samyk / evercookie

Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
https://samy.pl/evercookie/
4.43k stars 662 forks source link

Clearing History/Browsing Data - No More Persistence #118

Open bitnom opened 8 years ago

bitnom commented 8 years ago

I ran the demo in Chrome and Chromium (Flash is installed) and several stores were created on the demo but when I cleared browsing history and came back, the cookie didn't persist. It used to without fail. Should it still be possible to circumvent the patches that browser vendors have implemented? If you think so (I've been out of the loop so to speak), I'll gladly contribute code to revive this project. I have a lot of experience coding persistent ad tracking years ago.

samyk commented 8 years ago

There could be some improvements that could revitalize evercookie and make it work quite consistently again. I would re-inspect the plugin-based features (Flash, Silverlight, etc) as they could use some refreshing I believe, and there are more recent web technologies that may likely provide (read: suffer from) storage mechanisms. I'd investigate HSTS (@bcrypt has some great work on this), WebRTC, WebGL (likely for fingerprinting), and basically any other new technology you can find in chrome://flags

bitnom commented 8 years ago

I don't see any previous activity @bcrypt

samyk commented 8 years ago

https://github.com/diracdeltas/sniffly