- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Sat, 25 Sep 2010 11:03:33 -0400
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: "www-tag@w3.org" <www-tag@w3.org>
Maybe the "private browsing" modes of user agents should address some of these, e.g. by clearing DNS caches, or perhaps selectively obscuring the availability certain fonts, etc. Yes, it's an arms race, but that seems to be a business that "private browsing" is already in? Noah On 9/25/2010 10:55 AM, Bjoern Hoehrmann wrote: > * Noah Mendelsohn wrote: >> Specifically, when creating a new cookie, it uses the >> following storage mechanisms when available: >> - Standard HTTP Cookies >> - Local Shared Objects (Flash Cookies) >> - Storing cookies in RGB values of auto-generated, force-cached >> PNGs using HTML5 Canvas tag to read pixels (cookies) back out >> - Storing cookies in Web History (seriously. see FAQ) >> - HTML5 Session Storage >> - HTML5 Local Storage >> - HTML5 Global Storage >> - HTML5 Database Storage via SQLite" > > Note that it primarily exploits various methods for data storage which > are relative well known, but does not use much other information that > browsers and popular plugins volunteer to web sites, which tend to be > less well-known. The combination of fonts installed on my system for > instance is almost certainly unique, and the list can be obtained using > Flash, Silverlight, Java, and so on, and you can get reasonably close > to obtaining it through probing well-known names through JavaScript. > If it's not sufficiently unique, you can always exploit that I rarely > clear the DNS caches between browser and tracking sites, or whatever > else floats your boat.
Received on Saturday, 25 September 2010 15:04:30 UTC