Nevercookie Eats Evercookies

wiredmikey writes "Anonymizer, Inc. has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. The plugin extends Firefox's private browsing mode by preventing Evercookies from identifying and tracking users."

virtual machines

I do almost everything in VMs since it keeps my computer cleaner. My web browsing VM starts from scratch each time I load it (with a random MAC address inside the VM). Only the bookmarks get exported and imported. Evercookie doesn't stand a chance with me.

To further improve the situation, I have privoxy chained to squid. My iptables rules don't allow the user that runs the VMs to connect to the internet at all, not even dns. Only a connection to the local privoxy proxy which strips all ads and other annoying things.

It took a while to set this up for sure, but it is secure and most importantly an enjoyable browsing experience.

Re:virtual machines

[leuk_he]

You are unique Just like everyone else

please tell me how unique you are there... (me: one in 627,021 browsers have the same fingerprint as yours.)

Since you have a special setup i wonder if you can really hide in the crowd.

Re:virtual machines

Within our dataset of several million visitors, only one in 418,016 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 18.67 bits of identifying information.

Although it is clearly wrong. It says I don't have javascript or cookies enabled. I do. I am also running chrome in an XP VM.

Funny thing about chrome is that Google will never allow ad blockers, but they allow http proxies. All of my ad blocking is done at that level since it applies to all of my web browsers in all of my VMs, in addition to the computers my family uses. Why would I want an ad blocking plugin when a proxy works so much better?

Re:virtual machines

[Amorymeltzer]

That page has got to be faulty. Go to the main link, http://panopticlick.eff.org/ - the results are staggeringly different. That tells me I'm unique out of everyone (>1.2 million) whereas the link given in GP says I'm 1 out of around 85k.

Re:virtual machines

Chrome in XP for random nonsense like Slashdot. Firefox with noscript in a linux VM for gmail and banking etc.

The host OS is linux of course since I am using iptables to control the VM network activity. I am using qemu with the user mode networking option. With KVM acceleration it is amazing. Near native speeds.

I'm also going to reply to the person who posted below you right now so I don't need to get a new IP address again. Why bother with a live cd? That is not convenient at all. I am not a political prisoner, just a nerd having fun with VMs. I like leaving javascript on when ads are blocked. Also you need to remember that there is no added complexity to a random mac address. The script I use to start my qemu VM has "macaddr=`randmac`" in it and there we go, new mac address each time. Why not? I just have a python script named randmac in /usr/local/bin that generates a random mac address for me each time. I was surprised to find that XP doesn't even care about this. It still sees it as the same nic and everything.

Re:virtual machines

I am the original poster. It says I am unique, but clearly the script has a bug in it. For example it says that my user agent of "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7" is 1 in 14093.54. Very unlikely.

Also I am using stock chrome in stock XP SP3, yet my plugins are 1 in 418108.33 and my fonts are 1 in 553.54. Both are very unlikely. Remember that this is not a worn in XP install. It is virgin (up to date) XP SP3 with chrome installed in it. Hell when I update it, I update the virgin without chrome version of it, and then install chrome in that. I use backed qcow2 images in qemu so that I can always step back to the most virgin version of it when I update it.

None of this is done to prevent tracking or cookies. I just want to prevent malware infections. This uniqueness and cookies stuff is interesting, and I love the EFF, but their site appears to lie to you to make you scared.

Re:virtual machines

I started the VM off from scratch and went back and now I am one in 2327.42 for the (same) user agent. 1 in 139386.78 for the (same) plugins, and 1 in 553.37 for the (same) fonts. Only the fonts number is similar to last time, yet the entire situation is the same. Same fonts, plugins, and user agent. I call shenanigans.

Re:virtual machines

[couchslug]

I just use Linux for most of my surfing, but light VMs are very easy to set up and worth doing for the education.

I like Portable VirtualBox for Windows use because I can make a self-extracting .rar of the complete program with VMs for backup:

http://www.dedoimedo.com/computers/portable-virtualbox.html

Grab a light Linux distro like DSL (small download, speedy performance), and install to VM from the .iso:

http://www.damnsmalllinux.org/

You can then play with MANY operating systems, and if they screw up, delete their VM. If you have bigger problems, reload by extracting the backup. :)

Who are the web sites

[Stan92057]

Who are the web sites that use theses cookies? why do they remain unnamed? I think that knowledge is just as important as making blocking software.