The cookie that won’t go away

A proof-of-concept JavaScript API that manufactures persistent cookies and stores them in several types of storage mechanisms has been developed by security hacker Samy Kamkar, and he dubbed it evercookie.

Moreover, if you ever manage to find all the planted cookies and delete them, evercookie simply recreates them by using several storage mechanisms.

The cookies are placed within the browser, in the browser history, cookie cache, and even in auto-generated, force-cached images from which the information needed to restore the cookie can be fished back out. And even if the user manages to delete all cookies but one, all can be reset again.

Setting aside the entire issue of user privacy, it is easy to see that this might be good news for ad networks, but the tool could also be misused by unscrupulous cybercriminals and scammers.

Luckily for us, the tool is open source, so the means of blocking the evercookie from doing its job will likely soon be developed. In the meantime, Kamkar says that he found that using Private Browsing in Safari will stop all evercookie methods after a browser restart.




Share this