I considered just giving up – but, I’ll be damned if I will. I take every precaution I can to guard against the invasive parasitic practices of data collectors who are persistent in their attempts to collect “anonymous” data on my personal browsing habits. But, it’s never enough.
Despite my precautions – despite the tools I use in an attempt to respond to the insidious nature of web tracking – I find myself fighting a constant rear guard action. No sooner do I reach a plateau from which I can exert a functional level of control over the “behind closed doors nature” of Internet tracking – than I’m forced to deal with an even more insidious method of personal data collection.
Let’s spin back for a moment, to the time when the so called LSO (Flash Cookie) was introduced as a response to users gaining control over standard HTTP cookies. Control which allowed for the acceptance, the rejection, and the wiping of private data – including wiping cookies.
The Flash Cookie changed all that. By design, a Flash Cookie (Super Cookie)remains active on a system even after the user has cleared cookies and privacy settings. BetterPrivacy – a free Firefox add-on, stepped into the battle to address this issue, and gave users an opportunity to identify, and delete, Super Cookies.
When a Tracking Cookie is not obvious to a casual Internet user and, when that cookie cannot be deleted without the aid of a specialty cleaner, then Internet tracking has been taken to a level that borders on deception. Hell, let’s call it what it really is – crooked, immoral, fraudulent, illegal, ……..
When I first wrote on Super Cookies in September 2009, I made the following comment -
“……….with little resistance being offered by the “sheeple”, and a failure by regulatory authorities to enact appropriate consumer protection laws, we can expect privacy intrusions , like this, to accelerate.”
It’s hardly surprising then, that we are now faced with the Evercookie (HTML5 Cookies)
An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:
- Standard HTTP cookies
- Local Shared Objects (Flash cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web history
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
Hold on – there’s more:
The developer is looking to add the following features:
- Caching in HTTP Authentication
- Using Java to produce a unique key based on NIC information.
We’re not quite finished.
With this tool it is possible to have persistent identification of a specific computer, and since it is specific to an account on that computer, it links the data to an individual. It is conceivable this tool could be used to track a user and the different cookies associated with that user’s identifying data without the user’s consent. The tool has a great deal of potential to undermine browsing privacy.
I don’t know what your definition of hacking, or illegal access encompasses – but, in my view, the placement of an Evercookie steps over the line into the realm of cybercrime. I suggest to you, that if a government were to penetrate a user system to plant an Evercookie as a matter of course – the outrage would be immediate. But, private enterprise does it – and the “sheeple” happily bow to what they consider the inevitable.
The tracking industry (a multi-Billion dollar industry), has gone too far on this one. I predict the litigation lawyers, and privacy advocates, will run out the big guns in a justifiable attempt to eradicate this spyware.
Personally, I believe that criminal charges should be laid against the executives of those organizations currently using Evercookie. I see no difference between these yahoos, and Russian cybercriminals.
Additional statistics on which web sites are currently using Evercookies can be had by reading an eye opening article by one of my favorite Tech writers Ed Bott – here.
In the meantime, you might consider installing BleachBit – an open source application which will delete Evercookies from your system.
In the following screen capture I have focused on a Firefox cleanup – including wiping HTML5 cookies.
In this screen capture the focus is on deleting Flash cookies ((Super Cookies).
Lets take a look at a preview of what’s going to be deleted -
Choosing the same parameters using CCleaner (a Flash and Firefox cleanup), leads to a considerable difference.
BleachBit quickly frees disk space and tirelessly guards your privacy.
Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn’t know was there.
Designed for Linux and Windows systems, it wipes clean 90 applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more.
Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster.
Better than free, BleachBit is open source.
System requirements: Window, Linux.
Languages: This application is available in 56 languages.
Download at: SourceForge
BleachBit is a powerful application; I recommend that you spend some time becoming familiar with its operation and capacity, before using for the first time.
You should consider viewing a tutorial video available here.