Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Firefox Privacy Security Your Rights Online

Nevercookie Eats Evercookies 91

Posted by CmdrTaco from the i-eat-heavy-metals dept.
wiredmikey writes "Anonymizer, Inc. has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. The plugin extends Firefox's private browsing mode by preventing Evercookies from identifying and tracking users."
This discussion has been archived. No new comments can be posted.

Nevercookie Eats Evercookies More

Nevercookie Eats Evercookies

Comments Filter:

  • Re:One hopes... (Score:1, Informative)

    by Anonymous Coward on Wednesday November 10, 2010 @01:02PM (#34187604)

    https://panopticlick.eff.org/ still would need to be addressed.

  • hey guys (Score:5, Informative)

    by gabbott ( 1938128 ) on Wednesday November 10, 2010 @02:21PM (#34188440)
    My name is Geoff and I created "nevercookie". I'm a researcher at Anonymizer. I can assure you all that it is not vaporware, it works and has been pretty thoroughly tested, it's just that marketing wants to brand it and make it all slick before we release it to the general public (which should be in a week or two). I've sent out a few beta versions for friends in the security field to test out, and I might be able to send out a few more if anyone is interested in field testing it early (I'll ask my boss). To address concerns about how it works, it's pretty simple actually. When private browsing mode in firefox is initiated, the external data storage of Flash and Silverlight is quarantined (this is done because the browser normally can't touch these things cause they are browser independent, this is the most obvious place that an evercookie can respawn from (unless you clean it manually)). Then a clean, temporary user profile is spawned for the current browsing session, eliminating any lingering cached data. There's actually a decent explanation here: http://www.anonymizer.com/learningcenter/#lc_labs [anonymizer.com]

  • Re:One hopes... (Score:2, Informative)

    by gabbott ( 1938128 ) on Wednesday November 10, 2010 @02:28PM (#34188516)
    Check out how it works here: http://www.anonymizer.com/learningcenter/#lc_labs [anonymizer.com] I used nevercookie as sort of a fitness test, but it wasn't designed to only defeat evercookie, it was designed to address the larger problem of tracking via all kinds of local storage mechanisms.

  • Re:Are Chrome Users Still Defenceless? (Score:1, Informative)

    by Anonymous Coward on Wednesday November 10, 2010 @04:45PM (#34189960)

    Well, depends on what you mean by 'defense'.

    Private browsing has issues (see: http://blogs.pcmag.com/securitywatch/2010/08/university_study_finds_problem.php), so evercookie isn't really needed to track non-geeks.

    Personally I skip the whole thing and run an instance of my browser of choice (chrome) in an chroot-jailed sandbox when I need a private browsing. After I finish browsing I wipe the sandbox clean and that is that. The only thing I really use incognito mode for is when I need to be logged in on two accounts from the same provider at the same time.

    For anyone who's interested on how to set it up:
    http://www.howtoforge.com/safe_mirror_unionfs_chroot details the basic technique, though I use aufs2 because I've modified it to run without a separate user and unionfs doesn't unmount properly in that situation.

Slashdot Top Deals

Kleeneness is next to Godelness.

Close