Re: Evercookie: Indestructible cookies

This is diabolical. It should be a wake-up call to us on Web privacy.

Considering that many of the options listed are ³part of HTML5,² Iım most
worried that HTML5 could become associated with a lack of privacy. If
anything, the reverse should be true: we (w3c & web standards community)
should work to ensure that the HTML5 ³brand² stands for _enhanced_ privacy.


On 22/09/2010 09:49, "Noah Mendelsohn" <> wrote:

> Following up on [1], I note this [2]:
> "    evercookie is a javascript API available that produces
>      extremely persistent cookies in a browser. Its goal
>      is to identify a client even after they've removed standard
>      cookies, Flash cookies (Local Shared Objects or LSOs), and
>      others.
>      evercookie accomplishes this by storing the cookie data in
>      several types of storage mechanisms that are available on
>      the local browser. Additionally, if evercookie has found the
>      user has removed any of the types of cookies in question, it
>      recreates them using each mechanism available.
>      Specifically, when creating a new cookie, it uses the
>      following storage mechanisms when available:
>       - Standard HTTP Cookies
>       - Local Shared Objects (Flash Cookies)
>       - Storing cookies in RGB values of auto-generated, force-cached
>          PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>       - Storing cookies in Web History (seriously. see FAQ)
>       - HTML5 Session Storage
>       - HTML5 Local Storage
>       - HTML5 Global Storage
>       - HTML5 Database Storage via SQLite"
> Noah
> [1]
> [2]

Received on Thursday, 23 September 2010 12:06:14 UTC