dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10065
Rebirth
join:2009-06-18
33333

1 edit

Rebirth

Member

Evercookie - The nightmare is here

Well looks like it could be anyway !

From what i gather, it "appears" to be only HTML5 capable, but please advise if otherwise.

See what you make of it.

»samy.pl/evercookie

So how do/would we prevent these from happening, apart from no scripting ?

There are ongoing legal actions been taken as i write against some big companies, amongst others, who have been using persistent flash cookies without users knowledge and/or permissions, so it'll be interesting to see how this flys, or not !

-

Edit typo

Khaine
join:2003-03-03
Australia

Khaine

Member

Looks similar to »Re: Advertisers using HTML5 Features to Track Users

Its sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap

SparkChaser
Premium Member
join:2000-06-06
Downingtown, PA

1 recommendation

SparkChaser to Rebirth

Premium Member

to Rebirth
a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies'

Khaine
join:2003-03-03
Australia

1 edit

Khaine

Member

It looks pretty simple to block. All you need to match on is

<script type="text/javascript" src="evercookie.js"></script>
 

or even the function call to evercookie()

That won't stop people who obfuscate the code, and I'm sure there are more sophisticated methods of detecting and removing these 'evercookies'.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to SparkChaser

Premium Member

to SparkChaser
said by SparkChaser:

a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies'
How? I don't have Flash and I don't allow any kind of cache on my browsers (well, except IE6 because I have to there but I don't use that browser except for speed tests). So, I went to his site on Opera but I have no flash on Opera and no cache. So, how are his cookies set?

CylonRed
MVM
join:2000-07-06
Bloom County

CylonRed to Khaine

MVM

to Khaine
Marketing companies and tracking data has been around for decades. Many, many decades.

ashrc4
Premium Member
join:2009-02-06
australia

1 edit

1 recommendation

ashrc4 to Rebirth

Premium Member

to Rebirth
firefox 3 and html5 firefox 4 show the same result for sandboxie.
Looks like just another persistant flash cookie.

SparkChaser
Premium Member
join:2000-06-06
Downingtown, PA

SparkChaser to Mele20

Premium Member

to Mele20
said by Mele20:
said by SparkChaser:

a word of warning going to samy.pl/evercookie with java enabled will get you a bunch of his 'evercookies'
How? I don't have Flash and I don't allow any kind of cache on my browsers (well, except IE6 because I have to there but I don't use that browser except for speed tests). So, I went to his site on Opera but I have no flash on Opera and no cache. So, how are his cookies set?
Sorry, I did mean you personally. I meant the average user. Ummm, like me

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

DownTheShore to ashrc4

Premium Member

to ashrc4
said by ashrc4:

firefox 3 and html5 firefox 4 show the same result for sandboxie.
Looks like just another persistant flash cookie.
Thanks for showing that tree. I would not have thought of checking there. For other Vista users who want to check that out, remember to go into Tools > Folder Options > View and uncheck "Hide Protected Files". That's the only way to see the cookies when using Windows Explorer.
OZO
Premium Member
join:2003-01-17

1 recommendation

OZO to ashrc4

Premium Member

to ashrc4
To stop Flash cookies once and for all there is a simple and reliable way. Check this post.

martg
join:2005-11-19
South UK

martg

Member

The BetterPrivacy Firefox extension gives the option to remove Flash cookies each time the browser closes.

»addons.mozilla.org/en-US ··· on/6623/

ZZZZZZZ
Premium Member
join:2001-05-27
PARADISE

1 edit

ZZZZZZZ

Premium Member

BetterPrivacy for Firefox is a good extension,but Crap Cleaner also cleans Flash cookies if you run it.

Grail Knight

Premium Member
join:2003-05-31
Valhalla

1 recommendation

Grail Knight

Premium Member

CCleaner had a habit of deleting the settings.sol file when cleaning flash so I made some adjustments in CCleaner to protect that file and this has worked for some time now.

Exclude

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Include

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
Grail Knight

Grail Knight to Mele20

Premium Member

to Mele20
quote:
How? I don't have Flash
How is that possible when in the other thread you said you have flash installed in IE?

»Re: Adobe Security Advisory for Flash Player CVE-2010-2884

If you have that flash evercookie then it seems that one of your programs that requires IE components to work may be downloading the flash evercookie.

Have you checked your programs that may use flash components to function to see if one of them may be downloading this cookie?

I do not see a big deal about this myself. YMMV
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

PX Eliezer704 to martg

Premium Member

to martg
said by martg:

The BetterPrivacy Firefox extension gives the option to remove Flash cookies each time the browser closes.

»addons.mozilla.org/en-US ··· on/6623/
Great firefox add-on!

Jim Gurd
Premium Member
join:2000-07-08
Livonia, MI

Jim Gurd to Rebirth

Premium Member

to Rebirth
I couldn't get it to work in IE at all. I kept getting javascript errors.

In Firefox it failed to restore the cookie after I ran CCleaner. Seems rather harmless to me.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Grail Knight

Premium Member

to Grail Knight
Yes, I wasn't as clear as I could have been. I meant that I don't have Flash installed on Opera which is the browser I used when going to the evercookie site.

The only program I know that uses Flash I have on Vista where I don't have FP installed. That is Avast which uses Flash for its ad for the free version. I wish they wouldn't do that. I really like Avast 5 and its GUI except for that and that will keep me from ever using Avast on a computer where I have to have Flash installed on one browser. Many times, I have removed Flash from IE6 for long periods (until I have to do speed tests because of a problem) and not had any problems with programs so I suspect none of them need Flash components.

eLulz
@eliablehosting.com

eLulz to Rebirth

Anon

to Rebirth
This was trivial to defeat.

GNU/Linux users:

chmod 000 ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys
chmod 000 ~/.macromedia/Flash_Player/#SharedObjects
 

After executing the above just clear conventional cookies as you would. This is exciting old news, the Flash cookies have been around for some time now.

Jon jon
@sbcglobal.net

Jon jon to Rebirth

Anon

to Rebirth
I read an article that said the cookie is placed in 8 locations.
Even if you get rid of 7 of them, the cookie can "rebirth" itself from the one, it will be back in all 8 locations afterwards.
The article mentioned "persistent" cookie.

AB57
Premium Member
join:2006-04-04
equatorial

AB57

Premium Member

said by Jon jon :

I read an article that said the cookie is placed in 8 locations.
Even if you get rid of 7 of them, the cookie can "rebirth" itself from the one, it will be back in all 8 locations afterwards
That's a lot of places-- not to mention a good plot for a horror movie.

Got a link to the article?
mysec
Premium Member
join:2005-11-29

2 edits

1 recommendation

mysec

Premium Member

Maybe this article that was linked at Wilders:

Zombie cookie wars: evil tracking API meant to "raise awareness"
»arstechnica.com/web/news ··· ness.ars

________________________________________________________________________

One of the great uses of reboot-to-restore products such as Deep Freeze, Returnil, etc, is as a maintenance tool.

Anything written to a frozen partition in Deep Freeze, for example, is discarded on reboot.

You can choose to store a permanent browser cookie, if you want, but all other session cookies you permit will be discarded on reboot.

Local Storage Objects (LSO) aka Flash cookies are also nuked, of course.

This also applies to the evercookies. They may appear during the session, but will not be able to compile a tracking record since they will be discarded on reboot.



----
rich
markopoleo
join:2003-04-02
Bonne Terre, MO

markopoleo to Khaine

Member

to Khaine
said by Khaine:

Looks similar to »Re: Advertisers using HTML5 Features to Track Users

Its sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap
Those 2 companies you mention are not amazing at all. They do some of the things you mentioned. lol

Khaine
join:2003-03-03
Australia

Khaine

Member

said by markopoleo:

said by Khaine:

Looks similar to »Re: Advertisers using HTML5 Features to Track Users

Its sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap
Those 2 companies you mention are not amazing at all. They do some of the things you mentioned. lol
They are amazing in that they pioneered online shopping. Amazon has shaken up the publishing industry, and apple is slowly dragging the music industry into the 21st century.

I may not agree on some of there profiling, and data mining tactics, but you can't deny how much they have shaped the online world.

ironwalker
World Renowned
MVM
join:2001-08-31
Keansburg, NJ

ironwalker to Grail Knight

MVM

to Grail Knight
said by Grail Knight:

CCleaner had a habit of deleting the settings.sol file when cleaning flash so I made some adjustments in CCleaner to protect that file and this has worked for some time now.

Exclude

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Include

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\

C:\Users\YOURNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
I got this from you awhile back in the firefox forum, but, when you pasted the code I saw *.* at the end of the include and exclude items, is it not needed?

I have my sys and shared objects folders hidden and write protected after my settings were made, keeping my settings.sol file at all times so I really do not need the included in ccleaner but for other boxes I work on I am curious. The *.* just means "any file" seems though, that it is redundant, correct?

Grail Knight

Premium Member
join:2003-05-31
Valhalla

2 edits

1 recommendation

Grail Knight

Premium Member

CCleaner is using *.* as a blanket delete of a folder contents by all appearances. You do not need to type it in as CCleaner adds it depending on the type of file or folder selected.

I only copy & pasted the locations so what I have here is exactly what CCleaner is using to Include & Exclude files and folders and the functions work and files are deleted or saved as indicated.

Edit* II Spelling

AB57
Premium Member
join:2006-04-04
equatorial

AB57 to mysec

Premium Member

to mysec
said by mysec:

Maybe this article that was linked at Wilders:

Zombie cookie wars: evil tracking API meant to "raise awareness"
»arstechnica.com/web/news ··· ness.ars
Yep. Thank you.

He mentions 8 potential places-- obviously, if you're not availing yourself of HTML5 or Silverlight, for example, those places aren't there for the cookie to find lodging.
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO

cbs228 to Rebirth

Member

to Rebirth
said by Rebirth:

So how do/would we prevent these from happening, apart from no scripting ?
If you're worried about 3rd-party advertisers tracking you, then Adblock Plus for Firefox will do the trick. Even if they have unstoppable cookies that can never be deleted, they cannot affect you if you do not connect to their servers in the first place.

I am sure that as tracking methods like this become more and more commonplace, Mozilla (and/or third-party developers) will improve the cookie deletion feature and close some of the scripting holes (such as CSS history) that evercookie takes advantage of.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to mysec

Premium Member

to mysec
The full Ars article is here, mysec See Profile
»arstechnica.com/web/news ··· ness.ars
The system is flagging this link as having been posted in this thread already but I'll post it anyway.

bent
and Inga
Premium Member
join:2004-10-04
Loveland, CO

bent to Khaine

Premium Member

to Khaine
said by Khaine:

Looks similar to »Re: Advertisers using HTML5 Features to Track Users

Its sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap
What is Amazon if not a marketing company? iTunes as well for that matter...

Khaine
join:2003-03-03
Australia

Khaine

Member

said by bent:

said by Khaine:

Looks similar to »Re: Advertisers using HTML5 Features to Track Users

Its sad how much commercial the internet has become. While it has bought us amazing things like amazon, iTunes and the like, it also bought us marketing companies, spyware, tracking, profiling, data mining and so much other crap
What is Amazon if not a marketing company? iTunes as well for that matter...
They sell products, they use marketing to help in this endeavor. When I referred to marketing companies I meant things like doubleclick.