Evercookie - The cookie with 8 forms of redundancy

[bubbles]

Samy, the creator of the MySpace worm has released an API called evercookie that stores a cookie in 8 different forms on the user's computer and resets them if any ever get deleted.

evercookie - virtually irrevocable persistent cookies

Now who is going to write the Prosper202 plugin? :bowdown:

 

[partizan]

Yeah I saw this on hacker news as well.

The thread there also has some other interesting links.

This is particularly ingenious:

Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out

BTW, shouldn't this be in Dev/Programming section?

 

[flysarescary]

stupid ass fucking open sores idiots

inb4 privacy legislation fucking moron

 

[mrgodlike]

Technolog - 'Evercookie' is one cookie you don't want to bite

Surprised.... this made it to msnbc

 

[darbsllim]

so what does this mean for me?

 

[j0hnsmith]

so what does this mean for me?

I'm wondering if this means you could, for example, create a clickbank cookie (with your hop id) that can't be overwritten. If that is possible then there are lots of interesting 'black hat' uses.

 

[darbsllim]

I'm wondering if this means you could, for example, create a clickbank cookie (with your hop id) that can't be overwritten. If that is possible then there are lots of interesting 'black hat' uses.

I bet people are already on it.

 

[Firelead]

Samy is a sick hacker. Good work!

 

[domore]

Samy is my hero.

 

[nkobend]

buy a mac

 

[sgtryan]

meh, nothing new here.

 

[bubbles]

I'm wondering if this means you could, for example, create a clickbank cookie (with your hop id) that can't be overwritten. If that is possible then there are lots of interesting 'black hat' uses.

If your thinking along the cookie stuffing route it won't really help you. The application I thought of was just more accurate tracking for your campaigns.

With T202 for example the way it works now is that it sets a cookie and thats it. If the user deletes that cookie and then goes to your landing page again T202 would think that its a different person.

With evercookie it would identify the person (hopefully) by one of the other 7 cookies and reset the deleted cookie, allowing you to more accurately track your statistics.

 

[nohatter]

Hey, why not make an affiliate forum and stuff users with "evercookie's" lazed with your af id's...no wait.

 

[Uptime]

LOL at going to samy's home page and it showing my browsing history right on his website. Might not want to have anyone looking over your shoulder if you go there

 

[darbsllim]

where does it do that?

LOL at going to samy's home page and it showing my browsing history right on his website. Might not want to have anyone looking over your shoulder if you go there

 

[Uptime]

where does it do that?

http://samy.pl/

Bottom right after

"Join the Conversation
loading code into memory...
spinning cpu cycles for no reason...
interrogating your local ip _______ "

 

[grazie]

I like how his website is a "desktop". Pretty cool design. And the fact that my browsing history is shown on the right lower section is kinda creepy. lol This guy rocks

 

[Hksoftware]

You can bet your ass EPN will use some of these techniques to link accounts.

 

[cachemoney]

Hey, why not make an affiliate forum and stuff users with "evercookie's" lazed with your af id's...no wait.

i dont see how this can be done. its the merchant that writes the cookie with the affiliate's ID. Your website is not writing the amazon or commission junction's tracking cookie. They'd have "to be in on it" and incorporate samy's cookie to help you cookie stuff on their network.