W3C home > Mailing lists > Public > www-tag@w3.org > September 2010

Re: Evercookie: Indestructible cookies

From: Appelquist, Daniel, VF-Group <Daniel.Appelquist@vodafone.com>
Date: Thu, 23 Sep 2010 14:05:38 +0200
Message-ID: <C8BFFA85.14352%daniel.appelquist@vodafone.com>
To: "tag" <www-tag@w3.org>
Cc: "Oracle" <ashok.malhotra@oracle.com>, "Noah Mendelsohn" <nrm@arcanedomain.com>
This is diabolical. It should be a wake-up call to us on Web privacy.

Considering that many of the options listed are ³part of HTML5,² Iım most
worried that HTML5 could become associated with a lack of privacy. If
anything, the reverse should be true: we (w3c & web standards community)
should work to ensure that the HTML5 ³brand² stands for _enhanced_ privacy.


On 22/09/2010 09:49, "Noah Mendelsohn" <nrm@arcanedomain.com> wrote:

> Following up on [1], I note this [2]:
> "    evercookie is a javascript API available that produces
>      extremely persistent cookies in a browser. Its goal
>      is to identify a client even after they've removed standard
>      cookies, Flash cookies (Local Shared Objects or LSOs), and
>      others.
>      evercookie accomplishes this by storing the cookie data in
>      several types of storage mechanisms that are available on
>      the local browser. Additionally, if evercookie has found the
>      user has removed any of the types of cookies in question, it
>      recreates them using each mechanism available.
>      Specifically, when creating a new cookie, it uses the
>      following storage mechanisms when available:
>       - Standard HTTP Cookies
>       - Local Shared Objects (Flash Cookies)
>       - Storing cookies in RGB values of auto-generated, force-cached
>          PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>       - Storing cookies in Web History (seriously. see FAQ)
>       - HTML5 Session Storage
>       - HTML5 Local Storage
>       - HTML5 Global Storage
>       - HTML5 Database Storage via SQLite"
> Noah
> [1] http://lists.w3.org/Archives/Public/www-tag/2010Sep/0029.html
> [2] http://samy.pl/evercookie/

Received on Thursday, 23 September 2010 12:06:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:35 UTC