Hacker
Professional
- Messages
- 1,041
- Reaction score
- 852
- Points
- 113
Cookies are a common technology that helps an Internet resource remember its user and save the settings they set. Thanks to this, the page user is relieved of the obligation to enter their username and password manually during each visit to the site.
From the point of view of the web resource owner, the purpose of cookies is to identify the user. They are a small piece of text information transmitted from the server to the browser. When a user accesses the server (i.e., when entering their address in the browser), the server reads the data contained in cookies and performs certain actions based on their analysis. For example, it can be a username and password entered by the user earlier. The site "remembers" the user and no longer requires their input.
However, there is one problem for site owners: cookies have a limited "lifetime" (although very long), after which they are deleted. In addition, you can simply delete any cookies in your browser using a special option. As a result, the browser stops identifying the user when they re-enter the site. This is bad for owners of Internet resources, especially commercial ones, who need to keep in touch with users and know as much about them as possible.
However, if LSO is still more or less known, then the following techniques are a mystery to the vast majority. These include those that appeared in HTML5 (Local Storage, Session Storage, Global Storage, and Database Storage). Polish specialist Sammy Kamkar decided to systematize the most" tenacious " cookies, resulting in a JavaScript library called Everycookie. Such miracle cookies theoretically allow you to identify any, even the most cunning site visitor when they return to the page.
Evercookie uses all the existing storage, as well as a lot of all sorts of tricks that help to "mark" the computer. Here is just an incomplete list of them:
A site that uses Everycookie libraries will easily bypass all your anonymity measures (although some antivirus programs may detect such sites as dangerous).
Unfortunately, clearing browsers of cookies will not solve the problem completely.
For example, if a user deletes standard cookies, clears LSO data, and pays attention to HTML5 repositories, the system will not get rid of cookies created using cached PNG or Web History.
Quite interesting is the fact that browsers can pass "buns" to each other.
Private Browsing
Is there any protection against Everycookie, and if so, what is it?
To be fair, it's worth mentioning that incognito mode can also be enabled on other browsers. The inclusion algorithms are incredibly simple and look like this:
Earlier it was said that only in Safari incognito mode is truly effective. It's true. According to reviews from ordinary Internet users, as well as people dealing with the problem of combating Everycookie, only in Safari the private access mode blocks all operations performed by these tricky cookies.
Mil Shield
Another affordable way is to use special programs that take care of all the work. One of these programs is called Mil Shield. This is a program for Windows (starting with XP), which allows you to provide a very high level of privacy when working on the Internet. It deletes cookies, the cache, data stored in the browser, temporary files, the history of pages visited, and also, which is especially important in the light of our article, Everycookie cookies. It can also restore the start page if some malware has replaced it.
Click Clean to clear the system of all traces of your work on the Internet. To start working in stealth mode, tap Stealth.
PROTECTION FROM EVERYCOOKIE
Private Browsing mode)
Mil Shield program (and analogs)
In itself, the existence of libraries like Everycookie and virus-like technologies for multiple copying and self-healing (as well as the general leakage of personal information, say, through WebRTC) is an unpleasant thing, but not fatal. This problem is solved within the framework of the standard tools of browsers and antivirus programs themselves, which consider such methods to be spyware.
Meanwhile, a much greater danger is presented by various methods of unique identification and identification of clients based on "fingerprints of unique browser settings and information transmitted by the computer" – the so-called Fingerprints.
From the point of view of the web resource owner, the purpose of cookies is to identify the user. They are a small piece of text information transmitted from the server to the browser. When a user accesses the server (i.e., when entering their address in the browser), the server reads the data contained in cookies and performs certain actions based on their analysis. For example, it can be a username and password entered by the user earlier. The site "remembers" the user and no longer requires their input.
However, there is one problem for site owners: cookies have a limited "lifetime" (although very long), after which they are deleted. In addition, you can simply delete any cookies in your browser using a special option. As a result, the browser stops identifying the user when they re-enter the site. This is bad for owners of Internet resources, especially commercial ones, who need to keep in touch with users and know as much about them as possible.
However, if LSO is still more or less known, then the following techniques are a mystery to the vast majority. These include those that appeared in HTML5 (Local Storage, Session Storage, Global Storage, and Database Storage). Polish specialist Sammy Kamkar decided to systematize the most" tenacious " cookies, resulting in a JavaScript library called Everycookie. Such miracle cookies theoretically allow you to identify any, even the most cunning site visitor when they return to the page.
Evercookie uses all the existing storage, as well as a lot of all sorts of tricks that help to "mark" the computer. Here is just an incomplete list of them:
- HTTP cookies;
- Local Shared Objects (Flash);
- saving cookies in RGB values, automatically generated and forcibly cached PNGs using HTML5 canvas;
- saving cookies in Web History;
- HTML5 Session Storage;
- HTML5 Local Storage;
- HTML5 Global Storage;
- HTML5 Database Storage via SQLite.
A site that uses Everycookie libraries will easily bypass all your anonymity measures (although some antivirus programs may detect such sites as dangerous).
Unfortunately, clearing browsers of cookies will not solve the problem completely.
For example, if a user deletes standard cookies, clears LSO data, and pays attention to HTML5 repositories, the system will not get rid of cookies created using cached PNG or Web History.
Quite interesting is the fact that browsers can pass "buns" to each other.
Private Browsing
Is there any protection against Everycookie, and if so, what is it?
To be fair, it's worth mentioning that incognito mode can also be enabled on other browsers. The inclusion algorithms are incredibly simple and look like this:
- In Opera, the mode is enabled by pressing ctrl+shift+n or through the menu (the category "tabs and windows" is selected, then a tab or window with private viewing is created).
- In Google Chrome, this mode is enabled using the ctrl+shift+n keys or through the settings, in which you need to select a category called "New Window in Incognito mode".
- In Internet Explorer – by using the ctrl+shift+p keys or by opening a new tab and then selecting the item called "view in private mode".
Earlier it was said that only in Safari incognito mode is truly effective. It's true. According to reviews from ordinary Internet users, as well as people dealing with the problem of combating Everycookie, only in Safari the private access mode blocks all operations performed by these tricky cookies.
Mil Shield
Another affordable way is to use special programs that take care of all the work. One of these programs is called Mil Shield. This is a program for Windows (starting with XP), which allows you to provide a very high level of privacy when working on the Internet. It deletes cookies, the cache, data stored in the browser, temporary files, the history of pages visited, and also, which is especially important in the light of our article, Everycookie cookies. It can also restore the start page if some malware has replaced it.
Click Clean to clear the system of all traces of your work on the Internet. To start working in stealth mode, tap Stealth.
PROTECTION FROM EVERYCOOKIE
Private Browsing mode)
Mil Shield program (and analogs)
In itself, the existence of libraries like Everycookie and virus-like technologies for multiple copying and self-healing (as well as the general leakage of personal information, say, through WebRTC) is an unpleasant thing, but not fatal. This problem is solved within the framework of the standard tools of browsers and antivirus programs themselves, which consider such methods to be spyware.
Meanwhile, a much greater danger is presented by various methods of unique identification and identification of clients based on "fingerprints of unique browser settings and information transmitted by the computer" – the so-called Fingerprints.
