Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beta Version of Nevercookie Released

Posted by Soulskill on from the om-nom-nom dept.

wiredmikey writes "Anonymizer has released a beta version of Nevercookie, the recently announced Firefox plugin designed to protect against the Evercookie, a JavaScript API built and made available to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. Evercookie is a more persistent form of cookie that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage."

11 of 77 comments (clear)

  1. Excellent.. by Lanteran · · Score: 2, Insightful

    but as usual, only the technologically inclined who also care about privacy will use it. That is, not many.

    --
    "People don't want to learn linux" hasn't been a valid excuse since '03.
    1. Re:Excellent.. by asa · · Score: 4, Insightful

      It's worth remembering that everything a corporation tracks and stores is subject to subpoena or outright theft by the US Government. Tracking isn't ephemeral. There are increasingly large "profiles" of you being stored in databases of some very large corporations and if you really believe that those are safe and secure from prying eyes, whether it's employees of those companies, insurance companies that want nothing more than can charge you more or drop your policy, or government agencies who are convinced you're a threat to national security, you're sadly mistaken.

  2. Cat and mouse by Anonymous Coward · · Score: 1, Insightful

    How long till EverEverCookie?

    But kudos to the developers and ff (I am sure other browsers are not too far).

  3. A useful virus by girlintraining · · Score: 2, Insightful

    For just once, can someone design a trojan/worm that updates browsers to include useful addons like this instead of trying to steal banking information? Just sayin'.

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. How did we get into this mess? by Anonymous Coward · · Score: 1, Insightful

    You could always disable cookies. Then the website requires cookies, and if you really want to use it, you accept cookies. The browsers could have had a setting that said, "delete cookies when navigating away from a domain in this list", but they didn't do that. So. I guess that's how we got into this mess.

    As for browsers allowing a cookie to set stuff in obscure locations all over the system; that sounds like a bug that should have been fixed a long time ago. As for allowing 3rd parties to access cookies, that also seems like a bug--unless you also controlled that with another list. Yes. It should be a PiTA for users to have to modify a list in order to make your site work. That way, maybe you'll stop being a douche. Maybe.

  5. Keep your hands to yourself. by westlake · · Score: 3, Insightful

    For just once, can someone design a trojan/worm that updates browsers to include useful addons like this instead of trying to steal banking information? Just sayin'.

    Tell me how you quarantee an innocent and useful payload.

    Tell me why geek the who unleashes a trojan has won the right to decide how users should manage their systems.

  6. blargh by gabbott · · Score: 4, Insightful

    Yeah, for the full privacy package you should combine this extension with an anonymizing proxy that you trust. As far as the panopticlick browser fingerprinting issue, I hope to integrate browser fingerprint manipulation into later versions of Nevercookie. This project is my 20 at work, we get 20% of our time for side projects. And yes, I expect Samy to counter with additional features to Evercookie, I'd be sad if he didn't :P.

  7. Re:If you don't want to be tracked by asa · · Score: 4, Insightful

    They can fingerprint you based on your OS, system fonts, plug-ins, IP address, screen resolution and other exposed hardware capabilities, time zone, etc. Then they can surveil you as you move around the Web and increase the strength of that fingerprint based on the sites you visit that are in their "network" (think about how many properties Google owns from search to gmail to docs to youtube to blogger but then remember also that they can see you at non-googel sites because of adsense and google analytics and youtube embeds and feedburner and sites with re-captcha or google checkout or maps mash-ups or google's site-specific searches.

    You are not anonymous, even if you rebuild your VM every day. You'd have to randomize all the features of your OS and your browser and then you'd have to reboot between pretty much every website you visit.

  8. Why doesn't Firefox just block evercookies? by Anonymous Coward · · Score: 2, Insightful

    Unless I'm reading this the wrong way, evercookies can exist because of flaws in HTML processing. So, why not do something to fill that hole instead of sticking a band-aid on it in the form of Nevercookie?

    1. Re:Why doesn't Firefox just block evercookies? by geminidomino · · Score: 2, Insightful

      So, why not do something to fill that hole instead of sticking a band-aid on it in the form of Nevercookie?

      <mode type='cynical'>
      Because that would endanger their Google funding?
      </mode>

  9. Re:Delete all the cookies you want by Jah-Wren+Ryel · · Score: 2, Insightful

    Or modify the OS clock functions. Few people need that level of precision and a smart modification could average out to zero deviation over the long term. One could even an add an interface to remove skew randomization for specific processes that way the user who cares about such things could "fix" it on a case by case basis.

    --
    When information is power, privacy is freedom.