Re: Evercookie: Indestructible cookies

This is diabolical. It should be a wake-up call to us on Web privacy.

Considering that many of the options listed are ³part of HTML5,² Iım most
worried that HTML5 could become associated with a lack of privacy. If
anything, the reverse should be true: we (w3c & web standards community)
should work to ensure that the HTML5 ³brand² stands for _enhanced_ privacy.

Dan

On 22/09/2010 09:49, "Noah Mendelsohn" <nrm@arcanedomain.com> wrote:

> Following up on [1], I note this [2]:
> 
> "    evercookie is a javascript API available that produces
>      extremely persistent cookies in a browser. Its goal
>      is to identify a client even after they've removed standard
>      cookies, Flash cookies (Local Shared Objects or LSOs), and
>      others.
> 
>      evercookie accomplishes this by storing the cookie data in
>      several types of storage mechanisms that are available on
>      the local browser. Additionally, if evercookie has found the
>      user has removed any of the types of cookies in question, it
>      recreates them using each mechanism available.
> 
>      Specifically, when creating a new cookie, it uses the
>      following storage mechanisms when available:
>       - Standard HTTP Cookies
>       - Local Shared Objects (Flash Cookies)
>       - Storing cookies in RGB values of auto-generated, force-cached
>          PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>       - Storing cookies in Web History (seriously. see FAQ)
>       - HTML5 Session Storage
>       - HTML5 Local Storage
>       - HTML5 Global Storage
>       - HTML5 Database Storage via SQLite"
> 
> Noah
> 
> 
> [1] http://lists.w3.org/Archives/Public/www-tag/2010Sep/0029.html
> [2] http://samy.pl/evercookie/
> 
> 

Received on Thursday, 23 September 2010 12:06:14 UTC