Already Afraid to Open Your Web Browser? Meet the "Evercookie"

As security guru Bruce Schneier writes, “the arms race continues.” I do wonder if, when, or how there will be a computer users’ revolt against tracking tools like this one:

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Or maybe the revolt will occur from on high. As one of Schneier’s commenters writes:

At what point does it become criminal computer trespass for a website to take great steps to contaminate my machine when I am, by my actions, making it abundantly clear that I don’t want those things on my computer?

If I did to the server what these guys are doing to my client, I’d have the FBI at the door.

Be sure to read Schneier’s warning at the end of his post.

Leave A Comment

Comments are moderated and generally will be posted if they are on-topic and not abusive.

 

COMMENTS: 22

View All Comments »
  1. Sardonimous says:

    Turn off javascript?

    Thumb up 0 Thumb down 0
  2. David says:

    Javascript is too useful for modern web apps (required actually) to be turned off for this reason.

    I agree that the law needs to step in because any attempt by the server to get around the user sounds like a hack attempt to me.

    Thumb up 0 Thumb down 0
  3. Eileen Wyatt says:

    So if I understand the note at the bottom of the blogger’s page correctly, I now have an especially persistent cookie on my work computer because I clicked on a link provided by a reputable (indeed, a quasi-scholarly) blog on a reputable newspaper site (one appropriate for me to read over lunch) — which chose not to warn me in advance even though Dubner had clearly read the note.

    It must be lovely to have such a waggish sense of humor.

    Thumb up 0 Thumb down 0
  4. Drill-Baby-Drill Drill Team says:

    Cookies are too innocent a term for leaving nonerasable eFingerprints.

    How about calling them Everlasting Electronstoppers after Willy Wonka?

    Thumb up 0 Thumb down 0
  5. Tim says:

    Why should it be criminal for a site to do exactly what it says it will do in the privacy policy or user agreement? By the fact that you use the site, you agree to abide by their terms of use. Don’t like sales tax? Don’t live in a state with sales tax!

    Thumb up 0 Thumb down 0
  6. E. David Zotter says:

    This story is 3 years old now….move along.

    EverCookie is just an improved version of PersistJS.

    http://pablotron.org/software/persist-js/

    Thumb up 0 Thumb down 0
  7. Clark says:

    According to my Chrome Ghostery plugin, this blog tried to put 7 trackers of various sorts on my machine, including DoubleClick, Tacoda, WebTrends and others.

    Economist, heal thyself.

    Thumb up 0 Thumb down 0
  8. assumo says:

    @ Drill Baby Drill

    I agree, the term “cookies” is too innocent, and actually makes me want some right now…

    What about “disk mites”?

    Thumb up 0 Thumb down 0