Samy Kamkar, an open source developer whose motto is "think bad, do good" has released an API called "evercookie." Evercookie sets a nigh-undeletable tracking cookie in your browser, storing the information in eight separate ways; if you try to delete it but leave even one copy of the data around, it will repopulate itself using that last shred. Evercookies can even spread between browsers on the same system. The point of the project is to show that browsers are lagging behind privacy-invaders when it comes to cookie management, and to spur the organizations that publish browsers into creating better tools for privacy management.
"I hope evercookie simply demonstrates to people what types of methods are being employed to track them and to decide whether or not they want to prevent those methods," he said. "evercookie took less than a day to create for me as a security hobbyist, so I can only imagine the technology that funded developers are producing."
Zombie cookie wars: evil tracking API meant to "raise awareness"
Kamkar says he doesn't actually use evercookie to track people--it exists largely as a proof of concept, and he's not using technologies that are particularly bleeding edge in the developer world.
"None of these are new techniques," he told Ars, "but an API like this is awesome at raising awareness."
Of course, the mere fact that evercookie exists (and exists as an open source project that anyone can use) means that there will be some evil Web developers who make use of it, but that's almost the point. We're supposed to be scared.
Kamkar sees his project as a kind of litmus test to see whether people really are up to protecting themselves from being tracked by persistent cookies that anyone could implement, but he also understands that the "average" Internet user is hardly aware of traditional cookies, much less Flash cookies and beyond. Deleting the data from all eight (or more) storage mechanisms can be a pretty daunting task even for the relatively experienced surfer.
(Image: Peanut Butter Cookies, a Creative Commons Attribution (2.0) image from veganfeast's photostream)
Wow. @CarnegieMellon is America's Shanghai Jiaotong. https://t.co/UAtaAgJvJh— Edward Snowden (@Snowden) November 11, 2015 Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the […]
LA Makerspace co-founder Tara Tiger Brown shares a project that her kid-friendly maker workshop is trying to make a reality.
Amid growing fears about safety and security risks from unauthorized drone flights, federal regulators say they plan to require pretty much all recreational drones in the U.S. to be registered.
This minimalist multi-tool will see to it that instead of rocking a tool belt, you’ll carry just one. It’s shaped slightly like a key and weighs less than an ounce, so it plays nice with your keychain. The strong surgical-grade stainless steel blade will last, and is handy for everyday tasks like opening boxes and […]
The Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of about 10 minutes and an ultra-smooth ride, it’s a great introductory drone for anyone looking to […]
Don’t get handcuffed by Apple’s standard 3-foot Lightning cord (that you’ve most likely already lost), treat yourself to 10 feet of luxurious charging convenience. The Colossal is certified by Apple for its high-end quality, and designed to support full use of your phone while you power up. You can also get it in a 2-pack […]