Beta Version of Nevercookie Released 77
wiredmikey writes "Anonymizer has released a beta version of Nevercookie, the recently announced Firefox plugin designed to protect against the Evercookie, a JavaScript API built and made available to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. Evercookie is a more persistent form of cookie that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage."
Excellent.. (Score:2, Insightful)
Cat and mouse (Score:1, Insightful)
How long till EverEverCookie?
But kudos to the developers and ff (I am sure other browsers are not too far).
A useful virus (Score:3, Insightful)
For just once, can someone design a trojan/worm that updates browsers to include useful addons like this instead of trying to steal banking information? Just sayin'.
How did we get into this mess? (Score:1, Insightful)
You could always disable cookies. Then the website requires cookies, and if you really want to use it, you accept cookies. The browsers could have had a setting that said, "delete cookies when navigating away from a domain in this list", but they didn't do that. So. I guess that's how we got into this mess.
As for browsers allowing a cookie to set stuff in obscure locations all over the system; that sounds like a bug that should have been fixed a long time ago. As for allowing 3rd parties to access cookies, that also seems like a bug--unless you also controlled that with another list. Yes. It should be a PiTA for users to have to modify a list in order to make your site work. That way, maybe you'll stop being a douche. Maybe.
Keep your hands to yourself. (Score:4, Insightful)
For just once, can someone design a trojan/worm that updates browsers to include useful addons like this instead of trying to steal banking information? Just sayin'.
Tell me how you quarantee an innocent and useful payload.
Tell me why geek the who unleashes a trojan has won the right to decide how users should manage their systems.
blargh (Score:4, Insightful)
Re:Excellent.. (Score:5, Insightful)
It's worth remembering that everything a corporation tracks and stores is subject to subpoena or outright theft by the US Government. Tracking isn't ephemeral. There are increasingly large "profiles" of you being stored in databases of some very large corporations and if you really believe that those are safe and secure from prying eyes, whether it's employees of those companies, insurance companies that want nothing more than can charge you more or drop your policy, or government agencies who are convinced you're a threat to national security, you're sadly mistaken.
Re:If you don't want to be tracked (Score:5, Insightful)
They can fingerprint you based on your OS, system fonts, plug-ins, IP address, screen resolution and other exposed hardware capabilities, time zone, etc. Then they can surveil you as you move around the Web and increase the strength of that fingerprint based on the sites you visit that are in their "network" (think about how many properties Google owns from search to gmail to docs to youtube to blogger but then remember also that they can see you at non-googel sites because of adsense and google analytics and youtube embeds and feedburner and sites with re-captcha or google checkout or maps mash-ups or google's site-specific searches.
You are not anonymous, even if you rebuild your VM every day. You'd have to randomize all the features of your OS and your browser and then you'd have to reboot between pretty much every website you visit.
Why doesn't Firefox just block evercookies? (Score:2, Insightful)
Unless I'm reading this the wrong way, evercookies can exist because of flaws in HTML processing. So, why not do something to fill that hole instead of sticking a band-aid on it in the form of Nevercookie?
Re:Delete all the cookies you want (Score:3, Insightful)
Or modify the OS clock functions. Few people need that level of precision and a smart modification could average out to zero deviation over the long term. One could even an add an interface to remove skew randomization for specific processes that way the user who cares about such things could "fix" it on a case by case basis.
Re:Why doesn't Firefox just block evercookies? (Score:3, Insightful)
So, why not do something to fill that hole instead of sticking a band-aid on it in the form of Nevercookie?
<mode type='cynical'>
Because that would endanger their Google funding?
</mode>