Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Users Via the Browser's Cache

Posted by ryuzaki0 on from the not-just-cookies dept.

Mukund writes to point us to an article he has written about a method of tracking using the browser cache instead of cookies. A demonstration shows that tracking can remain continuous if you clear only cookies or only the cache, but not both. (Firefox's Clear Private Data tool can be set to clear both when closing the browser.)

9 of 124 comments (clear)

  1. An interesting idea by FonzCam · · Score: 3, Interesting

    But seriously most people leave cookies on and those who know to turn them off are probably the sort of people who regularly clear their cache. The percentage of users you could target with this would be very small for the effort required. If tracking user usage is that important to you then just refuse to serve the page with cookies disabled.

  2. Requires Javascript to work. by Elgonn · · Score: 3, Interesting

    So it still doesn't work on some of us.

  3. Re:Pretty clever.. by corychristison · · Score: 3, Interesting

    But what if the user has disabled Javascript? Then this method would be useless, no?

  4. Re:Serious question by Feyr · · Score: 4, Interesting

    a couple of days, then it usually crash/get so slow it's unuseable and i have to restart it

  5. I was reminded of the CSS history "hack" by QuantumFTL · · Score: 2, Interesting

    I saw this article on Digg a while back, using an ingenous JavaScript that would look at the *rendering* of a link to determine if you'd been there or not (and possibly upload this information to the remote server). That's kinda scary...

  6. Works for images too... by Anonymous Coward · · Score: 1, Interesting

    You don't need to store that unique id in a javscript variable.
    Send some image (webbug), say it should be cached, but "must-revalidate" and "hijack" the Etag/IF-*-Match headers.

  7. Re:Pretty clever.. by Breakfast+Pants · · Score: 4, Interesting

    Sure, but they could just put a small iframe to foo.html and mark that page as cacheable, on that page have a small image, dynamically generated, to [unique_id].gif and mark the image uncacheable on your server. Now when you visit, your cached copy of foo.html tries to download [unique_id].gif every visit.

    --

    --

    WHO ATE MY BREAKFAST PANTS?
  8. Things are not so Simple :) by alexmipego · · Score: 2, Interesting

    This is my own site, but I've been done this for a while and this slashdot story is the ideal to post it. (I don't want to be suffering a slashdot effect on my server.) This is how you can get some sites the user has visited. Post with some details: http://www.alexandre-gomes.com/ Demo: http://www.alexandre-gomes.com/privacy2.html

  9. simple solution by oohshiny · · Score: 2, Interesting

    Use separate browsers, accounts, and/or machines for different purposes. I wouldn't dream of using my regular browser for on-line banking, for example.