Enter the Evercookie

October 22nd, 2010

Computer SecurityYou don’t have to be a hard-core geek to know how some websites use cookies to identify your computer and track your internet browsing habits. But it’s just too easy to disable and/or delete browser cookies, so the organizations involved have been looking for better methods. The goal is to save information across page visits and browser sessions, and there are quite a few ways to accomplish this. Flash cookies use the local storage capabilities of the Adobe Flash Player. These have given rise to zombie cookies, where a deleted browser cookie is recreated from the Flash cookie. HTML 5 has a client-side database storage capability that makes me wonder just what they were thinking when they developed the standard. And finally there’s the Evercookie, which uses every trick in the book and is quite hard to remove. My favorite is how it encodes the cookie data as an image file, which is stored in the browser’s cache to be later read back and decoded.

Update: Ars Technica tells us that it’s technically possible to kill the Evercookie.

Leave a Reply


HTML: You can use these tags.