Evercookie
Encyclopedia
Evercookie is a JavaScript
-based application which produces zombie cookie
s in a web browser
that are intentionally difficult to delete.
is a relatively small amount of textual data that is stored by the user's browser. Cookies can be
used to save preferences and login session information; however, they can also be employed to track users for marketing purposes.
Due to concerns over privacy, all major browsers include mechanisms for deleting and/or refusing to accept cookies from websites.
The size restrictions, likelihood of eventual deletion, and simple textual nature of traditional cookies motivated Adobe Systems
to add the Local Shared Object
(LSO) mechanism to the Adobe Flash
player.
While Adobe has published a mechanism for deleting LSO cookies (which can store 100KB of data per website, by default), it has met with some criticism from security and privacy experts. In response to the relative difficulty of removing LSO cookies, browser add-ons such as Firefox's "Better Privacy" plugin have been developed.
An evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired. As such, it serves to highlight the ways in which creators of malware can attack browsers.
, creator of the Samy Worm
(aka: JS/Spacehero-A)which took down MySpace.com in 2005, released v0.4 beta, as open source
, a highly persistent cookie he calls an Evercookie.
According to the project's website:
Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:
The developer is looking to add the following features:
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
-based application which produces zombie cookie
Zombie cookie
A zombie cookie is any HTTP cookie that is recreated after deletion from backups stored outside the web browser's dedicated cookie storage. This makes them very difficult to remove...
s in a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
that are intentionally difficult to delete.
Background
A traditional HTTP cookieHTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
is a relatively small amount of textual data that is stored by the user's browser. Cookies can be
used to save preferences and login session information; however, they can also be employed to track users for marketing purposes.
Due to concerns over privacy, all major browsers include mechanisms for deleting and/or refusing to accept cookies from websites.
The size restrictions, likelihood of eventual deletion, and simple textual nature of traditional cookies motivated Adobe Systems
Adobe Systems
Adobe Systems Incorporated is an American computer software company founded in 1982 and headquartered in San Jose, California, United States...
to add the Local Shared Object
Local Shared Object
Local Shared Objects , commonly called flash cookies are pieces of data that websites which use Adobe Flash may store on a user's computer...
(LSO) mechanism to the Adobe Flash
Adobe Flash
Adobe Flash is a multimedia platform used to add animation, video, and interactivity to web pages. Flash is frequently used for advertisements, games and flash animations for broadcast...
player.
While Adobe has published a mechanism for deleting LSO cookies (which can store 100KB of data per website, by default), it has met with some criticism from security and privacy experts. In response to the relative difficulty of removing LSO cookies, browser add-ons such as Firefox's "Better Privacy" plugin have been developed.
An evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired. As such, it serves to highlight the ways in which creators of malware can attack browsers.
Evercookie
On September 13, 2010, Samy KamkarSamy Kamkar
Samy Kamkar is a security researcher, possibly best known for creating the Evercookie and the MySpace worm Samy , as well as his discovery that the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies.- Samy Worm :In...
, creator of the Samy Worm
Samy (XSS)
Samy was an XSS worm developed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention....
(aka: JS/Spacehero-A)which took down MySpace.com in 2005, released v0.4 beta, as open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
, a highly persistent cookie he calls an Evercookie.
According to the project's website:
Evercookie is designed to make persistent data just that, persistent. By
storing the same data in several locations that a client can access, if
any of the data is ever lost (for example, by clearing cookies), the data
can be recovered and then reset and reused.
Simply think of it as cookies that just won't go away.
Evercookie is a javascript API available that produces
extremely persistent cookies in a browser. Its goal
is to identify a client even after they've removed standard
cookies, Flash cookies (Local Shared Objects or LSOs), and
others.
Evercookie accomplishes this by storing the cookie data in
several types of storage mechanisms that are available on
the local browser. Additionally, if Evercookie has found the
user has removed any of the types of cookies in question, it
recreates them using each mechanism available.
Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:
- Standard HTTP cookies
- Local Shared Objects (Flash cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web history
- Storing cookies in HTTP ETagHTTP ETagAn ETag, or entity tag, is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for cache validation, and which allows a client to make conditional requests. This allows caches to be more efficient, and saves bandwidth, as a web server does not...
s - Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLiteSQLiteSQLite is an ACID-compliant embedded relational database management system contained in a relatively small C programming library. The source code for SQLite is in the public domain and implements most of the SQL standard...
The developer is looking to add the following features:
- Caching in HTTP Authentication
- Using Java to produce a unique key based on NIC information.