Evercookie

I am currently doing a research project that has to do with the profiling of browsers.  Essentially how your browser holds personal information and how different mechanisms can access these attributes to create a profile of your habits.  Certain websites exploit these mechanisms in order to figure who you are in a crowd of millions.  They can than use your profile to show you certain ads or articles that might be of interest to you (although lets be honest they never are).

While researching this topic my team came across a tool created by Samy Kamkar called Evercookie.  Basically the Evercookie works like most cookies where it stores information on you in your session storage.  However, what sets the Evercookie apart is that it also uses mechanisms like JavaScript, Flash, and Silverlight to store information.  The purpose of storing the information all over the place is to reduce the ability to wipe the cookie out completely.  If you delete your sessions storage the information will be recreated from the JavaScript storage or the Flash storage.  In order to delete the cookie completely all of these mechanisms need to be disabled and its sessions storage deleted.  For the average user this is a huge problem because it can cause a lot of usability to be lost.  When you disable something like JavaScript most websites will not act the way they normally do and some don't work at all.

I wanted to give more awareness to this technology because privacy is an ongoing problem on the internet as technology gets more advanced.  The Evercookie is just one step to the elimination of privacy on the web.  Luckily, Sammy Kemkar didn't create the cookie for harm.  In fact the whole purpose of him creating it was to spread awareness to people that this sort of technology most likely exists and that websites are using it.  You can go to his website (linked at end of post) and try to create an Evercookie in your own browser session if you want.  The purpose of him creating this "test" Evercookie is so that users can see how easy it is to profile them.  Hopefully people who visit the site and successfully create an Evercookie in their session go and learn how to keep anonymity and their privacy safe while browsing the web.

If you are reading this and into hacking, Samy Kemkar is a really smart guy who dedicates a lot of time into creating different hacking tools.  Over the summer I was at the 23rd DefCon, the biggest Cyber Security conference in the world, in Las Vegas and Kemkar did a talk on hacking garage doors using a Mattel toy.  Yes the same company that creates Barbies also creates a toy that can be hacked to open almost any garage door in 10 seconds.  I'm also going to link that in the bottom of this post in case you want to see that in action.

http://samy.pl/evercookie/

https://www.youtube.com/watch?v=iSSRaIU9_Vc