Un-killable 'Evercookie' Killed ... Sometimes
186
Trailrunner7 writes "The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user's machine, known as the 'Evercookie,' is even more worrisome when used on mobile devices, according to another researcher's analysis. The Evercookie is a simple method for forcing a user's machine to retain browser cookies by storing the data in a number of different locations. The method also has the ability to recreate deleted cookies if it finds that the user has removed them. Created by Kamkar as a demonstration of a way that sites could use to persistently track users even after they clear their browser cookies, the Evercookie has drawn the attention of a number of other researchers who have spent some time looking for methods to defeat it. A researcher in South Africa took a look at the way the the Evercookie works on both Safari on the desktop and on mobile devices, and found that it can be undone in some circumstances. However, he also found that the mobile version of Safari fares far worse in its handling of the Evercookie than the standard version does."
Evercookie is clever (Score:4, Informative)
Well for Linux anyway (Score:5, Informative)
If I don't block the domain cookie creation then just a standard cookie is created.
Re:Solution: (Score:3, Informative)
Don't accept cookies.
No, not a solution. RTFA. It doesn't matter whether you accept cookies or not. The only two methods of protection are (a) use Safari in private browsing mode, and quit and restart the browser between each and every site; or (b) block absolutely all javascript everywhere without any exception ever. Neither of these is really satisfactory.
Plus, these evercookies transfer from one browser to another because they get stored as LSOs.
Re:Well for Linux anyway (Score:4, Informative)
Make the folder ~/.macromedia read only. Works with Linux, but not in Windows.
I just tried it under linux.
When I made the empty ~/.macromedia directory read-only, the flash plugin consistently crashed.
So I made sure that Flash_Player sub-folder was created by the plugin first, deleted any cookie files and then did a recursive chmod -R a-w ~/.macromedia and it seems to work fine now.