Things have been rather quiet around here lately as I have been busy with work and school. Something in my twitter stream yesterday caught my eye, though. It seems that Samy Kamkar has come up with a way to make a seriously persistent cookie. How does it work? By storing the cookie value in (currently) 10 different methods.
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in and reading out Web History
- Storing cookies in HTTP ETags
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
It seems from the site that this is a project in current development with even more methods to come. Currently the only mitigation is using Safari in Privacy Mode which destroys all versions of the evercookie on browser restart. In the coming weeks I will have some time to spend on personal projects, and I may use some of that time to look into this further.
Hey – I saw this – and I was pretty excited. I love watching when someone finally puts all the pieces together. That was like my javascript ‘security’ tools that I combined (look ma! – port scanning in JS!) – and the CSS:visited history hack :) This looks even better. Keep an eye on it.