|Evercookie - the cookie you can't kill|
|Thursday, 23 September 2010|
A cookie you can't refuse and once it is stored you can't remove it because every time you think you have deleted it, another part of it just regenerates. It's real and its called evercookie.
Currently evercookie uses standard HTTP cookies, Flash cookies, HTML5 session storage, local storage, global storage and database storage.
But as well as just using the available standard local storage methods, evercookie also uses two clever methods of its own.
The second method uses the web page History maintained by the browser. What happens is that evercookie takes the key and codes it to valid characters. It then accesses a sequence of URLs that end with one, two, three and so on characters of the code - these are stored in the web history. The next time the page is loaded evercookie cycles through the possible URLs for the first character, then the second until it has retrieved the entire cookie code. Simple and elegant.
So is evercookie really impossible to remove? No of course not. Especially since its creator has been nice enough to tell us what each of the mechanisms are. In fact, it wouldn't take long to put together an evercookie cleaner utility.
Such is the nature of the privacy/security war. One programmer needs to track users so invents a way to do it then another programmer responds on behalf of the user to block the method. It just escalates.
What is more interesting, and perhaps worrying, is that any of these methods or similar could already be in use without anyone announcing them.
|Last Updated ( Thursday, 23 September 2010 )|