So I was browsing and came across this interesting concept - a cookie that stores itself in 8 different locations, and as long as one particular location remains active it can recopy itself elsewhere. At this point I would expect a third party like CCleaner to step in and deal with such a problem. I was just wondering whether CCleaner covers all those bases? I realise HTML 5 has not been implemented fully in all the browsers, and if I understand correctly the standards are not finalised either. Having said that, any thoughts would be welcome
evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.
Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Storing cookies in RGB values of auto-generated, force-cached
PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web History (seriously. see FAQ)
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
TODO: adding support for Silverlight Isolated Storage, and using Java to produce a unique key based off of NIC info
Edit: That link gave me a "stack overflow at line 796" warning. every time I clicked it. Have no idea what that means, but it is ... well... odd. Over my head.
Is that link legitimate? Read about Mr. Kamkar: BBC News
edit: Answer to my own question. No. Don't visit it. Does something to IE.
edit: I found a couple of those cookies on this machine. Posted a screenshot over on page 2.
Login123 - I am not sure what browser your using, but I have tried it in IE 8, Opera and Firefox and they all come out fine. I run spywareblaster and KIS2011 and nothing came up with any issues on the website. I actually got the link from a downloadsquad page...although I would add it appears the people who have now commented had the same idea as me. Come running to the CCleaner experts to help clean up such a mess!
It would be a tremendous boon for average decent Internet users if some one or something (perhaps Piriform) produced a "Boycot List" of websites that issue Evercookies and any other form of Zombie cookie.
It would be a tremendous boon for average decent Internet users if some one or something (perhaps Piriform) produced a "Boycot List" of websites that issue Evercookies and any other form of Zombie cookie.
You could block such snoopy sites with the Windows HOSTS file, or for a more permanent fix in the modems configuration settings - mine lets me block websites.
You could block such snoopy sites with the Windows HOSTS file, or for a more permanent fix in the modems configuration settings - mine lets me block websites.
I agree that is a solution if I know what sites to block.
I was thinking in terms of a list to which "bad" sites can be added by "victims" so that we know what to block before we suffer.
Am using IE7, and have Powershadow running, so no changes will happen, else would not have visited Mr Kamkar's site. Not at all sure if Powershadow is related to the stack overflow warning. Don't even know what the stack is, but it sounds ominous. Anyhow, here is a screenshot.
Edit: Got that same warning when I went through the Downloadsquad link. Probably just not "Stacked" right.
Actually not sure if it is even a problem...someone who knows more might be able to say.
I just posted that in the spirit of "Better Safe Than Sorry".
@ ishan_rulz: His site may not really know your visiting history. If it is the green text in the lower right corner, it always says that, no matter what you have visited (based on 4 or 5 tries). See screenshot, after I visited several pages, w/ PS and Sandboxie running. Still don't know what it means, but that site doesn't SEEM to know where I have been. ?
@Login123 - I can confirm what your saying. I just fired up a virtual machine with IE 7 and as soon as I visit that website I get the same thing.
I must admit I know very little about this myself and find the thought very scary (I give it 6 months before some advertising network latches on this and starts doing this exact thing). However, this would be the sort of thing CCleaner could defeat unlike most browser's delete your browsing history. Browser clear your caches would most likely not touch the flash LSO's, the silverlight ones either. So it would need some sort of cookie cleaner to do so.
@ishan_rulz - I assume what its done is read your cookies. From your cookies it would be able to determine lots of sites youve been to. As each cookie is related to a domain. If your internet settings are not high enough, then I assume it would be able to read stuff quite easily. What browser are you using out of curiosity? I tried to get it to read my history in a virtual machine for IE 7 (by making it a trusted website) and Firefox without any luck. Does Java load by chance when you visit the website?
I use FireFox (v3.6.10) as my browser and ccleaner (v2.35.1219) on Windows 7 - 64bit
ccleaner was able to clean up enough (or maybe all) of the "evercookie" so that I was assigned a new, different evercookie the next time I visited that site.
One thing to keep in mind about the evercookie --- flash cookies and regular cookies are limited in that they can be accessed only by the site that created them. evercookie has no such limits. The javascript, regardless of the site from which it is run, will be able to read any evercookie on your disk, regardless of the site that created it. This, in particular, is a gross security breach of past practices in tracking cookies.
Scary business. Have any idea why his site doesn't seem to show the actual history for this machine? Is maybe Sandboxie, or Powershadow, a virtualizer like Returnil?
Any website has the technology to find where you are coming from when visiting their site, and it's done all the time. They simply use "Referrer Information", which they can access without "interrogating your system". Most sites just don't make a meal of it and publicise it like that.
Referrer logging is used to allow websites and web servers to identify where people are visiting them from, for promotional or security purposes.
I've been on that site for about 20 minutes, and this is as far as the "interrogating" could get because I disabled "Send Referrer Information" in my browser. I think the message displayed there is bulls**t. JMHO of course.
Using Opera. "Tools\Quick Preferences\Disable 'Send Referrer Information' button".
You could disable that feature in your browser permanently, but you would find some sites which will refuse to work properly without it. But not many.
Using Opera. "Tools\Quick Preferences\Disable 'Send Referrer Information' button".
You could disable that feature in your browser permanently, but you would find some sites which will refuse to work properly without it. But not many.
I had Send Referrer off for months in Firefox, but just had to come to the realisation that it messes with some sites not working, ended up having to turn Send Referrer on and wow allot of aggravation has ceased.
@Login123 - I can confirm what your saying. I just fired up a virtual machine with IE 7 and as soon as I visit that website I get the same thing.
I must admit I know very little about this myself and find the thought very scary (I give it 6 months before some advertising network latches on this and starts doing this exact thing). However, this would be the sort of thing CCleaner could defeat unlike most browser's delete your browsing history. Browser clear your caches would most likely not touch the flash LSO's, the silverlight ones either. So it would need some sort of cookie cleaner to do so.
@ishan_rulz - I assume what its done is read your cookies. From your cookies it would be able to determine lots of sites youve been to. As each cookie is related to a domain. If your internet settings are not high enough, then I assume it would be able to read stuff quite easily. What browser are you using out of curiosity? I tried to get it to read my history in a virtual machine for IE 7 (by making it a trusted website) and Firefox without any luck. Does Java load by chance when you visit the website?
It does know exactly which pages I visited, but after I ran CCleaner it couldn't find anything.
I had Send Referrer off for months in Firefox, but just had to come to the realisation that it messes with some sites not working, ended up having to turn Send Referrer on and wow allot of aggravation has ceased.
In Firefox, you can disable the sending of the Referer header completely. Here are the steps:
1. Type ?about:config? in the location bar, and press return.
2. In the filter box, type ?referer? and press return. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 2.
3. Right click on network.http.sendRefererHeader and select ?Modify?
4. In the dialog that appears type ?0″ and press OK:
5. Close the window.
This blocks all referrers. However, it can cause some websites to break. Alternatively you can get an extension which will do it on a site by site basis.