Evercookies: extremely persistent browser cookies

For discussions about security.
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Evercookies: extremely persistent browser cookies

#1 Post by Flash »

http://www.schneier.com/blog/archives/2 ... okies.html
Evercookies

Extremely persistent browser cookies
:
WARNING -- When you visit this site, it stores an evercookie on your machine.

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Specifically, when creating a new cookie, it uses the following storage mechanisms when available:

* Standard HTTP Cookies
* Local Shared Objects (Flash Cookies)
* Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
* Storing cookies in Web History (seriously. see FAQ)
* HTML5 Session Storage
* HTML5 Local Storage
* HTML5 Global Storage
* HTML5 Database Storage via SQLite

And the arms race continues....
The safest way I know to check out the website linked to at the top of the quote would be to boot Puppy from a live CD with the puppy pfix=ram boot option. Alternatively, boot from a multisession DVD and don't save to it when you shut down.

User avatar
rian
Posts: 63
Joined: Mon 04 Oct 2010, 03:08

#2 Post by rian »

Well... I hope Mozilla is on this... a new browser option under the cookie section to prevent "evercookies" from being set... Until everyone starts using them (Hulu, YouTube, Google et al) and we can't get sites to run without allowing them...! Then there'll have to be a cleaner to wipe them... they're starting to sound like viruses and rootkits!

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

Noscript

#3 Post by drongo »

I presume something like Noscript kills this stone dead?

Two problems with that. When you whitelist or allow a site in Noscript how do you know it won't have evercookies?

When I try and add Noscript to Seamonkey in fairly recent Puppies it doesn't work. (Does anyone know which version of Noscript works with 1.1.18 SM?)

Presumably a script could be written in Linux to look at creation times and dates after you close a browser and just delete anything stored in those various locations?

Or maybe you could mount a virtual filesystem at the start of a browsing session and delete it when you have finished? You'd have to put all the cookies and URLs you wanted to keep somewhere else though.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#4 Post by nooby »

In another thread I tried to remember a program that was supposed to delete almost anything. I failed to remember it then but it could be a windows version of CClean or CCleaner? Something like that.

Maybe that one has updatd to clean out such evercookies?

I only wild guess?

But it seems to be an arms race indeed. We will have to accept them or else they block us from looking at the page.

Wow we have to talk to politicians that there should be laws and filter for such cookies set up on every ISP in a country or that ISP would loose license to have internet access.

We have to go together in strong consumer organizations and fight back this total control society we are heading into.

I get angry. Why should one need to be an expert to protect against such nasty things they set up?

The developers doing it should be fined a huge sum for accepting to create such code. .
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Terryphi
Posts: 761
Joined: Wed 02 Jul 2008, 09:32
Location: West Wales, Britain.

#5 Post by Terryphi »

Someone posted a comment to this article in The Register
http://forums.theregister.co.uk/forum/1 ... ercookies/ and claimed that evercookies do not work when Opera is used in privacy mode.

dogle
Posts: 409
Joined: Thu 11 Oct 2007, 12:41

#6 Post by dogle »

Thanks, Terryphi.

Hmm, addressing the lawyers (bar room or otherwise) in our happy band, what criminal charges might you or I face if we sought to interfere with someone else's computer without their consent (or even knowledge)?

Minor Pentagon-hackers appear to get crucified, even outwith the USA.

Wherever you are, what is your own state's legal position on interfering with someone else's kit? I could go to jail if I sought covertly to tweak your box - does BigBiz get away with this somehow?

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#7 Post by jpeps »

I noticed that Firefox is using sqlite now to store cookies, which can get added to a clean-up script. It's also being used for history.

/root/.mozilla/firefox/wsscx6ug.default/cookies.sqlite
/root/.mozilla/firefox/wsscx6ug.default/cookies.sqlite-journal


To see what gets changed, touch /tmp/mark before loading browser, and then:

Code: Select all

#!/bin/sh
find /root/.mozilla -newer /tmp/mark -not -type d > /tmp/list  
cat /tmp/list
Note: Some of the changed files are necessary for add-ons, etc, so be sure to back them up before deleting. No problem with the cookie files, though.

Bruce B

#8 Post by Bruce B »

I appreciate Flash posting this information.

A cookie is a tracking device and is of little value to the stalker who designed it if it doesn't
last long.

For example; if someone installed a GPS tracking device on your car and you removed it
two miles later, it had little value to the tracker. Moreover once removed it has zero value to
the tracker.

Prior to my learning about this wicked cookie I have been practicing 'good house keeping'
regarding my browser. Specifically, the following is how I run the browser clean.

By way of script
  • delete the flash information
    delete all browser .sqlite files
    delete all browser cache
I do this a few times a day on a 'hard day browsing'

Also, every couple weeks I delete the mozilla profile and built it from scratch. This might
seem a lot of work, but once a system is developed, it only takes a few minutes.

The article Flash linked to doesn't say how to remove the evercookies, but the house
keeping advice posted would delete them, along with web bugs, super cookies and
whatever.

~~~~~~~~~~~~~~~~~~~~~

Note: If the user wants to keep some specific cookies, there are a variety of ways of doing
this and still keep things clean.

~~~~~~~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#9 Post by nooby »

Thanks Bruce that is good to know.

And I sure trust you guys are that "savvy" to be able to set it up.

and maybe all newbies except me can follow the instruction but I feel very unsure if I am able to.

so I would appreciate if many of us try these advices out and tell as much as possible what puppy we tried it on.
If we have the browser outside of the pupsave or not?

Which script we used and step for step how one set it up.

And to end it all.

I heard about FaceBook that they kind of have build a database with "contacts" of all their users.

So even if you and me are serious about our email addresses and so on. Facebook know our email addresses telephone numbers maybe even if we never have been on facebook through our friends and relative sharing their contact lists with facebook who share it with their partners.

So these evercookies maybe is even more sinister than we think now. Through the accumulative databases they know about us even if we delete everything. Because out friends tells them about us.

They did a lot of tests giving evidence for this to be true. Using persons that never had been at FB and FB still had several of their friends showing up.

and worse. Even if one give a totally fake name and address and fake birthday FB still knows who you are through the MAC address of the hardware you use and the IP range.

So one would need to go to a public library and give false data to them or else them would unknowingly reveal your true identity to FB.

I red this on BBC if my memory not fails me. yes here it is

http://www.bbc.co.uk/blogs/thereporters ... still.html
If you hate the idea of social networking and have never been on Facebook, then Facebook knows nothing about you. Correct? So how come when you set up a profile on the social network for the first time, it can suggest friends for you?
I use Google Search on Puppy Forum
not an ideal solution though

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#10 Post by Sylvander »

In this thread at the PC-Guide forums [at least I think it was there], I first saw mention that an evercookie stores itself in many [8 listed here] different/diverse locations...
And only one need remain un-eliminated for the evercookie to restore all [8?] locations.

Hence you MUST eliminate all to finish it off. :(

What I do is...
Use a pupsave on a Flash Drive...
And make the necessary configuration and code change...
So I can choose to NOT SAVE back to the pupsave [neither during, nor at shut-down] any changes made to the session.

And naturally, I keep backups of all the various pupsaves at various points in time.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#11 Post by nooby »

Sylvander that seems to be a practical way to stop such then.

The evercookie is only written to these places that all of them only exists in RAM until the write to pubsave is activated.

Where do you save the emails you want to keep then? Oh maybe you only use webmail?

Have you placed Seamonkey or ThunderBird outside of pupsave and them save on the HDD?

But does not one of the evercookie save as bookmarks something hidden. I dont' remember they have tried to be clever I heard.


But maybe you use CD/DVD and never save to HDD?
I use Google Search on Puppy Forum
not an ideal solution though

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#12 Post by Sylvander »

1. Shortly after beginning to use Puppy...
I began using smm ["SaveMyModem"] to look at my emails whilst they are still on the POP3 server.
Almost all are deleted whilst still on the server.

2. If I ever need to fetch any emails onto the PC...
At this time...
I will boot into my old operating system [Win2000Pro], which is installed to the 1st partition on the 1st internal HDD....
And use Outlook Express to fetch them, and store them all in that location.
Actually I moved the storage folder [and various other things] off the Windows partition [C:]...
To a suitably named folder on D: [2nd partition on the 1st HDD].
[So I can restore the Windows partition without any of the "Moved" items being affected]
There is definitely an advantage to keeping all the fetched emails, and the address book, all in one location.

3. When I first began using Puppy...
I installed Thunderbird...
And began fetching some->[certain_chosen_type_of] emails into that Puppy [a full install of Boxpup-413]...
Except I moved the Thunderbird storage folder off the Boxpup filesystem, and symlinked back...
So that I could restore a backup of the Boxpup folder system without losing recent emails [they would be untouched by the restore].

4. I've since migrated to a newer PC...
And haven't yet got around to installing Thunderbird on any of my Puppies:
[6-off 1GB pupsaves, each in 1 of 6-off 1.3GB partitions, on an 8GB Flash Drive] plus...
[6 suitably named Puppy folders, in the root folder of the 2nd of my 2 internal HDD's].
So far I've COPIED 3 of the pupsaves from their partition on the Flash Drive, into their own folder on the internal HDD.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#13 Post by nooby »


Edit

Sorry I lure us to go off topic. We have to take this by private message instead Okay.



Hi, Sylvander.
Posted: Wed 30 Dec 2009, 08:55
1. I'd like to see a good Puppy replacement for Mailwasher.

I use SaveMyModem [smm], but it isn't quite as good as Mailwasher.
e.g. Cannot copy and paste [or click] URL's to easily go to a webpage.
No means to set a rule for hiding [and deleting] emails from a particular sender or domain.
so there is no good replacement for Mailwasher then?
I use Google Search on Puppy Forum
not an ideal solution though

Jasper

#14 Post by Jasper »

Hi nooby,

Mailwasher works well with Wine. I continue to use version 2.0 which is ancient, but the current version also works well.

A possible disadvantage is that the free version can only access one email account.

My regards

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#15 Post by 8-bit »

Anyone know if a plugin called Better Privacy works?

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#16 Post by Flash »

nooby wrote:
Edit

Sorry I lure us to go off topic. We have to take this by private message instead Okay.
Please don't do that, it makes the forum less useful. Start a new thread for the new topic instead. :)

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#17 Post by jpeps »

8-bit wrote:Anyone know if a plugin called Better Privacy works?
http://murga-linux.com/puppy/viewtopic.php?t=60978

calexand
Posts: 75
Joined: Fri 20 Nov 2009, 18:30

#18 Post by calexand »

Hello all,
BleachBit 0.8.1-1 deletes EverCookies on Firefox version 3.6.9 and later, only useful with FF. I installed bleachbit_0.8.1-1_all_ubuntu1004.deb in PuppyStudio2.1 (luci/lupu 5.07) and it works perfectly.
CA

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#19 Post by Flash »

How do you know it got rid of 'em all?

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#20 Post by PaulBx1 »

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser.
Ugh. Some people really need to be dipped in a vat of boiling oil. :x
Wow we have to talk to politicians that there should be laws and filter for such cookies set up on every ISP in a country or that ISP would loose license to have internet access... We have to go together in strong consumer organizations and fight back this total control society we are heading into.
Geez, nooby, if you don't like total control, don't go running to government for every little thing! :roll:
By way of script

delete the flash information
delete all browser .sqlite files
delete all browser cache


I do this a few times a day on a 'hard day browsing'
I don't do anything at all. I just wonder if there is any good for the user in cookies, or if they are all bad. Or if they are nothing much, one way or the other? Every time I have read about them I haven't seen the need for concern, but maybe I'm not paranoid enough? If I go around deleting all my cookies, I wonder what utility from them I would lose, not to mention now having to worry about evercookies?

What's the worst way cookies are abused? I want to know if I should get exercised about them...

Post Reply