Monday, July 11, 2011

The Truth About Cookies Exposed

When you are trying to bypass the security checks and login more times than you should at your favorite site, or create 100 MySpace accounts, then you know that cookies are there to track you. All cookies could potentially warn the administrators that you are coming, based on tracking your previous actions. This is so that they can block your requests and have minimal abuse on their server or site. Most people that are involved with bypassing these checks are aware that they have to delete ALL of their cookies or risked all of their requests being blocked. Many sites use this type of technology. However, the Internet is changing. You can't just get by with clearing your cookies anymore, big sites are hip to this game. Removing your standard HTTP cookies still leaves the possibility of being tracked by flash cookies, or LSO (Local Shared Object) cookies. These are relatively new, but still are an avenue for big sites to detect where the user is coming from, and what a user has done so far on the administrator's site.

I want to talk briefly about a new cookie I have come in contact with. Site administrators are calling it the Evercookie. Evercookie is a javascript API that allows site owners to create 'zombie' cookies that can be resurrected when a user deletes them. It does this by storing cookie data in locations that standard browsers have access to by default, and when it notices the user has deleted cookies, even Adobe LSO cookies, then it re sets the cookie from different locations on the local machine. This means that if you clear your cookies, remove Adobe LSO files, then you still have not deleted all of the cookies that are being used to track you. Why is this? Because of Evercookie. Evercookie was used by a javascript worm on MySpace and Facebook. This API is a complete hacker tool used to track the user's every move, regardless if the user wants that or not. I have mentioned in the past that I use BetterPrivacy to delete hidden adobe flash cookies, on top of deleting the standard cookies. Now I know why they call it Better Privacy. Even though Better Privacy add-on for Firefox works for most sites, some sites deploy the Evercookie Javascript api, and are able to track you regardless what cookies you think you are removing. It is BetterPrivacy, not the best privacy. In order to have the best privacy in Firefox I recommend people not only use BetterPrivacy add-on, but also use Nevercookie. Nevercookie is an add-on that has been developed that allows you to browse sites without Evercookie injecting cookies in weird locations so that the site can bring them back when you delete them. This is an awesome plugin and is the final line of defense to date, when it comes to being tracked. Have fun!

Here is a link to download the Firefox plugin Nevercookie:
Nevercookie download

Evercookie Wikipedia Page:
Evercookie in WikiPedia

Share : Share On Facebook ! Share On Google Buzz ! Add To ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !