- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Sat, 25 Sep 2010 16:55:21 +0200
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
* Noah Mendelsohn wrote: > Specifically, when creating a new cookie, it uses the > following storage mechanisms when available: > - Standard HTTP Cookies > - Local Shared Objects (Flash Cookies) > - Storing cookies in RGB values of auto-generated, force-cached > PNGs using HTML5 Canvas tag to read pixels (cookies) back out > - Storing cookies in Web History (seriously. see FAQ) > - HTML5 Session Storage > - HTML5 Local Storage > - HTML5 Global Storage > - HTML5 Database Storage via SQLite" Note that it primarily exploits various methods for data storage which are relative well known, but does not use much other information that browsers and popular plugins volunteer to web sites, which tend to be less well-known. The combination of fonts installed on my system for instance is almost certainly unique, and the list can be obtained using Flash, Silverlight, Java, and so on, and you can get reasonably close to obtaining it through probing well-known names through JavaScript. If it's not sufficiently unique, you can always exploit that I rarely clear the DNS caches between browser and tracking sites, or whatever else floats your boat. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Saturday, 25 September 2010 15:02:42 UTC