×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Introducing the Invulnerable Evercookie

CmdrTaco posted more than 3 years ago | from the evil-and-clever dept.

Privacy 332

An anonymous reader writes "Using eight different techniques and locations, a 'security' guy has developed a cookie that is very, very hard to delete. If just one copy of the cookie remains, the other locations are rebuilt. My favorite storage location is in 'RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out' — awesome."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

332 comments

Not hard to beat at first glance. (4, Informative)

grub (11606) | more than 3 years ago | (#33660878)


evercookie is written in JavaScript and additionally uses a SWF (Flash) object for the Local Shared Objects and PHP for the server-side generation of cached PNGs.
[...]
If a user gets cookied on one browser and switches to another browser as long as they still have the Local Shared Object cookie, the cookie will reproduce in both browsers.


Well, the site's EXAMPLE failed on my box. That's NoScript at work. If you use BetterPrivacy (another FF extension), it removes the LSO at browser shutdown.

YMMV

Re:Not hard to beat at first glance. (4, Insightful)

Shrike82 (1471633) | more than 3 years ago | (#33660956)

That's NoScript at work. If you use BetterPrivacy (another FF extension), it removes the LSO at browser shutdown. YMMV

I take your point, but most people use neither of these things and will be at the mercy of persistent tracking. Of course anyone who doesn't know what a cookie is probably won't be affected by this in any way (i.e. they're already being tracked through regular cookies). Especially since "Private Browsing" modes have been shown to retain information.

Re:Not hard to beat at first glance. (1)

grub (11606) | more than 3 years ago | (#33661042)


but most people use neither of these things

True enough. My brother uses FF and AdBlock+ but won't install NoScript. Flat out refuses to, saying he hates having to whitelist everything. I've tried explaining that over (reasonable) time the sites you visit are all categorized and you rarely need to add exceptions. Even newly visited sites are fine much of the time.

"Give Me Convenience or Give Me Death" as the Dead Kennedys album says...

Re:Not hard to beat at first glance. (2)

BrentH (1154987) | more than 3 years ago | (#33661154)

NoScript (and NotScript, which I use in Chromium these days) should have an option to tenp-allow JS from the domain you're on automaticaly. I think it would get n00b-proof for non-techies to use it.

Re:Not hard to beat at first glance. (1, Informative)

Anonymous Coward | more than 3 years ago | (#33661508)

NoScript (and NotScript, which I use in Chromium these days) should have an option to tenp-allow JS from the domain you're on automaticaly. I think it would get n00b-proof for non-techies to use it.

It (NoScript) does.

You can Temp allow all, or just temp allow certain domains. Close your browser and they are blocked again on your next visit.

Re:Not hard to beat at first glance. (4, Informative)

Kvasio (127200) | more than 3 years ago | (#33661552)

running browser in Sandboxie would also do the trick

Re:Not hard to beat at first glance. (2, Informative)

Anonymous Coward | more than 3 years ago | (#33661414)

True enough. My brother uses FF and AdBlock+ but won't install NoScript. Flat out refuses to, saying he hates having to whitelist everything. I've tried explaining that over (reasonable) time the sites you visit are all categorized and you rarely need to add exceptions. Even newly visited sites are fine much of the time.

Use PrefBar [mozdev.org].

Cost: One horizontal toolbar's worth of vertical space.

Benefit: User-configurable single-click access to toggle checkboxes that control not only Javashit, Flash, and Java, but also automatic geolocation reporting, image loading (tired of seeing 10 copies of an almost-NSFW 300x480 .gif of bouncing boobs that some idiot used as a .sig when all you want to do is read about how his turbocharger install went?), colors (hate that web designer who put red text on a blue swirly background?), cookies, send-Referrrer-ID, a dropdown to select a user-agent (lookin' at you ExpertSexChange, who hides the answer from everyone but the Google Crawler), and more.

Re:Not hard to beat at first glance. (5, Insightful)

h00manist (800926) | more than 3 years ago | (#33661482)

who doesn't know what a cookie is probably won't be affected by this in any way (i.e. they're already being tracked through regular cookies).

There's all kinds of databases on people available. Search and you shall find.

All data circulates easily and is simply very hard to stop. It is indeed like speech, it just happens, anyone can do it. Copyrighted data, personal data, credit data, secret data, whatever. Bottom line, gathering and selling various gray-black-market data is illegal immoral etc, and very doable and very interesting for companies and organizations of all types. Not unlike downloading movies is for many - illegal but easy and interesting data. It's the interests that are different.

Re:Not hard to beat at first glance. (2, Informative)

Inda (580031) | more than 3 years ago | (#33660986)

Failed for me too.

The text displayed, an error was generated, then "The page cannot be displayed"

Internet Explorer cannot open the Internet site http://samy.pl/evercookie/ [samy.pl]. Operation aborted

Re:Not hard to beat at first glance. (2)

JustABlitheringIdiot (1773798) | more than 3 years ago | (#33661214)

Well, the site's EXAMPLE failed on my box. That's NoScript at work. If you use BetterPrivacy (another FF extension), it removes the LSO at browser shutdown.

So NoScript blocks this? It also says on the page that clearing the LSO will no matter so I don't think that BetterPrivacy will help with this.

"That's the great thing about evercookie" (3, Insightful)

tomalpha (746163) | more than 3 years ago | (#33660886)

From TFA:

That's the great thing about evercookie

I disagree. Strongly.

I guess it's good that this is out in the open so we know about it, and hopefully the major browsers can all do something to help prevent it. But still: don't like, don't like at all.

Re:"That's the great thing about evercookie" (4, Interesting)

Pharmboy (216950) | more than 3 years ago | (#33661036)

You can't blame someone for a "method" when it is openly explaining how it is doing what it is doing, using the existing software. Yes, he is pushing it as a "feature", when it is in fact due to a flaw in the overall design of all browsers. It is much better for the information to be released like this than to find out a year after it is fully integrated into every piece of malware.

Hacking at its finest.

Re:"That's the great thing about evercookie" (5, Informative)

Anonymous Coward | more than 3 years ago | (#33661126)

it's not his research either. this has already been observed in the wild and already reported by ars technica.

http://arstechnica.com/tech-policy/news/2010/08/ad-firm-sued-for-allegedly-re-creating-deleted-cookies.ars

the advertisement company got already sued for it.

Re:"That's the great thing about evercookie" (1)

Lion XL (1849898) | more than 3 years ago | (#33661632)

yes, but now he has not only exposed these flaws, but created a working proof of concept which will only spur black hat usage. I see no reason why a a cookie needs to be persistent forever!!!

Bot writers will definitely exploit this, as will malware writers. I guess its time for me to jump on the 'I HATE JS TRAIN', even though I need to use it daily at work...

Why cant people accept and use things as they were intended? I mean..OK..its great he pushed the envelope, very creative, very insightful...but do we need it? Have we not yet learned that once Pandora's box is open you cant just shut it?

Re:"That's the great thing about evercookie" (2, Informative)

Moryath (553296) | more than 3 years ago | (#33661100)

No kidding. It was bad enough in the days when there were all sorts of cookies throwing illegal characters (wildcards, normally path-related characters, etc) in the filename to prevent deletion. Particularly when the "cookie" itself didn't actually have data, they just tried to stick every bit of info into the fucking filename.

And of course there have been all the programs that hide "registration" data - or even, sometimes, "never work again" flags - somewhere deep in randomly-named registry keys as pure numeric values to be next-to-impossible to hunt down unless you know precisely what you're looking for. I remember one of these that had a bomb in it designed to fuck up the program if you changed your system clock more than a few hours (non-permanent license, paranoid schizophrenic fucktards at the company afraid that people would reset their clock to keep the program running...Hi SPSS!) Boy was my coworker surprised when she went overseas and tried to resync her laptop to local time.

But just wait, pretty soon someone's going to take the Everlasting Gobstopper Cookie, add in a more malicious payload, and we're off to the races. There's no possible justification for this project.

Re:"That's the great thing about evercookie" (4, Insightful)

PhilHibbs (4537) | more than 3 years ago | (#33661178)

There's no possible justification for this project.

"To show everyone what the black hats and spammers are going to be doing", sounds good enough to me.

Re:"That's the great thing about evercookie" (1)

clone53421 (1310749) | more than 3 years ago | (#33661430)

It was bad enough in the days when there were all sorts of cookies throwing illegal characters (wildcards, normally path-related characters, etc) in the filename to prevent deletion. Particularly when the "cookie" itself didn't actually have data, they just tried to stick every bit of info into the fucking filename.

That would be a bug in Internet Explorer which moronically uses the system filesystem to index cookies instead of storing them in a more sane data structure. If it didn’t sanitize the names properly before creating files, well, that’s just icing on the cake when it comes to stupidity...

Remember? (3, Interesting)

Pojut (1027544) | more than 3 years ago | (#33660894)

Remember a time back in the mid-to-earlylate 90's when cookies had a super negative connotation to them? I find it interesting how integral they've become to experiencing the Internet in a timely fashion...

Re:Remember? (1)

Haedrian (1676506) | more than 3 years ago | (#33660930)

I sincerly doubt that evercookie has any use which isn't tracking.

Why else would you need a cookie which is hard to delete? You think saving your login information so that it is rebuilt when you press logout is a good idea?

Re:Remember? (1)

ByOhTek (1181381) | more than 3 years ago | (#33661114)

it's purpose is to inform us of the issues so they can be fixed ASAP (rather then ignored while people 'roll there own' and get away with it for longer).

Re:Remember? (1)

IndustrialComplex (975015) | more than 3 years ago | (#33660954)

Remember a time back in the mid-to-earlylate 90's when cookies had a super negative connotation to them? I find it interesting how integral they've become to experiencing the Internet in a timely fashion...

How integral is it? I'm half suspicious and half curious. What can cookies do from a user perspective (Not interested in the ever so delightful 'targeted ads') that can't be accomplished by simply allowing your browser to manage your passwords and not the site? Granted it's how the site knows to keep you logged in right? Other than that, why do any of them need to persist and be public to other sites?

I've not ever designed something that needed cookies, so I'm ignorant on this subject.

Re:Remember? (4, Informative)

Haedrian (1676506) | more than 3 years ago | (#33660998)

Well, html is unable to save session information. So you need cookies for that. There is no other reliable and non-user-unfriendly alternative.

When you 'log in', you are given a cookie, which the page reads and uses to identify you. That's one of the more common 'useful' uses for cookies.

Cookies can also store small amounts of data in them (ever been to a website which tells you "Pick Language" and then lets you "[ ] Always remember this choice"? That's also a cookie.

And last but not least, they're good at identifying you so that other adverts (on other sites) note the cookie and are able to link your presence on Site A to the one on Site B then data-mine

Re:Remember? (1)

drinkypoo (153816) | more than 3 years ago | (#33661074)

Well, html is unable to save session information. So you need cookies for that. There is no other reliable and non-user-unfriendly alternative.

Yes, there is. It's called hidden form values, and it's actually more reliable than cookies, because you can't trivially block them.

Re:Remember? (1)

Haedrian (1676506) | more than 3 years ago | (#33661138)

Do those work if you leave the site and return agian?

If I go to slashdot and post a bit. Close the tab and go there again will the hidden form values persist? The way my (quick research) understood them is similar to appending stuff to the URL, except that it doesn't show.

Re:Remember? (1)

drinkypoo (153816) | more than 3 years ago | (#33661306)

Do those work if you leave the site and return agian?

Nope. But then, neither do cookies, necessarily; a user might have them disabled. Lots of sites force you to log in on every visit and browsers remember passwords these days so it's a totally valid model.

Re:Remember? (1)

somersault (912633) | more than 3 years ago | (#33661396)

For a site like Slashdot that's running a database back end, all the session info could be stored directly on the database, so the only thing you need on the client side is the identification cookie.

You're kind of correct about the hidden form variables, though the thing that will determine whether data shows in the URL or not is whether the form submits via GET or a POST.

Re:Remember? (1)

imakemusic (1164993) | more than 3 years ago | (#33661416)

Also how would hidden form values persist when clicking on links? I imagine you'd have to set up each page as one big form... It doesn't sound ideal.

Re:Remember? (1)

gorzek (647352) | more than 3 years ago | (#33661422)

Hidden form values would basically be passed along to each page for the duration of your session at the site. As soon as you close that tab, that state is lost and you'd have to login again.

Cookies get a bad rap but they're pretty useful for most sites. It's just the tracking cookies used to log your browsing history that have given them a bad reputation. But you can thwart those easily by using a custom hosts file, such as the one located on this page [mvps.org].

Re:Remember? (1)

nstlgc (945418) | more than 3 years ago | (#33661370)

Except for that they don't get transmitted from page to page unless you're doing form submissions. Kind of a big deal, I'd say...

Re:Remember? (1)

drinkypoo (153816) | more than 3 years ago | (#33661528)

Except for that they don't get transmitted from page to page unless you're doing form submissions. Kind of a big deal, I'd say...

If you're using a CMS then it's trivial to make all links into form submissions one way or another, you don't even need javascript. Not a big deal, I'd say...

Re:Remember? (1)

DrgnDancer (137700) | more than 3 years ago | (#33661496)

Unless something has changed recently in HTML, hidden values on forms are a much inferior method for storing state than cookies. Typically when a cookie is being used to store state (as opposed to to tracking info or something) is only stores a session ID. That session ID is the index to all of your stored values on the server. Let's say you have a multipage form, on the first page you enter your name, address and phone number, n the second your credit card information. The information from the first page isn't stored in the cookie and sent back and forth, it's stored on the server and a session ID identifies it. The ID is sent back and forth. This has the dual benefit of reducing bandwidth and reducing the number of times your info is sent back and forth (making it vulnerable to interception).

You could in theory send session IDs back and forth via hidden field data, but anytime there was a interruption in the session: You accidentally close the tab, your browser crashes, your Internet connection goes wonky and refuses to load the next page, You click a non-form link on the site, whatever... you'll have to start over. Because the session ID only exists on the page you currently have up, hidden in the HTML, not in a data structure (like a cookie).

Re:Remember? (1, Funny)

Anonymous Coward | more than 3 years ago | (#33661590)

Because every anchor you click submits a form? Don't be stupid.

Re:Remember? (1)

cheater512 (783349) | more than 3 years ago | (#33661014)

why do any of them need to persist and be public to other sites?

so I'm ignorant on this subject.

Erm they arent public to other sites?

HTTP has no 'state' information. Two hits from one user could very easily be two separate hits from two separate users.
There is no way to know without cookies. You dont exactly want the guy next to you getting logged in to your Twitter account.

Persistent cookies (that stay when you close your browser) are needed for stuff like 'Keep me logged in'.
Again, no other possible way to do it without cookies.

And now... (4, Insightful)

Haedrian (1676506) | more than 3 years ago | (#33660898)

Whenever someone goes through all the trouble of adding additional ways of tracking people - someone goes through all the trouble of finding ways of removing it.

There's no such thing as Invulnerable - See also: DRM and Copy-Protection

Re:And now... (2, Insightful)

cheater512 (783349) | more than 3 years ago | (#33661064)

No, but the people who do the tracking dont care about you.
They want everyone else who doesnt try to evade tracking, which is a lot more people.

Re:And now... (1)

Haedrian (1676506) | more than 3 years ago | (#33661176)

So why would they need an "Invulnerable" cookie to do that?

If you're raising the bar to block people who purposely take down your ad cookies - you're expecting the same subset to attempt to take down your super-cookie.

Re:And now... (1)

imakemusic (1164993) | more than 3 years ago | (#33661456)

Some people don't care as much as the average Slashdotter about tracking but will still clear their cache and cookies once in a while. It would be better (from the advertiser/tracker's point of view) if they didn't do that as it makes you (a bit) harder to follow.

Personal browsing habits for sale (1)

h00manist (800926) | more than 3 years ago | (#33661084)

Yes but a great many people have had all their web browsing habits for sale for a long time. The tracking works.

Do these people have no concept of web design? (0)

Anonymous Coward | more than 3 years ago | (#33660900)

State of the art technology, website from the early 90s. Brilliant.

Re:Do these people have no concept of web design? (2, Informative)

SQLGuru (980662) | more than 3 years ago | (#33661344)

Programmers don't always equate to good designers. And good designers probably aren't good programmers. (Exceptions exist, but true for the most part).

Otherwise, we wouldn't have terms like "programmer art".

Reminds me of IE (0, Offtopic)

bogaboga (793279) | more than 3 years ago | (#33660952)

This cookie that is very hard to delete reminds me of IE bundled with Windows XP that I also failed to remove from my system. Even after manually deleting the program, typing `iexplore` at the run prompt would fire off IE without a hitch. What is man to do?

Re:Reminds me of IE (1)

BlindBear (894763) | more than 3 years ago | (#33661158)

Ubuntu fixes most windows problems

Re:Reminds me of IE (0)

Anonymous Coward | more than 3 years ago | (#33661272)

A real Unix system fixes most Linux problems

Re:Reminds me of IE (0)

Anonymous Coward | more than 3 years ago | (#33661332)

A real Unix system fixes most Linux problems

Which is great, if you like a 15+ year old user interface, and I'm not talking about the GUI.

Re:Reminds me of IE (1)

somersault (912633) | more than 3 years ago | (#33661492)

Problems such as games not being developed natively? Sweet, sign me up! Unless you're going to point me to OSX. I installed Ubuntu on my MBP to get around OSX problems.

Re:Reminds me of IE (0)

Anonymous Coward | more than 3 years ago | (#33661460)

Perhaps you should stop 'sperging and not try to delete system components

The PNG thing isn't that unexpected (1)

vadim_t (324782) | more than 3 years ago | (#33660960)

Now the history brute forcing is creative, and rather creepy as well. Browsers should close that hole.

And this why a Sandbox is great. (0)

Anonymous Coward | more than 3 years ago | (#33660970)

Right Click -> Delete Sandbox. Done ! Next Cookie....

I just ate a cookie... (0)

Anonymous Coward | more than 3 years ago | (#33660974)

it was yummy! Has anybody tried an evercookie yet?

Re:I just ate a cookie... (0, Offtopic)

TaoPhoenix (980487) | more than 3 years ago | (#33661134)

Jesus spoke from the heavens. He wants his cookie that can feed the multitudes back.

Cookie found: id = (1)

evanh (627108) | more than 3 years ago | (#33660990)

Doesn't work so well without javascript.

Re:Cookie found: id = (0)

Anonymous Coward | more than 3 years ago | (#33661054)

I tried it in Chrome with Javascript enabled and it still didn't work.

virus (1)

tokul (682258) | more than 3 years ago | (#33661022)

It is not a cookie, but virus written in Javascript. What is next?

Re:virus (1)

maxume (22995) | more than 3 years ago | (#33661092)

The various techniques used have a lot more in common with cookies than they do viruses. And you have to visit a website with the javascript to make it all work.

Developers take note (5, Insightful)

Monoman (8745) | more than 3 years ago | (#33661032)

If you have to go to great lengths to work around customers doing things like deleting cookies then you are doing something wrong or evil.

Re:Developers take note (2, Insightful)

Sarten-X (1102295) | more than 3 years ago | (#33661170)

...or you're doing something that users expect to "just work". My grandmother had a perfectly fine time using GMail, until my uncle heard that cookies should be deleted for privacy. I got a phone call after that where I had to figure out why "email isn't working".

I can see valid uses for this, and I can see malicious uses. I suppose it's good that something's out there making us developers think about these techniques.

Re:Developers take note (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33661418)

That's not a problem with cookies being easy to delete, that's a problem with the user not understanding what they're deleting. In the same way that making it imposible to delete word documents is a bad idea, making it imposible to delete cookies serves no beneficial purpose to the user.

Re:Developers take note (1)

h00manist (800926) | more than 3 years ago | (#33661530)

If you have to go to great lengths to work around customers doing things like deleting cookies then you are doing something wrong or evil.

Yes. And therefore someone will pay you more for it. The choice is up to each one. But let's not be naive, lots of people are doing it, for a long time now, and getting away with it just fine.

nietzsche quote applies: (1)

circletimessquare (444983) | more than 3 years ago | (#33661040)

"when you look into the abyss, the abyss also looks into you"

cookies by steganography?

game over

i suppose you can browse without flash, javascript, cookies, AND images disabled. but that's not exactly a rockin' web experience

Re:nietzsche quote applies: (2, Interesting)

smallfries (601545) | more than 3 years ago | (#33661236)

Why would you need to? Cached images don't get uploaded during normal page rendering. You need some sort of client-side scripting to look at the cached image. So disabling flash and javascript would be enough to turn this into a normal cookie, and disabling cookies as well would defeat it completely.

My browser was setup that way already, but that's just the way I roll...

Not Really (3, Insightful)

Greyfox (87712) | more than 3 years ago | (#33661240)

It might just drive more users to noscript and flashblock. I have to explicitly trust a site before I allow it to do those things, and if I happen to run across a site that requires them during casual browsing, I do not allow them access to those capabilities. If you're the sort to look over your shoulder that much, being able to browse the web with some level of comfort should more than offset any degradation of the web experience.

Advertisers and site operators might complain that this behavior costs them revenue, but they should have thought about that before going all Big Brother on us. If you're going to try to trick me into clicking an ad on your site, I don't want anything to do with your site anyway. And I do occasionally click through ads on Slashdot and Google.

Browser on a VM then? (4, Interesting)

Natales (182136) | more than 3 years ago | (#33661044)

This leaves me no option but running my browsing session in an undoable-mode VM, where after a reboot, all comes back to the previous state. Will this be the only way to maintain my privacy going forward?

Re:Browser on a VM then? (0)

Anonymous Coward | more than 3 years ago | (#33661348)

Looks like something on the TODO list would make it so even that is not a safe option.
From the site: TODO: adding support for Silverlight Isolated Storage, and using Java to produce a unique key based off of NIC info

Re:Browser on a VM then? (1)

h00manist (800926) | more than 3 years ago | (#33661574)

This leaves me no option but running my browsing session in an undoable-mode VM, where after a reboot, all comes back to the previous state. Will this be the only way to maintain my privacy going forward?

It would help, but ideally you would be able to run each browser tab in a different virtual machine partition.

Privacy for 99% of people doesn't exist (2, Interesting)

h00manist (800926) | more than 3 years ago | (#33661060)

Perhaps on paper there are privacy rights, but to a large extent only on paper. Some privacy (and security) exists for those who can pay for it, or know how to implement it.
- Hard question - if actual privacy is only for a few, who largely use it as cover to secretly abuse the rights of the other 99%, are we defending privacy rights just for them? Put simply, transparency in government and management, accountability, public participation, are not very compatible with secrecy.

Tor users (1)

RavenUK2600 (561376) | more than 3 years ago | (#33661066)

Will this affect users of Tor?

Visit a website through Tor.
Receive evercookie in Private Browsing Firefox.
Stop using Tor.
Tor user (now not anonymous) identified through evercookie
???
Profit

Do any of these techniques survive the browser's privacy scrubbing features?

Action already taken (0)

Anonymous Coward | more than 3 years ago | (#33661162)

Privacy International have passed this on to a lawyer in the US who specialises in these cases and also published an open letter to the European Commission today about it:

http://tinyurl.com/3ac8vhd

Rest assured, if this is discovered in the wild, legal action will be forthcoming.

force-cached PNG's (1, Informative)

muckracer (1204794) | more than 3 years ago | (#33661172)

So basically if you clear your cache, as well as your cookies/LSO's all should be well. At least at the end of the browser session.

Another YAYdiots to the Mozilla Developers, for scrapping one of the best features in FF: Clearing the History window on exit. So sad you need an extra extension now what, as this story demonstrates again, should be an integral and visible part of any browser.

Re:force-cached PNG's (1)

mdm-adph (1030332) | more than 3 years ago | (#33661248)

Are you talking about the Firefox 4.0 beta? Because in the latest version of 3.6, you can still set it to clear the history on exit in the normal settings.

Re:force-cached PNG's (1)

muckracer (1204794) | more than 3 years ago | (#33661504)

> Because in the latest version of 3.6, you can still set it to clear the history on exit in the normal settings.

I am talking about having a visible "Clear History" window pop up on exit. One that has your pre-set choices from the browser preferences already checked, with the option of overriding the defaults.

Yes you still can delete the history automatically, but there is no indication that this actually is taking place.
It's less about what's being done or not...it's about *knowing*...in a very clear and obvious way...that something to protect your privacy is being done.
I have/had set this feature (never was browser default which is another FAIL IMHO) for everybody I hooked up with Firefox. Everybody loved it and thought it was very nice and helpful for the Firefox people to be concerned about their privacy (this is normal people we're talking about). They even started taking things more serious and checking things I had left out from the default settings (like browsing history). They became *aware* that it's even an issue.
Features like that is where the browser and other programs can distinguish themselves. When everybody started hyping IE and its 'private browsing', my friends merely shook their heads and wondered why...

The BetterPrivacy Plugin btw. is a poor replacement since the window is a lot uglier, suffers from sizing issues etc.. Aside from the fact, that people need to first install it to redo functionality that was inexplicably removed from FF.

Re:force-cached PNG's (1)

CRCulver (715279) | more than 3 years ago | (#33661300)

Another YAYdiots to the Mozilla Developers, for scrapping one of the best features in FF: Clearing the History window on exit. So sad you need an extra extension now what, as this story demonstrates again, should be an integral and visible part of any browser.

Firefox's built-in Private Browsing already does this.

Re:force-cached PNG's (1)

muckracer (1204794) | more than 3 years ago | (#33661630)

> Firefox's built-in Private Browsing already does this.

No, it doesn't. It's, although they overlap, a separate issue altogether.

Private browsing will not save pretty much anything while browsing (and subsequently leave no traces on exit). Certainly not a bad thing but somewhat unnecessary since:

Clearing the history on exit removes everything you check(ed). This gives you much more flexibility in multiple ways. The private browsing mode you mention may only be turned on during parts of the browsing session. So you still have data, and to stay on-topic, cookies from sites you went to while not in private browsing mode.
You may also decide to remove only parts of saved information. For example, you may elect to remove cookies but not the browsing history so you still have your blue already visited links. Even if set that way by default you can elect to keep the cookies because you're interrupting a shopping session (is that even possible in private browsing mode?) and want to keep your shopping cart between browser restarts.

Etc..

CSS (1)

roman_mir (125474) | more than 3 years ago | (#33661210)

How about also adding CSS cookies as part of this cool evercookie thing? I am interested at looking into it. CSS has to have something there, some values to be stored as part of style sheet and then upon loading of the page check for CSS settings to get the values back. hhmmmmmmm.

The data black market (1)

h00manist (800926) | more than 3 years ago | (#33661216)

The massive data black market has a little more information on you available. Its more expensive and harder to buy, but very available.

re-introducing the undefeatable human spirit (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33661286)

it may not be exactly what you think (have been highly trained to believe) it is?

meanwhile; (& who's worried about the 'sea parting', while in bohemia (where they're sucking DOWn stuff, & feasting on nubile virgins) they've conclude that we should be treated like monkeys because that's our lineage (not theirs?)?

the search continues;
google.com/search?hl=en&source=hp&q=weather+manipulation

google.com/search?hl=en&source=hp&q=bush+cheney+wolfowitz+rumsfeld+wmd+blair+obama+weather+authors

meanwhile (as it may take a while longer to finish wrecking this 'universe'); the corepirate nazi illuminati is always hunting that patch of red on almost everyones' neck. if they cannot find yours (greed, fear ego etc...) then you can go starve. that's their (slippery/slimy) 'platform' now. see also: http://en.wikipedia.org/wiki/Antisocial_personality_disorder

never a better time to consult with/trust in our creators. the lights are coming up rapidly all over now. see you there?

greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of our dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one, & the terminal damage to our atmosphere (see also: manufactured 'weather', hot etc...). see you on the other side of it? the lights are coming up all over now. the fairytail is winding down now. let your conscience be your guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on your brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

"The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."--

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson

no need to confuse 'religion' with being a spiritual being. our soul purpose here is to care for one another. failing that, we're simply passing through (excess baggage) being distracted/consumed by the guaranteed to fail illusionary trappings of man'kind'. & recently (about 10,000 years ago) it was determined that hoarding & excess by a few, resulted in negative consequences for all.

consult with/trust in your creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land." )one does not need to agree whois in charge to grasp the notion that there may be some assistance available to us(

boeing, boeing, gone.

I've heard of Zombie Cookies... (1)

Even on Slashdot FOE (1870208) | more than 3 years ago | (#33661302)

But some sort of Dracula cookie that has minions to bring it back from the dead? I think we need Belmont cookie hunters now.

Die monster! You don't belong in this world!

Invulnerable Cookie??! (0)

Anonymous Coward | more than 3 years ago | (#33661386)

The cookie monster is not going to be amused!

Anti-Evercookie (0, Redundant)

Madm3rlin (1900090) | more than 3 years ago | (#33661412)

Who else sees this leading to awesome exploits down the road? What is the best way to avoid the evercookie?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...