Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nevercookie Eats Evercookies

Posted by CmdrTaco on from the i-eat-heavy-metals dept.

wiredmikey writes "Anonymizer, Inc. has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. The plugin extends Firefox's private browsing mode by preventing Evercookies from identifying and tracking users."

23 of 91 comments (clear)

  1. And so another battle rages by Anonymusing · · Score: 5, Funny

    In development now: ForeverEverCookies, then NeverNeverCookies, then SuperCantTouchThisCookie, then ImGonnaEatYourDamnCookiesForBreakfast.

    --
    Liberal? Conservative? Compare perspectives at Left-Right
    1. Re:And so another battle rages by werfu · · Score: 2, Funny

      Ho yeah, Cookie on cookie action!

    2. Re:And so another battle rages by tom17 · · Score: 5, Funny

      then SuperCantTouchThisCookie,

      Then Stop-HAMMERTIME!Cookie

  2. Vaporware by Anonymous Coward · · Score: 5, Insightful

    The company says that Nevercookie will be available as a free download later this month.

    Premature story.

  3. Well... by Anonymous Coward · · Score: 3, Funny

    As an Anonymous Coward, I'm really getting a kick out of this plugin.

  4. Coming later this month by Amorymeltzer · · Score: 5, Insightful

    I look forward to reading this exact same story, except with details, in less than a month.

    --
    I live in constant fear of the Coming of the Red Spiders.
    1. Re:Coming later this month by unixan · · Score: 3, Insightful

      I look forward to reading this exact same story, except with details, in less than a month.

      I anticipate reading this exact same story, except with less details, yet again in a year. I coin this the secondary Slashdot effect.

      --
      This signature intentionally left unblank.
    2. Re:Coming later this month by UnknowingFool · · Score: 3, Funny

      Less than a month? You must be new here. I look forward to the same story tomorrow. If I'm lucky, the next day too. :P

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  5. virtual machines by Anonymous Coward · · Score: 2, Interesting

    I do almost everything in VMs since it keeps my computer cleaner. My web browsing VM starts from scratch each time I load it (with a random MAC address inside the VM). Only the bookmarks get exported and imported. Evercookie doesn't stand a chance with me.

    To further improve the situation, I have privoxy chained to squid. My iptables rules don't allow the user that runs the VMs to connect to the internet at all, not even dns. Only a connection to the local privoxy proxy which strips all ads and other annoying things.

    It took a while to set this up for sure, but it is secure and most importantly an enjoyable browsing experience.

    1. Re:virtual machines by leuk_he · · Score: 2, Interesting

      You are unique Just like everyone else

      please tell me how unique you are there... (me: one in 627,021 browsers have the same fingerprint as yours.)

      Since you have a special setup i wonder if you can really hide in the crowd.

    2. Re:virtual machines by Amorymeltzer · · Score: 3, Interesting

      That page has got to be faulty. Go to the main link, http://panopticlick.eff.org/ - the results are staggeringly different. That tells me I'm unique out of everyone (>1.2 million) whereas the link given in GP says I'm 1 out of around 85k.

      --
      I live in constant fear of the Coming of the Red Spiders.
    3. Re:virtual machines by stg · · Score: 3, Insightful

      How does Google disallow Ad Blockers? I've been using AdBlock on Chrome for several months now... (before that I just used a filtering proxy)

      I think it's been available since January.

    4. Re:virtual machines by couchslug · · Score: 4, Interesting

      I just use Linux for most of my surfing, but light VMs are very easy to set up and worth doing for the education.

      I like Portable VirtualBox for Windows use because I can make a self-extracting .rar of the complete program with VMs for backup:

      http://www.dedoimedo.com/computers/portable-virtualbox.html

      Grab a light Linux distro like DSL (small download, speedy performance), and install to VM from the .iso:

      http://www.damnsmalllinux.org/

      You can then play with MANY operating systems, and if they screw up, delete their VM. If you have bigger problems, reload by extracting the backup. :)

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    5. Re:virtual machines by sigmoid_balance · · Score: 2, Insightful

      Isn't it better to be more common that to be more unique? Setting the USER-AGENT to something randomly generated will make you unique, but it's it better to "blend in" than to "stand out" ?

    6. Re:virtual machines by mobets · · Score: 2, Insightful

      I think being unique would be fine as long as you are differently unique every time.

      --

      It was me, I did it, I moved your cheese
  6. One hopes... by fuzzyfuzzyfungus · · Score: 5, Insightful

    I hope that this "Nevercookie" addresses the issues raised by "Evercookie" in a systematic way, rather than just defeating Evercookie point-by-point.

    Evercookie's creator explicitly noted that his work was a simple proof of concept, cooked up fairly quickly, as a way of raising the issue of covert persistent data storage on the web. He further noted that people who actually do evil for a living are probably at least as creative as he is, and have a whole lot more time to work on the problem. Simply defeating Evercookie, as released, will probably save you from a few of whatever the analytics world's equivalent of a script-kiddie is; but will do next to nothing against the issues that Evercookie was designed merely to demonstrate...

    1. Re:One hopes... by PRMan · · Score: 2, Insightful

      You're right, we should kill all marketers... ;-)

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    2. Re:One hopes... by gabbott · · Score: 2, Informative

      Check out how it works here: http://www.anonymizer.com/learningcenter/#lc_labs I used nevercookie as sort of a fitness test, but it wasn't designed to only defeat evercookie, it was designed to address the larger problem of tracking via all kinds of local storage mechanisms.

  7. Different than "Supercookies"? by PPCAvenger · · Score: 2, Insightful

    From the end of the article, " Specifically, Nevercookie prevents abuse to both the Adobe Flash Local Storage Object (LSO) and Microsoft's Silverlight Isolated Storage (MIS)." "

      Doesn't BetterPrivacy already eliminate LSOs and other stored data?

      I don't have Silverlight so I don't know if it eliminates that data but unless these "Evercookies" are somehow different than "Supercookies" you can eliminate this issue right now.

  8. Re:Are Chrome Users Still Defenceless? by SatanicPuppy · · Score: 2, Insightful

    I can't stand browsing without Noscript, and there is no equivalent for Chrome. That's pretty much it for me.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  9. Re:Are Chrome Users Still Defenceless? by eln · · Score: 3, Insightful

    Chrome is made by Google, which is essentially a data mining company. Why would you expect them to have any desire to help their users eliminate these sorts of tracking cookies?

  10. Re:Are Chrome Users Still Defenceless? by jgagnon · · Score: 2, Informative

    Check out Notscripts:

    https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn

    --
    Remember to maintain your supply of /facepalm oil to prevent chafing.
  11. hey guys by gabbott · · Score: 5, Informative

    My name is Geoff and I created "nevercookie". I'm a researcher at Anonymizer. I can assure you all that it is not vaporware, it works and has been pretty thoroughly tested, it's just that marketing wants to brand it and make it all slick before we release it to the general public (which should be in a week or two). I've sent out a few beta versions for friends in the security field to test out, and I might be able to send out a few more if anyone is interested in field testing it early (I'll ask my boss). To address concerns about how it works, it's pretty simple actually. When private browsing mode in firefox is initiated, the external data storage of Flash and Silverlight is quarantined (this is done because the browser normally can't touch these things cause they are browser independent, this is the most obvious place that an evercookie can respawn from (unless you clean it manually)). Then a clean, temporary user profile is spawned for the current browsing session, eliminating any lingering cached data. There's actually a decent explanation here: http://www.anonymizer.com/learningcenter/#lc_labs