W3C home > Mailing lists > Public > www-tag@w3.org > September 2010

Re: Evercookie: Indestructible cookies

From: Robin Berjon <robin@berjon.com>
Date: Mon, 27 Sep 2010 16:40:59 +0200
Cc: Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <BF8100C0-0133-4E46-B391-98049D557721@berjon.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
On Sep 25, 2010, at 16:55 , Bjoern Hoehrmann wrote:
> * Noah Mendelsohn wrote:
>>    Specifically, when creating a new cookie, it uses the
>>    following storage mechanisms when available:
>>     - Standard HTTP Cookies
>>     - Local Shared Objects (Flash Cookies)
>>     - Storing cookies in RGB values of auto-generated, force-cached
>>        PNGs using HTML5 Canvas tag to read pixels (cookies) back out
>>     - Storing cookies in Web History (seriously. see FAQ)
>>     - HTML5 Session Storage
>>     - HTML5 Local Storage
>>     - HTML5 Global Storage
>>     - HTML5 Database Storage via SQLite"
> 
> Note that it primarily exploits various methods for data storage which
> are relative well known, but does not use much other information that
> browsers and popular plugins volunteer to web sites, which tend to be
> less well-known. The combination of fonts installed on my system for
> instance is almost certainly unique, and the list can be obtained using
> Flash, Silverlight, Java, and so on, and you can get reasonably close
> to obtaining it through probing well-known names through JavaScript.
> If it's not sufficiently unique, you can always exploit that I rarely
> clear the DNS caches between browser and tracking sites, or whatever
> else floats your boat.

Yup. For those who have yet to see it, it's worth taking a look at Panopticlick:

  https://panopticlick.eff.org/

-- 
Robin Berjon - http://berjon.com/
Received on Monday, 27 September 2010 14:41:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:35 UTC