1 edit |
Evercookie - The nightmare is hereWell looks like it could be anyway ! From what i gather, it "appears" to be only HTML5 capable, but please advise if otherwise. See what you make of it. » samy.pl/evercookieSo how do/would we prevent these from happening, apart from no scripting ? There are ongoing legal actions been taken as i write against some big companies, amongst others, who have been using persistent flash cookies without users knowledge and/or permissions, so it'll be interesting to see how this flys, or not ! - Edit typo |
|
Khaine join:2003-03-03 Australia |
Khaine
Member
2010-Sep-22 4:17 am
Looks similar to » Re: Advertisers using HTML5 Features to Track UsersIts sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap |
|
SparkChaser Premium Member join:2000-06-06 Downingtown, PA
1 recommendation |
to Rebirth
a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies' |
|
Khaine join:2003-03-03 Australia 1 edit |
Khaine
Member
2010-Sep-22 8:13 am
It looks pretty simple to block. All you need to match on is <script type="text/javascript" src="evercookie.js"></script>
or even the function call to evercookie() That won't stop people who obfuscate the code, and I'm sure there are more sophisticated methods of detecting and removing these 'evercookies'. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to SparkChaser
said by SparkChaser:a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies' How? I don't have Flash and I don't allow any kind of cache on my browsers (well, except IE6 because I have to there but I don't use that browser except for speed tests). So, I went to his site on Opera but I have no flash on Opera and no cache. So, how are his cookies set? |
|
|
to Khaine
Marketing companies and tracking data has been around for decades. Many, many decades. |
|
ashrc4 Premium Member join:2009-02-06 australia 1 edit
1 recommendation |
to Rebirth
firefox 3 and html5 firefox 4 show the same result for sandboxie. Looks like just another persistant flash cookie. |
|
SparkChaser Premium Member join:2000-06-06 Downingtown, PA |
to Mele20
said by Mele20:said by SparkChaser:a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies' How? I don't have Flash and I don't allow any kind of cache on my browsers (well, except IE6 because I have to there but I don't use that browser except for speed tests). So, I went to his site on Opera but I have no flash on Opera and no cache. So, how are his cookies set? Sorry, I did mean you personally. I meant the average user. Ummm, like me |
|
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ |
to ashrc4
said by ashrc4:firefox 3 and html5 firefox 4 show the same result for sandboxie. Looks like just another persistant flash cookie. Thanks for showing that tree. I would not have thought of checking there. For other Vista users who want to check that out, remember to go into Tools > Folder Options > View and uncheck "Hide Protected Files". That's the only way to see the cookies when using Windows Explorer. |
|
OZO Premium Member join:2003-01-17
1 recommendation |
OZO to ashrc4
Premium Member
2010-Sep-22 3:33 pm
to ashrc4
To stop Flash cookies once and for all there is a simple and reliable way. Check this post. |
|
martg join:2005-11-19 South UK |
martg
Member
2010-Sep-22 5:23 pm
The BetterPrivacy Firefox extension gives the option to remove Flash cookies each time the browser closes. » addons.mozilla.org/en-US ··· on/6623/ |
|
ZZZZZZZ Premium Member join:2001-05-27 PARADISE 1 edit |
ZZZZZZZ
Premium Member
2010-Sep-22 5:53 pm
BetterPrivacy for Firefox is a good extension,but Crap Cleaner also cleans Flash cookies if you run it. |
|
1 recommendation |
CCleaner had a habit of deleting the settings.sol file when cleaning flash so I made some adjustments in CCleaner to protect that file and this has worked for some time now.
Exclude
C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Include
C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\ |
|
Grail Knight |
to Mele20
quote: How? I don't have Flash
How is that possible when in the other thread you said you have flash installed in IE? » Re: Adobe Security Advisory for Flash Player CVE-2010-2884If you have that flash evercookie then it seems that one of your programs that requires IE components to work may be downloading the flash evercookie. Have you checked your programs that may use flash components to function to see if one of them may be downloading this cookie? I do not see a big deal about this myself. YMMV |
|
|
to martg
|
|
Jim Gurd Premium Member join:2000-07-08 Livonia, MI |
to Rebirth
I couldn't get it to work in IE at all. I kept getting javascript errors.
In Firefox it failed to restore the cookie after I ran CCleaner. Seems rather harmless to me. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to Grail Knight
Yes, I wasn't as clear as I could have been. I meant that I don't have Flash installed on Opera which is the browser I used when going to the evercookie site.
The only program I know that uses Flash I have on Vista where I don't have FP installed. That is Avast which uses Flash for its ad for the free version. I wish they wouldn't do that. I really like Avast 5 and its GUI except for that and that will keep me from ever using Avast on a computer where I have to have Flash installed on one browser. Many times, I have removed Flash from IE6 for long periods (until I have to do speed tests because of a problem) and not had any problems with programs so I suspect none of them need Flash components. |
|
|
eLulz to Rebirth
Anon
2010-Sep-22 10:30 pm
to Rebirth
This was trivial to defeat. GNU/Linux users: chmod 000 ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys
chmod 000 ~/.macromedia/Flash_Player/#SharedObjects
After executing the above just clear conventional cookies as you would. This is exciting old news, the Flash cookies have been around for some time now. |
|
|
Jon jon to Rebirth
Anon
2010-Sep-22 11:23 pm
to Rebirth
I read an article that said the cookie is placed in 8 locations. Even if you get rid of 7 of them, the cookie can "rebirth" itself from the one, it will be back in all 8 locations afterwards. The article mentioned "persistent" cookie. |
|
AB57 Premium Member join:2006-04-04 equatorial |
AB57
Premium Member
2010-Sep-22 11:32 pm
said by Jon jon :
I read an article that said the cookie is placed in 8 locations. Even if you get rid of 7 of them, the cookie can "rebirth" itself from the one, it will be back in all 8 locations afterwards That's a lot of places-- not to mention a good plot for a horror movie. Got a link to the article? |
|
mysec Premium Member join:2005-11-29 2 edits
1 recommendation |
mysec
Premium Member
2010-Sep-23 2:30 am
Maybe this article that was linked at Wilders: Zombie cookie wars: evil tracking API meant to "raise awareness" » arstechnica.com/web/news ··· ness.ars________________________________________________________________________One of the great uses of reboot-to-restore products such as Deep Freeze, Returnil, etc, is as a maintenance tool. Anything written to a frozen partition in Deep Freeze, for example, is discarded on reboot. You can choose to store a permanent browser cookie, if you want, but all other session cookies you permit will be discarded on reboot. Local Storage Objects (LSO) aka Flash cookies are also nuked, of course. This also applies to the evercookies. They may appear during the session, but will not be able to compile a tracking record since they will be discarded on reboot. ---- rich |
|
|
to Khaine
said by Khaine:Looks similar to » Re: Advertisers using HTML5 Features to Track UsersIts sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap Those 2 companies you mention are not amazing at all. They do some of the things you mentioned. lol |
|
Khaine join:2003-03-03 Australia |
Khaine
Member
2010-Sep-23 4:59 am
said by markopoleo:said by Khaine:Looks similar to » Re: Advertisers using HTML5 Features to Track UsersIts sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap Those 2 companies you mention are not amazing at all. They do some of the things you mentioned. lol They are amazing in that they pioneered online shopping. Amazon has shaken up the publishing industry, and apple is slowly dragging the music industry into the 21st century. I may not agree on some of there profiling, and data mining tactics, but you can't deny how much they have shaped the online world. |
|
ironwalker World Renowned MVM join:2001-08-31 Keansburg, NJ |
to Grail Knight
said by Grail Knight:CCleaner had a habit of deleting the settings.sol file when cleaning flash so I made some adjustments in CCleaner to protect that file and this has worked for some time now. ExcludeC:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol IncludeC:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\ I got this from you awhile back in the firefox forum, but, when you pasted the code I saw *.* at the end of the include and exclude items, is it not needed? I have my sys and shared objects folders hidden and write protected after my settings were made, keeping my settings.sol file at all times so I really do not need the included in ccleaner but for other boxes I work on I am curious. The *.* just means "any file" seems though, that it is redundant, correct? |
|
2 edits
1 recommendation |
CCleaner is using *.* as a blanket delete of a folder contents by all appearances. You do not need to type it in as CCleaner adds it depending on the type of file or folder selected.
I only copy & pasted the locations so what I have here is exactly what CCleaner is using to Include & Exclude files and folders and the functions work and files are deleted or saved as indicated.
Edit* II Spelling |
|
AB57 Premium Member join:2006-04-04 equatorial |
AB57 to mysec
Premium Member
2010-Sep-23 1:10 pm
to mysec
Yep. Thank you. He mentions 8 potential places-- obviously, if you're not availing yourself of HTML5 or Silverlight, for example, those places aren't there for the cookie to find lodging. |
|
cbs228Geeks Of The World, Unite join:2000-09-04 Saint Louis, MO |
to Rebirth
said by Rebirth:So how do/would we prevent these from happening, apart from no scripting ? If you're worried about 3rd-party advertisers tracking you, then Adblock Plus for Firefox will do the trick. Even if they have unstoppable cookies that can never be deleted, they cannot affect you if you do not connect to their servers in the first place. I am sure that as tracking methods like this become more and more commonplace, Mozilla (and/or third-party developers) will improve the cookie deletion feature and close some of the scripting holes (such as CSS history) that evercookie takes advantage of. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to mysec
The full Ars article is here, mysec » arstechnica.com/web/news ··· ness.arsThe system is flagging this link as having been posted in this thread already but I'll post it anyway. |
|
bentand Inga Premium Member join:2004-10-04 Loveland, CO |
to Khaine
said by Khaine:Looks similar to » Re: Advertisers using HTML5 Features to Track UsersIts sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap What is Amazon if not a marketing company? iTunes as well for that matter... |
|
Khaine join:2003-03-03 Australia |
Khaine
Member
2010-Sep-23 7:29 pm
said by bent:said by Khaine:Looks similar to » Re: Advertisers using HTML5 Features to Track UsersIts sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap What is Amazon if not a marketing company? iTunes as well for that matter... They sell products, they use marketing to help in this endeavor. When I referred to marketing companies I meant things like doubleclick. |
|