Slashdot Mirror

← Back to Stories (view on slashdot.org)

Un-killable 'Evercookie' Killed ... Sometimes

Posted by CmdrTaco on from the use-silver-bullets dept.

Trailrunner7 writes "The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user's machine, known as the 'Evercookie,' is even more worrisome when used on mobile devices, according to another researcher's analysis. The Evercookie is a simple method for forcing a user's machine to retain browser cookies by storing the data in a number of different locations. The method also has the ability to recreate deleted cookies if it finds that the user has removed them. Created by Kamkar as a demonstration of a way that sites could use to persistently track users even after they clear their browser cookies, the Evercookie has drawn the attention of a number of other researchers who have spent some time looking for methods to defeat it. A researcher in South Africa took a look at the way the the Evercookie works on both Safari on the desktop and on mobile devices, and found that it can be undone in some circumstances. However, he also found that the mobile version of Safari fares far worse in its handling of the Evercookie than the standard version does."

8 of 186 comments (clear)

  1. Re:Evercookie is clever by Anonymous Coward · · Score: 5, Insightful

    While it is not un-killable, it is pretty much a pain in the ass to get rid of, since it will get back if you miss a single one and visit the site again.

    Didn't we used to call this kind of stuff "malware"? When did it become acceptable, no matter how annoying or unwanted the user is, to put something on their computer without their knowledge that is hard or near-impossible to remove?

  2. Re:Solution: by Anonymous Coward · · Score: 5, Insightful

    That's not the solution. The whole point of the "evercookie" is that it doesn't just use regular HTTP cookies to store information, but also abuses all kinds of common browser features related to CSS, caching, embedded Flash objects and anything else that can be exploited to store state. If all he did was store a cookie only, then any browser worth its salt could easily purge it from the browser history.

    So even if you just block cookies, that doesn't prevent this hack to work. You may need to block a whole range of features from JavaScript to HTTP caching to Flash support. It's certainly possible, but not something that an average user is prepared to do.

  3. Re:Evercookie is clever by tehdaemon · · Score: 3, Insightful
    Malmarker then? Maldata? Evilbytes? I suppose at some level pedantry about word definitions makes sense, so fine, don't call it malware. But it is in the same 'badness' class as most malware, and needs an equally bad name to go with it.

    T

    --
    Laws are horrible moral guides, moral guides make even worse laws.
  4. Re:Evercookie is clever by The+Wild+Norseman · · Score: 4, Insightful

    Malware is executable software. The evercookie isn't software, it's a simple marker.

    The cookie resides on my hardware, doing something (tracking -- albeit doing something passively in this case) which I only wish to grant it for a limited amount of time. When the makers of this cookie make it extremely difficult to delete, which takes away the control I have over the data on my computer, then I see no practical difference between this passive cookie and active malware. Just MHO.

    --
    "A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
  5. Re:Evercookie is clever by CCarrot · · Score: 4, Insightful

    If we on Slashdot start calling cookies "malware" then it's no different than when ordinary computer users don't know the difference between a virus and a trojan.

    Ordinary cookies don't actively fight removal by the user, and once they're gone, they're gone.

    Ordinary (non-malware) applications don't actively fight removal by the user, and once they're gone, they're gone (okay, other than some leftover user/config data sometimes, but the program itself is gone and no longer does what it was designed to do).

    The 'Evercookie', on the other hand, behaves exactly like malware in that it actively resists being deleted by the user, even to the point of rebuilding itself after deliberate removal attempts, and all for the benefit of a third party.

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  6. Re:Evercookie is clever by Firehed · · Score: 4, Insightful

    It's a fairly complex storage mechanism, designed to get around a user's preferences. In the wrong hands, it's very dangerous. I'd certainly call it closer to malware than, for example, the recent iPhone jailbreaks - which are so kind as to patch the security flaw that let the software run in the first place. Yet by your reasoning, jailbreaking is malware and evercookies are harmless. If you think that ad retargeting (ads that basically follow you around the web) is creepy, wait until they know with 100% certainty that you're a known user in some known demographic.

    --
    How are sites slashdotted when nobody reads TFAs?
  7. Re:Evercookie is clever by Firehed · · Score: 3, Insightful

    Putting something in the TOS to "not [be] underhanded" is, in itself, being underhanded. Or perhaps you're that one non-crawler in my server logs with the request to /about/terms, in which case I take that back.

    --
    How are sites slashdotted when nobody reads TFAs?
  8. Re:Evercookie is clever by davidbofinger · · Score: 3, Insightful

    It's not the same concept but "malcontent" deserves to be coined.