1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How they catch you! New, Undeletable, Web Cookie

Discussion in 'White Hat SEO' started by johndea, Aug 16, 2011.

  1. johndea

    johndea Regular Member

    Joined:
    Jun 23, 2011
    Messages:
    308
    Likes Received:
    35
    How they catch YOU!


    http://www.schneier.com/blog/archives/2011/08/new_undeletable.html


    New, Undeletable, Web Cookie

    A couple of weeks ago Wired reported the discovery of a new, undeletable, web cookie:
    Researchers at U.C. Berkeley have discovered that some of the net?s most popular sites are using a tracking service that can?t be evaded -- even when users block cookies, turn off storage in Flash, or use browsers? ?incognito? functions.​
    The Wired article was very short on specifics, so I waited until one of the researchers -- Ashkan Soltani -- wrote up more details. He finally did, in a quite technical essay:
    What differentiates KISSmetrics apart from Hulu with regards to respawning is, in addition to Flash and HTML5 LocalStorage, KISSmetrics was exploiting the browser cache to store persistent identifiers via stored Javascript and ETags. ETags are tokens presented by a user?s browser to a remote webserver in order to determine whether a given resource (such as an image) has changed since the last time it was fetched. Rather than simply using it for version control, we found KISSmetrics returning ETag values that reliably matched the unique values in their 'km_ai' user cookies.​
     
    • Thanks Thanks x 1
  2. nandos

    nandos Junior Member

    Joined:
    Aug 5, 2010
    Messages:
    143
    Likes Received:
    19
    That shit should be illegal!
     
  3. jbrewski

    jbrewski Junior Member

    Joined:
    May 12, 2011
    Messages:
    116
    Likes Received:
    32
    Location:
    USA
    ^^ like nandos said
    hmmmmmm, this is not good
     
  4. -FPC-

    -FPC- Regular Member

    Joined:
    Apr 1, 2011
    Messages:
    341
    Likes Received:
    68
    Occupation:
    Professional freelance journalist, researcher, aut
    Location:
    Southern California
    From what I can tell wouldn't noscript help fight this?
     
  5. TermsB

    TermsB Senior Member

    Joined:
    May 19, 2009
    Messages:
    1,076
    Likes Received:
    734
    Location:
    USA
    If you notice this kind of cookie would still be cleared by CCleaner. It's still a temp file.
     
  6. nandos

    nandos Junior Member

    Joined:
    Aug 5, 2010
    Messages:
    143
    Likes Received:
    19
    But if it's these so called big sites that do it, you'll probably end up on it again and have the cookie placed once more. It'll be a cycle.

     
  7. funeralopolis

    funeralopolis Newbie

    Joined:
    Aug 7, 2011
    Messages:
    16
    Likes Received:
    8
    Someone will write a program/add on that deletes it after a while.
     
  8. timothywcrane

    timothywcrane Power Member

    Joined:
    Apr 25, 2009
    Messages:
    590
    Likes Received:
    236
    Occupation:
    Internet Promotion Management
    Location:
    USA
    Home Page:
    I know that everyone sees this as a bad thing, but at the same time, complain about one day cookies on Amazon. I see this as a good thing, If you know how to delete it. I can't wait for it to catch on in the IM industry, the one time, lasts forever Aff cookie. Then my only job would be to contract builders for custom browser loading. Geolocated for high profit (as I am US based), and forever ever lasting. F Google.
     
    • Thanks Thanks x 1
  9. Nookie Monster

    Nookie Monster Senior Member

    Joined:
    Mar 28, 2010
    Messages:
    968
    Likes Received:
    463
    Location:
    USA

    You my friend are a visionary after my own heart. :) I can see the enormous possibilities of this.

    Damn...... I wish I could write code.