W3C home > Mailing lists > Public > www-tag@w3.org > September 2010

Evercookie: Indestructible cookies

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Wed, 22 Sep 2010 12:49:39 -0400
Message-ID: <4C9A33A3.5020606@arcanedomain.com>
To: "www-tag@w3.org" <www-tag@w3.org>, Ashok Malhotra <ashok.malhotra@oracle.com>
Following up on [1], I note this [2]:

"    evercookie is a javascript API available that produces
     extremely persistent cookies in a browser. Its goal
     is to identify a client even after they've removed standard
     cookies, Flash cookies (Local Shared Objects or LSOs), and
     others.

     evercookie accomplishes this by storing the cookie data in
     several types of storage mechanisms that are available on
     the local browser. Additionally, if evercookie has found the
     user has removed any of the types of cookies in question, it
     recreates them using each mechanism available.

     Specifically, when creating a new cookie, it uses the
     following storage mechanisms when available:
      - Standard HTTP Cookies
      - Local Shared Objects (Flash Cookies)
      - Storing cookies in RGB values of auto-generated, force-cached
         PNGs using HTML5 Canvas tag to read pixels (cookies) back out
      - Storing cookies in Web History (seriously. see FAQ)
      - HTML5 Session Storage
      - HTML5 Local Storage
      - HTML5 Global Storage
      - HTML5 Database Storage via SQLite"

Noah


[1] http://lists.w3.org/Archives/Public/www-tag/2010Sep/0029.html
[2] http://samy.pl/evercookie/
Received on Wednesday, 22 September 2010 16:50:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:25 GMT