1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Evercookie will track you down

Discussion in 'Article Discussion' started by julieb, 23 Sep 2010.

  1. julieb

    julieb New Member

    Joined:
    12 Aug 2010
    Posts:
    47
    Likes Received:
    0
  2. mi1ez

    mi1ez Active Member

    Joined:
    11 Jun 2009
    Posts:
    1,439
    Likes Received:
    18
    Nice to know security researchers are helping to protect us all.
    /sarcasm
     
  3. mattbailey

    mattbailey New Member

    Joined:
    26 Dec 2009
    Posts:
    135
    Likes Received:
    2
    Just because it could be done, doesnt mean it should be done! :duh:

    His site says "... PRIVACY CONCERN! How do I stop websites from doing this?
    Great question. So far, I've found that using Private Browsing
    in Safari will stop ALL evercookie methods after a browser restart."

    What if I dont want to use Safari? :confused:

    Not impressed, and what a pointless API for the consumer, great for advertisers, and intelligence use - thanks for that! :wallbash:
     
  4. CAPSLOCK

    CAPSLOCK Lost in Time and Space

    Joined:
    4 Oct 2009
    Posts:
    10
    Likes Received:
    1
    What a d***.
     
  5. liratheal

    liratheal Sharing is Caring

    Joined:
    20 Nov 2005
    Posts:
    10,736
    Likes Received:
    773
    Thanks. Douche.
     
  6. BentAnat

    BentAnat Software Dev

    Joined:
    26 Jun 2008
    Posts:
    7,165
    Likes Received:
    198
    Yes, releasing it into public is a bit of an ***hole move.
    His research shows that it is possible, though, and that in itself is interesting. I am sure that browser developers are taking this VERY seriously and increasing security in their upcoming releases as a consequence. Pr0n mode will soon cripple the approach in all new browsers.
     
  7. msm722

    msm722 New Member

    Joined:
    1 Aug 2005
    Posts:
    100
    Likes Received:
    0
    Next he will release code to steal all your credit card info and send it to Nigeria.
     
  8. minimad127

    minimad127 CPC Refugee

    Joined:
    24 Apr 2009
    Posts:
    221
    Likes Received:
    9
    well this could increase the use of virtual machines for browsing with a clean image start each time
     
  9. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    Maybe, but that's a bit of a sledgehammer to crack a nut approach - sometimes you actually *want* some degree of persistence between browser sessions, which is why history, autocomplete etc. were implemented in the first instance. My preference is a strategy involving a combination of Adblock, Noscript and tight browser security settings, with whitelists for trusted sites on each. That seems to work adequately, but there are a lot of vectors listed above that I'm not 100% convinced would be stopped by this method.

    Another point is that, with modern "always-on" broadband connections, most people will find that their router is rarely if ever allocated a new IP address - though they may technically be dynamic, to all intents and purposes a server can assume a lot of the time that the same IP address means the same router (not necessarily the same machine, as multiple machines behind one router will share the same public IP address). This means in principle a technique like Evercookie could be extended to track users on the server side by IP address, and use that as another tracking vector even if they did use a VM or even clean installed their OS. You could even track across multiple machines behind the same router, which has huge security implications.
     
  10. infi

    infi Member

    Joined:
    24 Sep 2009
    Posts:
    34
    Likes Received:
    1
    yep, that's the magic word, don't allow ANYTHING unless you specifically trust it.
     
  11. Xir

    Xir Well-Known Member

    Joined:
    26 Apr 2006
    Posts:
    5,250
    Likes Received:
    88
    I'm glad he relaesed it.
    Tear it into the open so a reaction from OS and Browsermanfacturers is forced. More or less a standart procedure.
     
    BentAnat likes this.
  12. Hiren

    Hiren mind control Moderator

    Joined:
    15 May 2002
    Posts:
    6,131
    Likes Received:
    13
    This will certaintly help me track how sucessfull our ad campaigns are.
     
  13. BentAnat

    BentAnat Software Dev

    Joined:
    26 Jun 2008
    Posts:
    7,165
    Likes Received:
    198
    ^^ this!
     
  14. javaman

    javaman May irritate Eyes

    Joined:
    10 May 2009
    Posts:
    3,426
    Likes Received:
    72
    Big Brother strikes again! Surely you would need permission from the user to collect such data or is it a legal grey area?
     
  15. BRAWL

    BRAWL Well-Known Member

    Joined:
    16 Aug 2010
    Posts:
    2,666
    Likes Received:
    184
    I believe Russell Howards Brighton Show justifies this with the prefix of "Just because you can, doesn't mean you should"

    "It's legal... it's legal.... So is waking your nan up dressed as Hitler... Have some moral decorum"

    Fantastic, but I do give it a few weeks before someone invents "THE EVERCOOKIE PURGEBUSTERLOLZOOKA101" program that totally annihlates the use of an Evercookie.
     
  16. Instagib

    Instagib Well-Known Member

    Joined:
    12 Mar 2010
    Posts:
    1,415
    Likes Received:
    57
    How long until someone incorporates this into a virus that can't be purged?
     
  17. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    This would unfortunately be another reason that a flash blocker is essential equipment.
     
  18. impar

    impar Well-Known Member

    Joined:
    24 Nov 2006
    Posts:
    3,100
    Likes Received:
    41
    Greetings!
    You read the article?
    This Super-cookie can use Flash, HTML5, SQLite, PNG, etc...
     
  19. ch424

    ch424 Design Warrior

    Joined:
    26 May 2004
    Posts:
    3,112
    Likes Received:
    41
    I'm sure it's not hard to find its signatures and adbock will catch up soon enough.
     
  20. PingCrosby

    PingCrosby New Member

    Joined:
    16 Jan 2010
    Posts:
    392
    Likes Received:
    7
    mmmmmmm a cookie that lasts forever...I'll have two please.
     
    smoothie likes this.
Tags: Add Tags

Share This Page