Evercookie, Extremely Persistent Cookies

Martin Brinkmann
Nov 5, 2010
Updated • Mar 9, 2013
Internet
|
6

Websites and services can use several techniques to identify a specific user visiting their properties, or third party properties they are affiliated with. Among the most common ones are standard HTML cookies, but also so called Flash cookies, also known as Local Shared Objects.

Evercookie takes this a step further by dropping as many cookies on the user's system as possible. In particular, the Javascript API will make use of the following storage mechanisms if supported by the web browser.

  • Standard HTTP Cookies
  • Local Shared Objects (Flash Cookies)
  • Silverlight Isolated Storage
  • Storing cookies in RGB values of auto-generated, force-cached
  • PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Storing cookies in Web History
  • Storing cookies in HTTP ETags
  • Storing cookies in Web cache
  • window.name caching
  • Internet Explorer userData storage
  • HTML5 Session Storage
  • HTML5 Local Storage
  • HTML5 Global Storage
  • HTML5 Database Storage via SQLite

Why would someone want to drop data into that many locations? Easy: For a far superior user identification. When a site drops a cookie on the user's system it can identify the user for as long as the cookie is active. If the user deletes the cookie it cannot identify the user anymore. It may use algorithms to calculate probabilities but it usually cannot be sure that this is indeed a user who visited the site in the past.

Evercookies introduce a whole new level of user tracking. The website will be able to track the user, and reproduce deleted cookies, if at least one cookie or data in storage locations is not deleted by the user. And we all know that many users still have not heard about Flash cookies, the second most known form of storing cookies on a user system yet. How will those users cope with the news that there are more than ten additional ways of storing data to track a user?

Samy Kamkar has put up a demonstration page where users can set evercookies manually on their system. The same page contains options to rediscover the cookies. The suggested way of using the demonstration is to set the evercookie, delete cookies in all places known to the user to finally revisit the site to see if the evercookie is still existing on the system. The first rediscover button drops all deleted cookies in their place again, the second button does not do that. It is interesting that this method is able to track a user even if the browser is switched, at least as long as the Flash cookie is not deleted.

The JavaScript source is available on the page as well as a small FAQ. So what can you do to protect your system from this new kind of user tracking? Add-ons like NoScript prevent the creation of several of the cookies, as do Flash blockers (or no Flash at all on the system). Private browsing modes are an option as well.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Anonymous said on July 3, 2013 at 6:06 pm
    Reply

    One word really : Sandboxie

  2. theWiredBuddha said on February 9, 2011 at 9:33 am
    Reply

    I have a few methods which I use to keep my computer clean from tracking, etc.

    1) on bootup I run 2 batch files
    – DNS Flush
    (ipconfig /flushdns)
    – IP Renew
    (ipconfig /all
    ipconfig /release
    ipconfig /renew)
    and I run CCleaner on bootup

    2) I run PeerBlock

    3) my browser is Chromium (builds updated daily) I block websites from setting data and I have these extensions installed:
    – Disconnect
    – Facebook Disconnect
    – Better Pop Up Blocker
    – AdBlock
    – Keep My Opt-Outs

    I never have any website remember my passwords. I also run Auslogics Registry Cleaner, Auslogics Registry Defrag and Auslogics Defrag a few times a week. I use Avast and Threatfire.

  3. SubgeniusD said on November 10, 2010 at 4:24 pm
    Reply

    Better Privacy – FF addon not only deletes but allows LSO mgmt in cases where you don’t want to log in every time – like YouTube or other non-sensitive places.

    Also http://www.nirsoft.net/utils/flash_cookies_view.html if you’re an Opera fanboy (like me) who doesn’t feel like opening FF for routine cookie maintenance.

  4. Will said on November 6, 2010 at 4:16 am
    Reply

    See http://www.grc.com/SecurityNow.htm#270 for best info on this bad boy.

    “…he did say that private browsing in Safari will stop all evercookie methods after a browser restart. So Apple Safari private browsing is robust enough to just shut all this down.”

    So only Safari can stop it at the moment.

    Easiest way to clear flash cookies:

    http://codefromthe70s.org/cookienator.aspx

  5. Paul(us) said on November 6, 2010 at 12:10 am
    Reply

    Maybay a litel help wil be the program that will clean flash cookies http://www.flashcookiecleaner.com/

    Also you can configure CCleaner to clean flash cookies.

  6. Ross said on November 5, 2010 at 10:17 pm
    Reply

    Incognito browsing in Chrome is not sufficient. The “lsodata” method persists.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.