Killing the Evercookie (Google Chrome w/o Restart) This post inspired by Dominic White's attempt at killing Samy Kamar's evercookie demo.
Set-UpGo to Samy's evercookie demo- Click "Click to create an ever cookie" * not down the number Evercookie Removal1) Open a new tab, then close all other windows and tabs. 2) Delete Silverlight Isolated Storage Go to click the Silverlight application (any app will do)Silverlight Preferences > Application Storage > Delete all...Click "Yes" 4) Clear Browsing Data. Killing the Evercookie - Dominic White. (Hi Slashdot & The Register readers.
Make sure to check the 2nd part on killing iPhone Evercookie's too) Samy Kamar recently released his tool, evercookie. This uses multiple persistent data stores to set unique identifiers that can be used to identify your browser to a website. While my default Firefox browsing setup is safe against it, I noticed that the "disposable" Safari instance I used was not.
I sometimes use a clean Safari instance to test or access things the tinfoil on my Firefox does not let me. When the evercookie is created, is shows as existing in the following locations (note: just visiting the site sets up some of the evercookie containers): userData mechanism: undefinedcookieData mechanism: 362localData mechanism: 362globalData mechanism: undefinedsessionData mechanism: 362historyData mechanism: undefinedpngData mechanism: 362etagData mechanism: 362dbData mechanism: 362lsoData mechanism: 362 cat evercookie-kill.sh #! Killing the Evercookie - Part2 MobileSafari - Dominic White. UPDATE: An iPhone developer has turned this into an awesome little SBSetting addon.
You'll still need a jailbroken phone but can install it via Cydia. My previous experiments in killing the Evercookie in Safari sparked similar posts describing how to do the same for Chrome and Firefox. However, my second most frequent browsing platform is my iPhone, and I thought I would investigate how Apple IOS, MobileSafari & embedded WebKit fares. It does much worse. There are two problems; the first is, any app which embeds MobileWebKit has it's own stores for normal cookies, browser cache and HTML5 storage.
To hard clear all the WebKit datastores, including normal cookies, I put the following quick script together (you'll need a JailBroken iPhone) . #! I know this and my previous entry are scorched earth tactics. In short, what does Apple need to do to fix this? Update: Clarified what the two separate problems are, and added a section on what Apple should do to fix. Evercookie - virtually irrevocable persistent cookies. Samy's home page || follow my twitter || blog || email me || samy kamkar October 11, 2010: Reported on the front page of the New York Times Cookie found: uid = currently not set Click to create an evercookie.