Evercookies

General discussion about web technology.
Post Reply
Peace
Posts: 10
Joined: Mon Aug 29, 2016 5:50 pm

Evercookies

Post by Peace » Fri Mar 23, 2018 11:57 pm

Hello everyone, I am here in a quest to protect myself against tracking, I use no script for maybe 2 years and it’s my favourite add on. I ask myself many questions on many things these days about privacy and tracking and my main concern right now is the Evercookie, zombiecookie, supercookie (I think they are all the same thing)

With No Script of course, I can block scripts but on each websites I need to trust the main script in order to see the web page.. then from that point, stuff gets into my computer, activity starts in Privacy Badger and Cookie Autodelete. I suspect during that time frame, copies of an Evercookie could be created in my computer without apparently, any possibility to find and destroy all of them (Apart from reinstalling a fresh OS)

Is there a way contain these evercookies? perhaps restricting Firefox and other built-in applications to write files only into specific computer folders? so the writing is trapped inside some kind of files container, then I could simply delete Mozilla Firefox files and replace them with a new fresh container of FF files.

Perhaps there are other ideas too.. i am searching. I would be glad to get more advices..

thanks.
Computer: an inexpensive: i3-4130 - HD Graphics 4400 on Asus H81M-A, 8gb ram, Linux Mint Cinnamon 18.3 64bit, Kernel 4.10.0.38, Browser Firefox 58.0.2, Addons: NoScript, Privacy Badger, HTTPS everywhere, Cookie Autodelete and a VPN access.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0

barbaz
Senior Member
Posts: 9052
Joined: Sat Aug 03, 2013 5:45 pm

Re: Evercookies

Post by barbaz » Sat Mar 24, 2018 1:20 am

This seems like more of a general question than a NoScript question, so moving to Web Tech.

Since you're using Linux, try using firejail with the --overlay-tmpfs option. firejail is available in the standard Ubuntu repositories if you're using Ubuntu 16.04 or later.
EDIT Oops, you're not using Ubuntu, you're using Linux Mint with the Ubuntu build of Firefox. I don't know which Ubuntu version Mint 18.3 is based on.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3332
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Evercookies

Post by GµårÐïåñ » Sat Mar 24, 2018 1:35 am

Agreed, when I read it I thought the same thing, but wasn't sure if maybe I misunderstood, thank you for handling it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

barbaz
Senior Member
Posts: 9052
Joined: Sat Aug 03, 2013 5:45 pm

Re: Evercookies

Post by barbaz » Sat Mar 24, 2018 1:36 am

GµårÐïåñ wrote:Agreed, when I read it I thought the same thing, but wasn't sure if maybe I misunderstood, thank you for handling it.
np Image
*Always* check the changelogs BEFORE updating that important software!
-

Peace
Posts: 10
Joined: Mon Aug 29, 2016 5:50 pm

Re: Evercookies

Post by Peace » Sat Mar 24, 2018 12:46 pm

Thank you for the subject management. :D

FireJail seems like a very good idea, I was not aware the therm was Sandboxing an application before yesterday and that was a very standard security procedure. If I succeed in installing and using it, it should do the job properly! Ill work on that today.. and I decided to get my first SSD drive today too.

I have another question about the Evercookie. I use Veracrypt to keep my files into containers so when I backup, I simply have to transfer the container to an external drive. My primary Ceracrypt container is 200 gb, of various files, MP3s, Libre office files, images, videos. Obviously no applications installed there. But this container is usually opened all the time when I use the computer so it's possible to access the files.

Since that archive is several years old, is it possible some Evercookies could be hidden into it?
Computer: an inexpensive: i3-4130 - HD Graphics 4400 on Asus H81M-A, 8gb ram, Linux Mint Cinnamon 18.3 64bit, Kernel 4.10.0.38, Browser Firefox 58.0.2, Addons: NoScript, Privacy Badger, HTTPS everywhere, Cookie Autodelete and a VPN access.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0

barbaz
Senior Member
Posts: 9052
Joined: Sat Aug 03, 2013 5:45 pm

Re: Evercookies

Post by barbaz » Sat Mar 24, 2018 2:41 pm

If you read the Wikipedia article on Evercookies youll see what needs to be deleted to get rid of existing evercookies.
*Always* check the changelogs BEFORE updating that important software!
-

Peace
Posts: 10
Joined: Mon Aug 29, 2016 5:50 pm

Re: Evercookies

Post by Peace » Sun Mar 25, 2018 12:14 am

@barbaz thanks, some point could be under control from the list... but other points I can't say like HTML5.

Standard HTTP cookies -> These should be under a certain control with Firefox cookies options has well has Cookie Auto-Delete, cookies deleted in real time.
local shared objects (Flash cookies) --> these can be disabled with Adobe's web interface.. and flash is blocked by firefox by default.
Silverlight Isolated Storage --> I don't have silverlight installed, problem solved!
Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out --> This I don't know
Storing cookies in Web history --> Firefox auto delete all history this point should be under a certain control.
Storing cookies in HTTP ETags --> This I don't know
Storing cookies in Web cache --> Firefox is set to use 0kb of cache.
window.name caching --> This I don't know
Internet Explorer userData storage --> I don't use internet explorer.
HTML5 Session Web storage --> This I don't know
HTML5 Local Web storage --> This I don't know
HTML5 Global Storage --> This I don't know
HTML5 Web SQL Database via SQLite --> This I don't know

I installed firejail today and running a sandboxed Firefox. I still need to read more about it to understand more things about what's happening in there.
Computer: an inexpensive: i3-4130 - HD Graphics 4400 on Asus H81M-A, 8gb ram, Linux Mint Cinnamon 18.3 64bit, Kernel 4.10.0.38, Browser Firefox 58.0.2, Addons: NoScript, Privacy Badger, HTTPS everywhere, Cookie Autodelete and a VPN access.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9052
Joined: Sat Aug 03, 2013 5:45 pm

Re: Evercookies

Post by barbaz » Sun Mar 25, 2018 1:42 am

Most of that should be cleared out by Firefox's Clear History if you check all the boxes (except "Site Preferences", which isn't related to data stored by websites). I would suggest not having any website open when doing this.

I'm not sure about window.name. WebSQL probably isn't supported, you can verify it at https://html5test.com/
*Always* check the changelogs BEFORE updating that important software!
-

Peace
Posts: 10
Joined: Mon Aug 29, 2016 5:50 pm

Re: Evercookies

Post by Peace » Sun Apr 01, 2018 8:53 pm

Ok then I might be safer then I though.

I like No Script very much, I wish we could have more layers to work around the main scripts of a page to be able to slice parts of it. For instance this website is full of junk:

www_meteomedia.com_/ca

But I have to trust 2 main scripts in order to use the website, meteomedia.com and twnmm.com. There is no way for me to tell if these scripts have tracking capabilities or not, could it be possible to have some kind of analyser with options preventing part of these 2 scipts to access the internet once they are loaded?

This website has an auto-refresh option which is useless, annoying and waste of bandwidth too. We would be fun to be able to cut that part of the script only and leave the rest running.
Computer: an inexpensive: i3-4130 - HD Graphics 4400 on Asus H81M-A, 8gb ram, Linux Mint Cinnamon 18.3 64bit, Kernel 4.10.0.38, Browser Firefox 58.0.2, Addons: NoScript, Privacy Badger, HTTPS everywhere, Cookie Autodelete and a VPN access.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

Post Reply