Re: Evercookie: Indestructible cookies

On Sep 25, 2010, at 16:55 , Bjoern Hoehrmann wrote:
> * Noah Mendelsohn wrote:
>>    Specifically, when creating a new cookie, it uses the
>>    following storage mechanisms when available:
>>     - Standard HTTP Cookies
>>     - Local Shared Objects (Flash Cookies)
>>     - Storing cookies in RGB values of auto-generated, force-cached
>>        PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>>     - Storing cookies in Web History (seriously. see FAQ)
>>     - HTML5 Session Storage
>>     - HTML5 Local Storage
>>     - HTML5 Global Storage
>>     - HTML5 Database Storage via SQLite"
> 
> Note that it primarily exploits various methods for data storage which
> are relative well known, but does not use much other information that
> browsers and popular plugins volunteer to web sites, which tend to be
> less well-known. The combination of fonts installed on my system for
> instance is almost certainly unique, and the list can be obtained using
> Flash, Silverlight, Java, and so on, and you can get reasonably close
> to obtaining it through probing well-known names through JavaScript.
> If it's not sufficiently unique, you can always exploit that I rarely
> clear the DNS caches between browser and tracking sites, or whatever
> else floats your boat.

Yup. For those who have yet to see it, it's worth taking a look at Panopticlick:

  https://panopticlick.eff.org/

-- 
Robin Berjon - http://berjon.com/

Received on Monday, 27 September 2010 14:41:30 UTC