User tracking on the web is an interesting field. There are projects like evercookie that provide insight into the different techniques that are available given todays web client technologies.
The methods listed by evercookie that I thought were particularly curious are:
– Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
– Storing cookies in HTTP ETags
And of course the various methods used by evercookie all cause the original HTTP cookie to re-spawn.
The code is available at https://github.com/samyk/evercookie and is worth a look if you are interested in this sort of thing. The evercookie page has descriptions of how some of the techniques work, along with a sample piece of code to get started with.
2 replies on “Cookies That Won’t Die: evercookie”
Particularly curious sounds right. The RGB/PNG/HTML5 scenario sounds overly complex to me.
Complex, but it if works, could be useful. And definitely important to know about. Don’t expect the bad guys not to use certain methods because of additional complexity.