Re: Evercookie: Indestructible cookies

* Noah Mendelsohn wrote:
>     Specifically, when creating a new cookie, it uses the
>     following storage mechanisms when available:
>      - Standard HTTP Cookies
>      - Local Shared Objects (Flash Cookies)
>      - Storing cookies in RGB values of auto-generated, force-cached
>         PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>      - Storing cookies in Web History (seriously. see FAQ)
>      - HTML5 Session Storage
>      - HTML5 Local Storage
>      - HTML5 Global Storage
>      - HTML5 Database Storage via SQLite"

Note that it primarily exploits various methods for data storage which
are relative well known, but does not use much other information that
browsers and popular plugins volunteer to web sites, which tend to be
less well-known. The combination of fonts installed on my system for
instance is almost certainly unique, and the list can be obtained using
Flash, Silverlight, Java, and so on, and you can get reasonably close
to obtaining it through probing well-known names through JavaScript.
If it's not sufficiently unique, you can always exploit that I rarely
clear the DNS caches between browser and tracking sites, or whatever
else floats your boat.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Saturday, 25 September 2010 15:02:42 UTC