Evercookie
   HOME

TheInfoList



OR:

Evercookie (also known as supercookie) is a
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
application programming interface (API) that identifies and reproduces intentionally deleted cookies on the clients' browser storage. It was created by
Samy Kamkar Samy may refer to: *Samy (director) (active from 2006), Tamil film director *Samy (XSS), a computer worm *Samy (Mobile Marketing) ''MobileBits Corporation'' is an American marketing technology/advertising company that operated a pure brand mobil ...
in 2010 to demonstrate the possible infiltration from the websites that use respawning. Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies. In 2013,
Edward Snowden Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...
leaked a top-secret
NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
document that showed Evercookie can track
Tor Tor, TOR or ToR may refer to: Places * Tor, Pallars, a village in Spain * Tor, former name of Sloviansk, Ukraine, a city * Mount Tor, Tasmania, Australia, an extinct volcano * Tor Bay, Devon, England * Tor River, Western New Guinea, Indonesia Sc ...
(anonymity networks) users. Many popular companies use functionality similar to Evercookie to collect user information and track users. Further research on fingerprinting and search engines also draws inspiration from Evercookie's ability to track a user persistently.


Background

There are three commonly used data storages, including HTTP cookies, flash cookies, HTML5 Storage, and others. When the user visits a website for the first time, the web server may generate a unique identifier and store it on the user's browser or local space. The website can read and identify the user in its future visits with the stored identifier, and the website can save user's preferences and display marketing advertisements. Due to privacy concerns, all major browsers include mechanisms for deleting and/or refusing cookies from websites. In response to the users' increased unwillingness to accept cookies, many websites employ methods to circumvent users' deletion of cookies. Started from 2009, many research teams found popular websites used flash cookies, ETags, and various other data storage to rebuild the deleted cookies by users, including hulu.com, foxnews.com, spotify.com, etc. In 2010, Samy Kamkar, a Californian programmer, built an Evercookie project to further illustrate the tracking mechanism with respawning across various storage mechanisms on browsers.


Description

Evercookie allows website authors to be able to identify users even after said users have attempted to delete cookies.
Samy Kamkar Samy may refer to: *Samy (director) (active from 2006), Tamil film director *Samy (XSS), a computer worm *Samy (Mobile Marketing) ''MobileBits Corporation'' is an American marketing technology/advertising company that operated a pure brand mobil ...
released v0.4 beta of the evercookie on September 13, 2010, as an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
project. Evercookie is capable of respawning deleted HTTP cookies by storing the cookies on multiple different storage systems typically exposed by web browsers. When a browser visits a website with the Evercookie API on its server, the web server can generate an identifier and store it on various storage mechanisms available on that browser. If the user removes some ''but not all'' of the stored identifiers on the browser and revisits the website, the web server retrieves the identifier from storage areas that the user failed to delete. Then the web server will copy and restore this identifier to the previously cleared storage areas. By abusing the various available storage mechanisms, Evercookie creates persistent data identifiers, because users are not likely to clear all storing mechanisms. From the list provided by Samy Kamkar, 17 storage mechanisms could be used for the v0.4 beta Evercookie when they are available on browsers: * Standard
HTTP cookies HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's we ...
*
HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other ...
(HSTS) *
Local shared object A local shared object (LSO), commonly called a Flash cookie (due to its similarity with an HTTP cookie), is a piece of data that websites that use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of ...
s (Flash cookies) *
Silverlight Microsoft Silverlight is a discontinued application framework designed for writing and running rich web applications, similar to Adobe Inc., Adobe's Run time environment, runtime, Adobe Flash. A plugin for Silverlight is still available for a v ...
Isolated Storage * Storing cookies encoded in
RGB The RGB color model is an additive color model in which the red, green and blue primary colors of light are added together in various ways to reproduce a broad array of colors. The name of the model comes from the initials of the three addi ...
values of auto-generated, force-cached PNG images using HTML5 Canvas tag to read pixels (cookies) back out * Storing cookies in Web history * Storing cookies in
HTTP ETag The ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for Web cache validation, which allows a client to make conditional requests. This mechanism allows caches to be more ...
s * Storing cookies in
Web cache A Web cache (or HTTP cache) is a system for optimizing the World Wide Web. It is implemented both client-side and server-side. The caching of multimedias and other files can result in less overall delay when browsing the Web. Parts of the sys ...
* window.name caching *
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
userData storage * HTML5 Session
Web storage Web storage, sometimes known as DOM storage (Document Object Model storage), is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity ...
* HTML5 Local
Web storage Web storage, sometimes known as DOM storage (Document Object Model storage), is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity ...
* HTML5 Global Storage * HTML5 Web SQL Database via
SQLite SQLite (, ) is a database engine written in the C programming language. It is not a standalone app; rather, it is a library that software developers embed in their apps. As such, it belongs to the family of embedded databases. It is the m ...
* HTML5
IndexedDB The Indexed Database API (commonly referred to as IndexedDB) is a JavaScript application programming interface (API) provided by web browsers for managing a NoSQL database of JSON objects. It is a standard maintained by the World Wide Web Consort ...
* Java JNLP PersistenceService * Java CVE-2013-0422 exploit Samy Kamkar claims that he did not intend to use the Evercookie project to violate internet user privacy or to sell to any parties for commercial use. However, it has served as an inspiration for other commercial websites that later implemented similar mechanisms to restore user-deleted cookies. The Evercookie project is open source, meaning everyone can access and examine the code, or use the code for any purpose. The project incorporates HTML5 as one of the storage mechanisms, which was released 6 months before the project and gained public attentions due to its added persistency. Kamkar wished his project could demonstrate how users' privacy can be infiltered by contemporary tracking tools. So far, Firefox browser plug-in "Anonymizer Nevercookie™" can block Evercookie respawning. The storage mechanisms incorporated in the Evercookie project are constantly being updated, adding Evercookie's persistency. As it incorporates many existing tracking methods, Evercookie provides an advanced data tracking tool that reduces the redundancy of data collection methods by many commercial websites. With its inspiration, an increasing number of commercial websites used the idea of Evercookie, and they add upon it by incorporating new storage vectors. In 2014, a research team at the Princeton University conducted a large scale study of three persistent tracking tools: Evercookie, canvas fingerprinting, and cookie syncing. The team crawled and analyzed the top 100,000 Alexa websites, and it detects a new storage vector, IndexedDB, that is incorporated into Evercookie mechanism and used by weibo.com. The team claimed this is the first detection of commercial use for IndexedDB. Moreover, the team discovers cookie syncing is used in conjunction with Evercookie. Cookie syncing allows data sharing between different storage mechanisms, facilitating Evercookie's respawning process in different storage locations on users' browsers. The team also discovered instances of Flash cookies respawning HTTP cookies, and HTTP cookies respawning the flash cookies on the commercial websites. Those two mechanims are different from the Evercookie project in terms of the number of storage mechanisms employed, but they possess the same ideology. Among the sites that the research team crawled, 10 out of 200 websites used flash cookies to rebuild HTTP cookies. 9 of the observed sites belong to China (including sina.com.cn, weibo.com, hao123.com, sohu.com, ifeng.com, youku.com, 56.com, letv.com, and tudo.com). The other website identified was yandex.ru, a top search engine in Russia.


Applications

A research team from the Slovak University of Technology proposed a mechanism for search engines to infer Internet users’ intended search words and produce personalized search results. Often the queries from Internet users contain multiple meanings and range across different fields. As a result, the displayed search results from the search engine contain a multitude of information, many of which are not related to the searcher. The authors proposed that searchers’ identity and user preference have a strong indication on the queries meaning and can greatly reduce the ambiguity of the search word. The research team built a metadata-based model to extract users’ information with evercookie, and they integrated this user interest model into the search engine to enhance personalization of the search result. The team was aware that traditional cookie can be easily deleted by experiment subjects thus lead to incomplete experiment data. The research team then utilized evercookie's persistency.


Controversial applications


KISSMetrics privacy lawsuit

On Friday July 29, 2011, a research team at the
University of California, Berkeley The University of California, Berkeley (UC Berkeley, Berkeley, Cal, or California) is a public land-grant research university in Berkeley, California. Established in 1868 as the University of California, it is the state's first land-grant u ...
crawled the top 100 U.S. websites based upon QuantCast. The team found KISSmetrics, a third party website that provides marketing analytical tools, used HTTP cookies, Flash cookies, ETags, and some but not all storage mechanisms employed in Samy Kamkar's Evercookie project to respawn the user's deleted information. Other popular websites, such as hulu.com and spotify.com, employed KISSmetrics to respawn HTML5 and HTTP first party cookies. The research team claimed this was the first time that Etag was observed to be used in commercial settings. On the same day of the report's publication, Hulu and Spotify announced their suspended use of KISSmetrics for further investigation. Two consumers sued KISSmetrics over its violation of user privacy. KISSMetrics revised its privacy policies during the weekend, indicating the company had fully respected customers' will if they chose not to be tracked. On August 4, 2011, KISSmetrics' CEO Hiten Shah denied KISSmetrics' implementation of Evercookie and other tracking mechanisms mentioned in the report, and he claimed the company only used legitimate first party cookie trackers. On October 19, 2012, KISSmetrics agreed to pay over $500,000 to settle the accusation and promised to refrain from using Evercookie.


NSA Tor tracking

In 2013, an internal National Security Agency (
NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
)'s presentation was revealed by Edward Snowden, suggesting Evercookie's use in government surveillance to track Tor users. The TOR Blog responded to this leaked document in one post, assuring that TOR Browser Bundles and Tails operating system provide strong protections against evercookie.


Public attitudes towards data tracking

Evercookie, and many other emerged new technologies in persistent data tracking, is a response to internet users' tendency of deleting cookie storage. In this system of information exchange, some consumers believe they are being compensated with greater personalization information, or sometimes even financial compensation from the related companies. Recent related research, however, shows a gap between the expectations of the consumer and marketers. A
Wall Street Journal ''The Wall Street Journal'' is an American business-focused, international daily newspaper based in New York City, with international editions also available in Chinese and Japanese. The ''Journal'', along with its Asian editions, is published ...
survey showed 72% felt offended when they saw targeted advertisements while browsing the internet. Another survery showed 66% of Americans felt negative about how marketers track their data to generate individualized information. In another survey, 52% of respondents said they would like to turn off behavioral advertising. Data tracking persists, however.


See also

*
Device fingerprint A device fingerprint or machine fingerprint is information collected about the software and hardware of a remote computing device for the purpose of identification. The information is usually assimilated into a brief identifier using a fingerprinti ...
*
Canvas fingerprinting Canvas fingerprinting is one of a number of browser fingerprinting techniques for tracking online users that allow websites to identify and track visitors using the HTML5 canvas element instead of browser cookies or other similar means. The techni ...
*
HTTP cookie HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's w ...
* Flash cookie (Local shared object) *
Web storage Web storage, sometimes known as DOM storage (Document Object Model storage), is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity ...
*
Indexed Database API The Indexed Database API (commonly referred to as IndexedDB) is a JavaScript application programming interface (API) provided by web browsers for managing a NoSQL database of JSON objects. It is a standard maintained by the World Wide Web Co ...
* Web SQL Database * Google Gears *
Web tracking Web tracking is the practice by which operators of websites and third parties collect, store and share information about visitors’ activities on the World Wide Web. Analysis of a user's behaviour may be used to provide content that enables the ...
*
Real-time bidding Real-time bidding (RTB) is a means by which advertising inventory is bought and sold on a per- impression basis, via instantaneous programmatic auction, similar to financial markets. With real-time bidding, advertising buyers bid on an impression a ...
*
Web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
*
Internet privacy Internet privacy involves the right or mandate of personal privacy concerning the storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via Internet. Internet privacy is a subset of data privacy. Pr ...
*
HTML5 HTML5 is a markup language used for structuring and presenting content on the World Wide Web. It is the fifth and final major HTML version that is a World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML ...
*
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
*
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
*
Cache (computing) In computing, a cache ( ) is a hardware or software component that stores data so that future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewher ...
*
Browser security Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-si ...
* Browser extension


References

{{Hacking in the 2010s Internet privacy software Malware