, Flash cookies (Local Shared Objects or LSOs), and
    others.

    evercookie accomplishes this by storing the cookie data in
    several types of storage mechanisms that are available on
    the local browser. Additionally, if evercookie has found the
    user has removed any of the types of cookies in question, it
    recreates them using each mechanism available.

    Specifically, when creating a new cookie, it uses the
    following storage mechanisms when available:
     - Standard HTTP Cookies
     - Local Shared Objects (Flash Cookies)
     - Storing cookies in RGB values of auto-generated, force-cached
        PNGs using HTML5 Canvas tag to read pixels (cookies) back out
     - Storing cookies in Web History (seriously. see FAQ)
     - HTML5 Session Storage
     - HTML5 Local Storage
     - HTML5 Global Storage
     - HTML5 Database Storage via SQLite

<click-on-your-risk>http://samy.pl/evercookie/</click-on-your-own-risk>

Regards,
Aram
Received on Wednesday, 22 September 2010 17:25:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC