- From: Robin Berjon <robin@berjon.com>
- Date: Mon, 27 Sep 2010 16:40:59 +0200
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org" <www-tag@w3.org>
On Sep 25, 2010, at 16:55 , Bjoern Hoehrmann wrote: > * Noah Mendelsohn wrote: >> Specifically, when creating a new cookie, it uses the >> following storage mechanisms when available: >> - Standard HTTP Cookies >> - Local Shared Objects (Flash Cookies) >> - Storing cookies in RGB values of auto-generated, force-cached >> PNGs using HTML5 Canvas tag to read pixels (cookies) back out >> - Storing cookies in Web History (seriously. see FAQ) >> - HTML5 Session Storage >> - HTML5 Local Storage >> - HTML5 Global Storage >> - HTML5 Database Storage via SQLite" > > Note that it primarily exploits various methods for data storage which > are relative well known, but does not use much other information that > browsers and popular plugins volunteer to web sites, which tend to be > less well-known. The combination of fonts installed on my system for > instance is almost certainly unique, and the list can be obtained using > Flash, Silverlight, Java, and so on, and you can get reasonably close > to obtaining it through probing well-known names through JavaScript. > If it's not sufficiently unique, you can always exploit that I rarely > clear the DNS caches between browser and tracking sites, or whatever > else floats your boat. Yup. For those who have yet to see it, it's worth taking a look at Panopticlick: https://panopticlick.eff.org/ -- Robin Berjon - http://berjon.com/
Received on Monday, 27 September 2010 14:41:30 UTC