“Evercookie”的意思、由来-开放百科全书

Evercookie is a JavaScript-based application created by Samy Kamkar which produces zombie cookies in a web browser that are intentionally difficult to delete.^[1]^[2] In 2013, a top-secret NSA document was leaked by Edward Snowden,^[3] citing Evercookie as a method of tracking Tor users.

Background

A traditional HTTP cookie is a relatively small amount of textual data that is stored by the user's browser. Cookies can be used to save preferences and login session information; however, they can also be employed to track users for marketing purposes. Due to concerns over privacy, all major browsers include mechanisms for deleting and/or refusing to accept cookies from websites.

Adobe Systems claimed that the size restrictions, likelihood of eventual deletion, and simple textual nature of traditional cookies motivated it

While Adobe has published a mechanism for deleting LSO cookies (which can store 100 KB of data per website, by default),^[5] it has met with some criticism from security and privacy experts.^[6] Since version 4, Firefox has treated LSO cookies the same way as traditional HTTP cookies, so they can be deleted together.^[7]^[8]

Description

Samy Kamkar released v0.4 beta of the Evercookie on September 13, 2010, as open source.^[2]^[9]^[10] According to the project's website:

An Evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired.^[11] Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:

See also

References

1. ^{{cite news | title=New Web Code Draws Concern Over Privacy Risks | url=https://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp | work=The New York Times | first=Tanzina | last=Vega | date=2010-10-10}}
2. ^¹{{cite web | title=Samy Kamkar - Evercookie | url=http://www.samy.pl/evercookie}}
3. ^{{cite news | title='Tor Stinks' presentation | work=The Guardian | url=https://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document}}
4. ^{{cite web|title=What are local shared objects? |url=http://www.adobe.com/products/flashplayer/articles/lso/ |deadurl=yes |archiveurl=https://web.archive.org/web/20100529082335/http://www.adobe.com/products/flashplayer/articles/lso/ |archivedate=2010-05-29 |df= }}
5. ^{{cite web | title=How to manage and disable Local Shared Objects | url=http://kb2.adobe.com/cps/526/52697ee8.html}}
6. ^{{cite web | title=Local Shared Objects -- 'Flash Cookies' | url=http://epic.org/privacy/cookies/flash.html}}
7. ^{{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=625495 |title = Bugzilla entry 625495 - Clear Adobe Flash Cookies (LSOs) when Clear Cookies is selected in the Privacy > Custom > Clear History |author = Mike Beltzner |accessdate = 2011-09-28 |date = 2011-01-13 |quote = Change to the "on close" firefox behavior to use the new NPAPI ClearSiteData API.}}
8. ^{{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=625496 |title = Bugzilla entry 625496 - Clear Adobe Flash Cookies (LSOs) when Cookies is selected in Clear Recent History |author = Mike Beltzner |accessdate = 2011-09-28 |date = 2011-01-13 |quote = Change to the "clear recent history" firefox behavior to use the new NPAPI ClearSiteData API.}}
9. ^{{cite web | title=Evercookie source code | url=https://github.com/samyk/evercookie/commits/master| date=2010-10-13 | accessdate=2010-10-28 }}
10. ^{{cite web | title=Schneier on Security - Evercookies | url=http://www.schneier.com/blog/archives/2010/09/evercookies.html | date=2010-09-23 | accessdate=2010-10-28 }}
11. ^{{cite web | title=It is possible to kill the evercookie | url=https://arstechnica.com/security/news/2010/10/it-is-possible-to-kill-the-evercookie.ars | date=2010-10-27}}