Archive for September, 2010

Looking into evercookie

September 23rd, 2010 by Sjan Evardsson

Things have been rather quiet around here lately as I have been busy with work and school. Something in my twitter stream yesterday caught my eye, though. It seems that Samy Kamkar has come up with a way to make a seriously persistent cookie. How does it work? By storing the cookie value in (currently) 10 different methods.

  • Standard HTTP Cookies
  • Local Shared Objects (Flash Cookies)
  • Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Storing cookies in and reading out Web History
  • Storing cookies in HTTP ETags
  • Internet Explorer userData storage
  • HTML5 Session Storage
  • HTML5 Local Storage
  • HTML5 Global Storage
  • HTML5 Database Storage via SQLite

It seems from the site that this is a project in current development with even more methods to come. Currently the only mitigation is using Safari in Privacy Mode which destroys all versions of the evercookie on browser restart. In the coming weeks I will have some time to spend on personal projects, and I may use some of that time to look into this further.