Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nevercookie Eats Evercookies

CmdrTaco posted more than 3 years ago | from the i-eat-heavy-metals dept.

Firefox 91

wiredmikey writes "Anonymizer, Inc. has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. The plugin extends Firefox's private browsing mode by preventing Evercookies from identifying and tracking users."

cancel ×

91 comments

Sorry! There are no comments related to the filter you selected.

And so another battle rages (5, Funny)

Anonymusing (1450747) | more than 3 years ago | (#34185496)

In development now: ForeverEverCookies, then NeverNeverCookies, then SuperCantTouchThisCookie, then ImGonnaEatYourDamnCookiesForBreakfast.

Re:And so another battle rages (1)

angiasaa (758006) | more than 3 years ago | (#34185556)

Alas, no NeverEverCookies. :)

Re:And so another battle rages (1)

Toe, The (545098) | more than 3 years ago | (#34185560)

I can't wait for the merger with the Firesheep arms race.

NeverSheep, EverBlack, DoubleNeverFireCookieSheep, FrenticEverFireBlackCookie, and eventually... OhYeah? and Yeah! And maybe YoMamma too.

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34186894)

Oh yeah?

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34185564)

Willow: Damn love spell. I have tried every anti-love spell spell I could find.
Anya: Even if you find the right one, the guy would probably just do an anti-anti-love spell spell... spell.

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34185572)

Don't foget the MCHammerCookie.

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34185634)

And of course, NeverGonnaGiveYouUpCookies.

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34185810)

NeverGonnaGiveYouUpCookies development forked a while ago.
You now have the choice between NeverGonnaLetYouDownCookies and NeverGonnaSayGoodbyeCookies.

Re:And so another battle rages (2, Funny)

werfu (1487909) | more than 3 years ago | (#34185768)

Ho yeah, Cookie on cookie action!

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34189002)

Two girls, one cookie.

Re:And so another battle rages (5, Funny)

tom17 (659054) | more than 3 years ago | (#34185778)

then SuperCantTouchThisCookie,

Then Stop-HAMMERTIME!Cookie

Cookies! on a Browser! (0)

Anonymous Coward | more than 3 years ago | (#34186392)

I'm sick of these motherfucking cookies on this motherfucking browser

Re:Cookies! on a Browser! (1)

marcello_dl (667940) | more than 3 years ago | (#34189692)

Yo dawg, I herd you like cookies, so I put a nevercookie in your browser so you can eat cookies while it eats cookies.

Re:NeverEndingCookie! (1)

TaoPhoenix (980487) | more than 3 years ago | (#34186492)

Obligatory:

Click Around - Look at what you see ...
On the Web - spammers, you and me. ...
Underneath the good sites, lies a host of sites unbound
by the rules of ethics, making hell all around!

They track you with the
Never-Ending Cookieeeeeeeee

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34187060)

Will the next "evercookie" be called NeverSayNeverCookie?

Re:And so another battle rages (1)

hesaigo999ca (786966) | more than 3 years ago | (#34188442)

LMAO!!!

Re:And so another battle rages (1)

hesaigo999ca (786966) | more than 3 years ago | (#34188454)

The cookie monster will get you!

Re:And so another battle rages (0)

Anonymous Coward | more than 3 years ago | (#34190006)

Where's my scrumdiddlyumptious cookie?

Re:And so another battle rages (1)

hoytak (1148181) | more than 3 years ago | (#34190496)

Just use NeverCookie -9.

Vaporware (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34185504)

The company says that Nevercookie will be available as a free download later this month.

Premature story.

Are Chrome Users Still Defenceless? (1)

turkeyfish (950384) | more than 3 years ago | (#34185672)

What about Chrome? Why are its users still without a defense? Is this company policy?

I may have to switch back to Firefox. I'm getting crushed by spam using Chrome.

Re:Are Chrome Users Still Defenceless? (1)

bberens (965711) | more than 3 years ago | (#34185800)

I'm honestly curious what you mean by this. What kind of spam are you experiencing? I pretty much only use Chrome these days and haven't noticed anything.

Re:Are Chrome Users Still Defenceless? (2, Insightful)

SatanicPuppy (611928) | more than 3 years ago | (#34186136)

I can't stand browsing without Noscript, and there is no equivalent for Chrome. That's pretty much it for me.

Re:Are Chrome Users Still Defenceless? (0)

Nimey (114278) | more than 3 years ago | (#34186878)

You can tell Chrome to never execute Javascript, then it will pop up a clickable icon at the right end of the address bar allowing you to run JS on a site that uses it.

It's not a complete equivalent, but it'll do in a pinch.

Re:Are Chrome Users Still Defenceless? (1)

bberens (965711) | more than 3 years ago | (#34190578)

If it helps, I use Adblock and Flashblock extensions in Chrome and almost never see any ads at all. I used to use noscript on FF but haven't (yet) found the need to disable javascript on Chrome.

Re:Are Chrome Users Still Defenceless? (3, Insightful)

eln (21727) | more than 3 years ago | (#34186268)

Chrome is made by Google, which is essentially a data mining company. Why would you expect them to have any desire to help their users eliminate these sorts of tracking cookies?

Re:Are Chrome Users Still Defenceless? (1)

vux984 (928602) | more than 3 years ago | (#34188782)

Why would google need a tracking cookie? They've already got you using their browser. They could just hardware any tracking they want directly into the browser.

Re:Are Chrome Users Still Defenceless? (1, Informative)

Anonymous Coward | more than 3 years ago | (#34189960)

Well, depends on what you mean by 'defense'.

Private browsing has issues (see: http://blogs.pcmag.com/securitywatch/2010/08/university_study_finds_problem.php), so evercookie isn't really needed to track non-geeks.

Personally I skip the whole thing and run an instance of my browser of choice (chrome) in an chroot-jailed sandbox when I need a private browsing. After I finish browsing I wipe the sandbox clean and that is that. The only thing I really use incognito mode for is when I need to be logged in on two accounts from the same provider at the same time.

For anyone who's interested on how to set it up:
http://www.howtoforge.com/safe_mirror_unionfs_chroot details the basic technique, though I use aufs2 because I've modified it to run without a separate user and unionfs doesn't unmount properly in that situation.

Re:Vaporware (1)

Anonymous Coward | more than 3 years ago | (#34185682)

Well, Slashdot is usually about 1-6 months late reporting anything, so no doubt this was released quite a while ago.

duke (1)

skywatcher2501 (1608209) | more than 3 years ago | (#34186514)

wait wait, vaporware.. never.. associations coming in.. DukeNukemForNever!!!

duke (0, Redundant)

skywatcher2501 (1608209) | more than 3 years ago | (#34186544)

hmm vaporware.. never ever.. associations coming in.. DukeNukemForNever!!

Well... (3, Funny)

Anonymous Coward | more than 3 years ago | (#34185516)

As an Anonymous Coward, I'm really getting a kick out of this plugin.

Re:Well... (0)

Anonymous Coward | more than 3 years ago | (#34186458)

I don't see how. It's not been released yet.

Re:Nice try... (0)

Anonymous Coward | more than 3 years ago | (#34188064)

Nice try, Steven R. Williamson of 1228 Red Oak Lane, Springfield, Illinois, with bike lock combination 4321.

*rapidly immerses hard drive in vat of corrosive acid*

Coming later this month (5, Insightful)

Amorymeltzer (1213818) | more than 3 years ago | (#34185520)

I look forward to reading this exact same story, except with details, in less than a month.

Re:Coming later this month (1)

FudRucker (866063) | more than 3 years ago | (#34186364)

and a link to get the NeverCookie, I was disappointed when I got to the part where it is not available yet.

or maybe hopefully in the firefox "addons" dialog box will offer it for download, because I want this NeverCookie and I wont forget it

Re:Coming later this month (3, Insightful)

unixan (800014) | more than 3 years ago | (#34186718)

I look forward to reading this exact same story, except with details, in less than a month.

I anticipate reading this exact same story, except with less details, yet again in a year. I coin this the secondary Slashdot effect.

Re:Coming later this month (3, Funny)

UnknowingFool (672806) | more than 3 years ago | (#34187104)

Less than a month? You must be new here. I look forward to the same story tomorrow. If I'm lucky, the next day too. :P

Nevercookie will never show. (0)

Anonymous Coward | more than 3 years ago | (#34187676)

Folks,

I think we'll see Duke Nukem Forever and the Bitboys Oy's "Glaze3d" video card before we'll ever see this "Nevercookie".

virtual machines (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34185550)

I do almost everything in VMs since it keeps my computer cleaner. My web browsing VM starts from scratch each time I load it (with a random MAC address inside the VM). Only the bookmarks get exported and imported. Evercookie doesn't stand a chance with me.

To further improve the situation, I have privoxy chained to squid. My iptables rules don't allow the user that runs the VMs to connect to the internet at all, not even dns. Only a connection to the local privoxy proxy which strips all ads and other annoying things.

It took a while to set this up for sure, but it is secure and most importantly an enjoyable browsing experience.

Re:virtual machines (1)

Whalou (721698) | more than 3 years ago | (#34185606)

Nice setup. I think it would be a curious experience to take a look at your pron collection... :)

Re:virtual machines (2, Interesting)

leuk_he (194174) | more than 3 years ago | (#34185656)

You are unique Just like everyone else [eff.org]

please tell me how unique you are there... (me: one in 627,021 browsers have the same fingerprint as yours.)

Since you have a special setup i wonder if you can really hide in the crowd.

Re:virtual machines (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34185746)

Within our dataset of several million visitors, only one in 418,016 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 18.67 bits of identifying information.

Although it is clearly wrong. It says I don't have javascript or cookies enabled. I do. I am also running chrome in an XP VM.

Funny thing about chrome is that Google will never allow ad blockers, but they allow http proxies. All of my ad blocking is done at that level since it applies to all of my web browsers in all of my VMs, in addition to the computers my family uses. Why would I want an ad blocking plugin when a proxy works so much better?

Re:virtual machines (3, Interesting)

Amorymeltzer (1213818) | more than 3 years ago | (#34185874)

That page has got to be faulty. Go to the main link, http://panopticlick.eff.org/ [eff.org] - the results are staggeringly different. That tells me I'm unique out of everyone (>1.2 million) whereas the link given in GP says I'm 1 out of around 85k.

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34186144)

That page has got to be faulty. Go to the main link, http://panopticlick.eff.org/ [eff.org] - the results are staggeringly different. That tells me I'm unique out of everyone (>1.2 million) whereas the link given in GP says I'm 1 out of around 85k.

The difference is that the previously posted link does not include &js=yes param, where as the link on the main page does.

What this param does is sniff you out using javascript (or not, obviously)

Re:virtual machines (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34186178)

I am the original poster. It says I am unique, but clearly the script has a bug in it. For example it says that my user agent of "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7" is 1 in 14093.54. Very unlikely.

Also I am using stock chrome in stock XP SP3, yet my plugins are 1 in 418108.33 and my fonts are 1 in 553.54. Both are very unlikely. Remember that this is not a worn in XP install. It is virgin (up to date) XP SP3 with chrome installed in it. Hell when I update it, I update the virgin without chrome version of it, and then install chrome in that. I use backed qcow2 images in qemu so that I can always step back to the most virgin version of it when I update it.

None of this is done to prevent tracking or cookies. I just want to prevent malware infections. This uniqueness and cookies stuff is interesting, and I love the EFF, but their site appears to lie to you to make you scared.

Re:virtual machines (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34186482)

I started the VM off from scratch and went back and now I am one in 2327.42 for the (same) user agent. 1 in 139386.78 for the (same) plugins, and 1 in 553.37 for the (same) fonts. Only the fonts number is similar to last time, yet the entire situation is the same. Same fonts, plugins, and user agent. I call shenanigans.

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34189990)

The GP link omits the default &js=yes parameter, so it disables javascript which means a lot of the tests group in the 25% that try the test without javascript.

javascrip. (1)

leuk_he (194174) | more than 3 years ago | (#34194710)

Yes i use the firefox Noscript to only run javascript from trusted sources. I was not aware that the link needed that extension.

Because i am paranoid enough to disable javascript (and disbaleing javascript is also effective against a lot of evercookie stuff)

PS PLease note that if you run the link multiple times you might seem to get less unique, because your setup is detected twice that way.

Re:virtual machines (3, Insightful)

stg (43177) | more than 3 years ago | (#34185934)

How does Google disallow Ad Blockers? I've been using AdBlock on Chrome for several months now... (before that I just used a filtering proxy)

I think it's been available since January.

Re:virtual machines (1)

clang_jangle (975789) | more than 3 years ago | (#34185952)

Within our dataset of several million visitors, only one in 418,016 browsers have the same fingerprint as yours.

Using Opera 10.63 in FreeBSD 8.1, cookies and JS for whitelisted sites only plus using privoxy I get:
Your browser fingerprint appears to be unique among the 1,254,192 tested so far.

Re:virtual machines (1)

beelsebob (529313) | more than 3 years ago | (#34186468)

The test is a lie, refreshing it again tells me I'm still unique.

Re:virtual machines (1)

WoOS (28173) | more than 3 years ago | (#34189114)

Well, switch all your cookies and javascript off and it changes.
The second time *I* was told there was only one other browser with same fingerprint.

I guess with cookies/supercookies it simply stores you have been there before in your browser.

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34185850)

>Within our dataset of several million visitors, only one in 627,080 browsers have the same fingerprint as yours.

I attribute this to the fact that I'm using Opera on Debian.

Re:virtual machines (1)

jcl-xen0n (1926472) | more than 3 years ago | (#34185852)

"Your browser fingerprint appears to be unique among the 1,254,152 tested so far." Geh, that's not especially promising...

Re:virtual machines (1)

lxs (131946) | more than 3 years ago | (#34185940)

I'm a unique and beautiful snowflake apparently. That's what I get for running Opera on Win2K.

Re:virtual machines (1)

GNious (953874) | more than 3 years ago | (#34185962)

I ran this with
1) Firefox, OSX 10.6
2) Lynx, Ubuntu Server 10.4

Except User Agent and ACCEPT headers, they come up with identical stats ....

Meanwhile, the Lynx is more unique than the Firefox ...

Re:virtual machines (1)

SatanicPuppy (611928) | more than 3 years ago | (#34186370)

Mine says:

"Within our dataset of several million visitors, only one in 48,245 browsers have the same fingerprint as yours."

Vanilla XP install, FF, Noscript, etc. Better than I would have thought. Hmmm.

Lol. I switched to IE8 (default config) and got:

"Your browser fingerprint appears to be unique among the 1,254,460 tested so far."

Open Source bias?

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34186644)

Just a reminder for everyone - in Firefox as well as other browsers, you can set your user agent. In effect, the browser lies to the servers, claiming to be whatever you TOLD it to be. "Today, you are Internet Explorer, and we are running on Windows XP. Tomorrow, you can be Opera, running on ArchLinux. Yes, we'll just keep our javascript and flash enabled, we'll just change who we are, alright?"

And, of course, Firefox answers, "Sure thing, Boss!"

Re:virtual machines (2, Insightful)

sigmoid_balance (777560) | more than 3 years ago | (#34187116)

Isn't it better to be more common that to be more unique? Setting the USER-AGENT to something randomly generated will make you unique, but it's it better to "blend in" than to "stand out" ?

Re:virtual machines (2, Insightful)

mobets (101759) | more than 3 years ago | (#34188194)

I think being unique would be fine as long as you are differently unique every time.

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34185728)

Wow! You are a bit obsess by security/anonymity! ;)

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34185812)

Actually I am obsessed with virtual machines. I am like a child with a room full of toys when I play with VMs. Also I absolutely hate ads. I only started watching TV when I got a tivo several years back, and I only started using graphical browsers when I started blocking ads with privoxy.

I am certainly an odd person, but I think you and other posters are assuming a bit too much. The porn collection comment did get a laugh out of me though.

Re:virtual machines (1)

el_tedward (1612093) | more than 3 years ago | (#34185790)

I've been thinking about doing something similar in my dorm room, just haven't had the time between random internet surfing and classes. Hadn't looked into privoxy before. :)

Mind if I ask what OS you're using for your web browsing VM?

Re:virtual machines (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34186058)

Chrome in XP for random nonsense like Slashdot. Firefox with noscript in a linux VM for gmail and banking etc.

The host OS is linux of course since I am using iptables to control the VM network activity. I am using qemu with the user mode networking option. With KVM acceleration it is amazing. Near native speeds.

I'm also going to reply to the person who posted below you right now so I don't need to get a new IP address again. Why bother with a live cd? That is not convenient at all. I am not a political prisoner, just a nerd having fun with VMs. I like leaving javascript on when ads are blocked. Also you need to remember that there is no added complexity to a random mac address. The script I use to start my qemu VM has "macaddr=`randmac`" in it and there we go, new mac address each time. Why not? I just have a python script named randmac in /usr/local/bin that generates a random mac address for me each time. I was surprised to find that XP doesn't even care about this. It still sees it as the same nic and everything.

Just use a tiny, liveCD & no HDD (0)

Anonymous Coward | more than 3 years ago | (#34185820)

Just use a tiny, liveCD & no HDD. Don't hook up a HDD at all.

MAC addresses don't go over the internet due to networking, just javascript can do that, so disable it by default and only enable it for the 5 sites you actually support.

Re:virtual machines (1)

apparently (756613) | more than 3 years ago | (#34185892)

So, what's the OS & hardware setup? And how long does it take for you to start your VM + Browser?

Re:virtual machines (4, Interesting)

couchslug (175151) | more than 3 years ago | (#34186744)

I just use Linux for most of my surfing, but light VMs are very easy to set up and worth doing for the education.

I like Portable VirtualBox for Windows use because I can make a self-extracting .rar of the complete program with VMs for backup:

http://www.dedoimedo.com/computers/portable-virtualbox.html [dedoimedo.com]

Grab a light Linux distro like DSL (small download, speedy performance), and install to VM from the .iso:

http://www.damnsmalllinux.org/ [damnsmalllinux.org]

You can then play with MANY operating systems, and if they screw up, delete their VM. If you have bigger problems, reload by extracting the backup. :)

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34187274)

I could have sworn that he claimed to store a portion of the cookie in the bookmarks, but I guess it was just your browser history.

I wouldn't put it past him to be working on storing them in the bookmarks though, so I wouldn't be so smug.

Re:virtual machines (1)

gozar (39392) | more than 3 years ago | (#34187592)

I wonder how well that does against https://panopticlick.eff.org/ [eff.org] ...

Re:virtual machines (1)

golf2 (1938140) | more than 3 years ago | (#34188684)

I'm all for a sensible amount of anonymity - what are you up to that requires such a setup?!

Re:virtual machines (0)

Anonymous Coward | more than 3 years ago | (#34189912)

It is all about having fun with VMs and avoiding malware to me. Privacy isn't the point of it. I don't use tor obscure my IP address in any way, and am logged in to gmail during all of this so it would be quite clear who I was if there was any kind of investigation, but I'm not up to anything that would require that.

But as far as malware goes, I can get infected all the time and never notice it unless it can infect my bookmarks. I like that. I can enjoy full javascript/flash etc on any web site, and when it comes time to upgrade from a 0-day vulnerable version of chrome/flash to one that is updated, I will always roll back to a virgin unbrowsed state and then upgrade fresh from there. Only extremely sophisticated malware would be able to keep infecting me (it would need to find a hole in the VM software).

Also I like that my XP VM is firewalled by linux's iptables. No malware will be able to even communicate with the outside world unless it does it through my http proxy which I watch. It isn't as simple as rooting XP and then disabling the XP firewall. I disabled that already myself.

To each their own I guess. I find it very fun to play around with. Also it should be good experience in case I want a job that requires high security on employee desktops. Google got owned by an adobe exploit for example. This stuff can get pretty serious.

One hopes... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34185600)

I hope that this "Nevercookie" addresses the issues raised by "Evercookie" in a systematic way, rather than just defeating Evercookie point-by-point.

Evercookie's creator explicitly noted that his work was a simple proof of concept, cooked up fairly quickly, as a way of raising the issue of covert persistent data storage on the web. He further noted that people who actually do evil for a living are probably at least as creative as he is, and have a whole lot more time to work on the problem. Simply defeating Evercookie, as released, will probably save you from a few of whatever the analytics world's equivalent of a script-kiddie is; but will do next to nothing against the issues that Evercookie was designed merely to demonstrate...

Re:One hopes... (1)

L4t3r4lu5 (1216702) | more than 3 years ago | (#34185986)

Like most common cold "remedies" it's a treatment for the symptom, not the disease.

Re:One hopes... (2, Insightful)

PRMan (959735) | more than 3 years ago | (#34187562)

You're right, we should kill all marketers... ;-)

Re:One hopes... (1, Informative)

Anonymous Coward | more than 3 years ago | (#34187604)

https://panopticlick.eff.org/ still would need to be addressed.

Re:One hopes... (2, Informative)

gabbott (1938128) | more than 3 years ago | (#34188516)

Check out how it works here: http://www.anonymizer.com/learningcenter/#lc_labs [anonymizer.com] I used nevercookie as sort of a fitness test, but it wasn't designed to only defeat evercookie, it was designed to address the larger problem of tracking via all kinds of local storage mechanisms.

Islam - the religion of peace (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34185620)

http://www.telegraph.co.uk/news/newstopics/religion/8120142/Christian-woman-sentenced-to-death-in-Pakistan-for-blasphemy.html [telegraph.co.uk]

Wow, a mother of 5 sentenced to die by hanging in Pakistan, all because some Muslim country bumpkins got mad that a Christian woman had brought them water and the water was therefore unclean. "Unclean" water! First of all, I have a hard time believing that the water in rural Pakistan is all that clean to begin with. Second, the Christian woman should have let those bitches die of thirst! So much for being a good Samaritan. Can anyone deny any longer that it is IMPOSSIBLE for Islam to exist peacefully with any other religion or culture?

How's this for blasphemy? Fuck Mohammed - that vile murdering pedophile, and fuck the non-god that he serves. We don't like Muslims. They add nothing of value to the world, and in fact they most often detract from it. Can anyone deny that the world would be a much more peaceful place without Muslims getting worked up into a hysterical mob over every perceived slight?

Sincerely,
Civilization

Re:Islam - the religion of peace (0, Troll)

Anonymous Coward | more than 3 years ago | (#34186168)

You idiot! You're not allowed to tell the truth about Islam in public! Terrorist sympathisers will mod you down to oblivion!

Re:Islam - the religion of peace (0)

Anonymous Coward | more than 3 years ago | (#34188760)

How was this offtopic troll-feeding modded UP?

Cross-browser (0)

Anonymous Coward | more than 3 years ago | (#34185630)

A cross-browser, multi-platform, open source tool is BleachBit to delete evecookies [sourceforge.net] , but for Firefox, this looks like

Obligatory PDP joke (1)

schmidt349 (690948) | more than 3 years ago | (#34185654)

Please, just one cookie, I promise I'll go away!

Different than "Supercookies"? (2, Insightful)

PPCAvenger (651410) | more than 3 years ago | (#34185916)

From the end of the article, " Specifically, Nevercookie prevents abuse to both the Adobe Flash Local Storage Object (LSO) and Microsoft's Silverlight Isolated Storage (MIS)." "

  Doesn't BetterPrivacy [mozilla.org] already eliminate LSOs and other stored data?

  I don't have Silverlight so I don't know if it eliminates that data but unless these "Evercookies" are somehow different than "Supercookies" you can eliminate this issue right now.

Re:Different than "Supercookies"? (0)

Anonymous Coward | more than 3 years ago | (#34186314)

They're different and worse. If I recall correctly, evercookies utilize 7 different techniques to store cookies...
    - traditional
    - LSO
    - MIS (there's your better privacy)
    - HTML 5 local storage
    - CSS: visited "feature"/bug

That's...all the ones I recall off the top of my head. Not bad for an AC though. I just remember I knew of two techniques that he didn't use which I'm not posting here. Because some of us do make a living off of cookies.

Captcha: munition. That's what this is about. The browser and W3C could fix this, but they've no incentive. All it'd take is a simple standard for browser plugins and their API. Never gonna happen though.

His location attack... (1)

metrix007 (200091) | more than 3 years ago | (#34187216)

Was not XSS, but based on insecure session ID generation. http://samy.pl/phpwn [samy.pl]

hey guys (5, Informative)

gabbott (1938128) | more than 3 years ago | (#34188440)

My name is Geoff and I created "nevercookie". I'm a researcher at Anonymizer. I can assure you all that it is not vaporware, it works and has been pretty thoroughly tested, it's just that marketing wants to brand it and make it all slick before we release it to the general public (which should be in a week or two). I've sent out a few beta versions for friends in the security field to test out, and I might be able to send out a few more if anyone is interested in field testing it early (I'll ask my boss). To address concerns about how it works, it's pretty simple actually. When private browsing mode in firefox is initiated, the external data storage of Flash and Silverlight is quarantined (this is done because the browser normally can't touch these things cause they are browser independent, this is the most obvious place that an evercookie can respawn from (unless you clean it manually)). Then a clean, temporary user profile is spawned for the current browsing session, eliminating any lingering cached data. There's actually a decent explanation here: http://www.anonymizer.com/learningcenter/#lc_labs [anonymizer.com]

Who are the web sites (2, Interesting)

Stan92057 (737634) | more than 3 years ago | (#34189036)

Who are the web sites that use theses cookies? why do they remain unnamed? I think that knowledge is just as important as making blocking software.

Don't forget about computers sharing our IP ad. (0)

Anonymous Coward | more than 3 years ago | (#34189060)

I think that most of us who hold an active pro-privacy position regarding browser-based-tracking are ignoring one very fatal giveaway to our privacy -- our families' computers that are also sharing our internet connection. We geeks may delete all OUR cookies, LSOs, enable NoScript, adblock Plus, etc., on OUR computers, but when your wife (the one that thinks NoScript/flashblock is too much trouble) goes broadcasting your IP on facebook while you are surfing Slashporn^Wwikipedia, then you delete your cookies, while she doesn't. A week later, your modem has a new IP, you have a clean browser, your wife has the same unclean brwoser from last week. Now, if any one of the sites (say a large unnamed advertising agency that was showing ads on both websites) that you two visited are sharing IP and browser info, they can link her computer through time due to the browser's history/cookies/LSO/etc and then link your computer to her's due to the shared internet connection, and presto... they will be able to uniquely identify your computer-now from your computer-one-week-ago.

Oblig. Plug (1)

0xG (712423) | more than 3 years ago | (#34191998)

I don't have this problem because I use Adblock Plus!
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?