14 DAY TRIAL // A newly released open source tool allows webmasters to create extremely persistent cookies, which get stored in several different places through a variety of methods.
Dubbed "evercookie" the JavaScript API is the creation of Samy Kamkar, the former hacker who brought MySpace to a halt in 2007 after releasing a cross-site scripting worm on the platform.
Historically speaking, cookies have refer to small text files stored by websites inside browsers in order to identify logged in users.
Since they can also be used to track visitors between visits, today's modern browsers simple privacy controls, that can be used to easily delete them.
However, with the advancement of Web technologies, the places where such data can be stored has diversified, opening the door to abuse.
For example, there are currently several class action lawsuits pending against media and entertainment companies, who allegedly abused Flash Local Shared Objects (LSO) to re-spawn cookies deleted via the browser.
Evercookie is a proof-of-concept tool that does exactly that – it makes sure deleted cookies can be re-created if deleted by storing them in numerous places.
At the moment it can store unique identifiers in standard HTTP cookies, Local Shared Objects, HTML 5 session storage, HTML5 local storage, HTML5 global storage, HTML5 database storage (SQLite), the RGB values of PNG images or the browser's web history.
"With all the methods available, currently eight, it only takes one cookie to remain for most, if not all, of them to be reset again," explains the API's creator, who plans to add support for Silverlight Isolated Storage and a Java-based technique as well.
Another interesting aspect about evercookie is that it can achieve its purpose accross different browsers. If the the LSO cookie version is not deleted, it can be used to replicate in all locations inside a clean browser.