Compatibility?

[Ruok2bu]

Will evercookie work on client systems that use Linux or OSX ?

[samyk]

Yes, many of the storage mechanisms are cross-platform

[Ruok2bu]

How many of them though?

[samyk]

It's more browser dependent than platform dependent. It looks like about a dozen should work on Firefox on Linux.

[ssokolow]

It's been a long time and all I remember for certain is that I managed to successfully configure my Firefox to kill evercookies on restart, but here's how I thing it went:

Any browser which supports the feature:

• Standard HTTP Cookies
• HTTP Strict Transport Security (HSTS) Pinning
• Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
• Storing cookies in HTTP ETags
• Storing cookies in Web cache
• window.name caching
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 IndexedDB

Any browser with a Flash plugin:

• Local Shared Objects (Flash Cookies)

Any browser with a Java plugin:

• Java JNLP PersistenceService

Any browser with a Silverlight plugin:

• Silverlight Isolated Storage

WebKit-based browsers:

• HTML5 Database Storage via SQLite (standardization abandoned in favor of IndexedDB)

MSIE and browsers based on its ActiveX control:

• Internet Explorer userData storage

Any browser/plugin old enough to not have closed this vulnerability:

• Storing cookies in Web History
• Java CVE-2013-0422 exploit (applet sandbox escaping)

P.S. Sorry for replying via e-mail. GitHub is giving me persistent errors when I try to post a comment via the web interface.

On 16-04-23 01:24 AM, Samy Kamkar wrote:

It's more browser dependent than platform dependent. It looks like about a dozen should work on Firefox on Linux.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/samyk/evercookie/issues/107#issuecomment-213666895

[Ruok2bu]

Ah, thanks for the info!