|Evercookies and how to kill them|
Nice one ( and two ) Trevor :)
From my favorite sysadmin..
"The Evercookie: Like trying to kill Steven Seagal"
Useful info for those new to this subject can be gained from the comments sections in both articles..
including a fiendish way to deal with Steven Seagal..
The whole browser referral and cookie hysteria cracks me up.
The simplest way to get rid of all that crap is by using an anonymous proxy that scrubs the data sent between the browser and the rest of the world, easy peasy.
People that want complete privacy can already get it this way.
The people that don't want it, keep doing what you're doing and stop whining about privacy.
|The simplest way to get rid of all that crap is by using an anonymous proxy |
Problem with that is that many so called "anonymous proxys" actually leak information like buckshot sieves, and only those of us that have access to our own sites and full access to raw logs can tell how much data is being leaked when using them..
Last time I was testing a geo location script out I was looking for proxys , both anonymous and some based in various specific countries..most of the so called anonymous ones leaked..I could see detail of my tracks in my logs..and almost all of the ones which were supposedly in specific countries , actually were not where they claimed to be and so I was being diverted to pages in my own sites that if the proxy owners had been honest about their set ups would not have happened..
Putting your faith in some anonymous owner of some anonymous proxy,( who also needs to make a living to pay their costs..and how might they do that I wonder..selling data of their users, might be one way ) is IMO no better than putting it in Marky or Eric or Joe Schmo, when they say they are not really tracking you..
Are you posting and modding here via a proxy ? ..do you always remember to do so when you want to ? do you trust others to look out for you more than you trust yourself ?
And using even a perfect anonymous proxy ( and whose owner never changes , nor gets case of "lower ethical standards" )..doesn't "get rid of that crap" at all ..just means the crap has no name or ID stuck to it, but it doesn't get rid of it ..nor stop it accumulating into an ever more accurate picture of the owner of the machine that it is on..
The continuing saga of the Leo & Bill show... :)
First, instead of legislating browsers and in an effort to increase awareness of the issue, the simplest thing to do would be for the ISPs to provide an anonymous proxy for anyone to use with their service. Your ISP probably can't be trusted either, but they have access to everything you do already so you might as well let them be the source of the proxy instead of some random proxy out on the web. However, there are some trustworthy proxy services out there, but that's another thread for another day.
Second, when hundreds of customers use the same proxy you really can't back peddle which machine did what access. There is no accurate picture of any specific customer, it's a big convoluted mess all coming from a single IP or a random IP pool. Trying to track AOL customers thru an ecommerce shopping session was a nightmare because they were swapping IPs about every 15 minutes, there is no way to get a lock on those customers if they toss their cookies, they might as well be anonymous already.
Lastly, just to make sure your browser isn't leaking, you can make a local anonymous proxy, I've done this before, it filters both ways and is the ultimate ad blocker. Not only can you get rid of tracking data being sent out, but all pages can be filtered coming in long before they hit the browser, such as filtering malware in real time like Avast AV does with their web proxy, it's the best defense around.
Cookies could even be maintained at the proxy level and scrubbed before sending to the browser, lots of tricks you could do to keep your machine clean and leave most of the tracking garbage in a neutral 3rd party location.
FWIW, you're making a good case for a private proxy site business model, like Proxify. If people are really concerned there could be coin involved for the right price point. Simply cover the the site with all the usual security FUD like BBB, eTrust, Verisign, SSL, etc. to make 'em feel warm 'n fuzzy and watch the cash roll in. If you use a bunch of random IPs to assemble pages like a TOR proxy does, you could really make the thing super anonymous, like fetching the page from one IP, the images from other IPs, the CSS from yet another IP, it would make webmasters insane trying to figure out their access logs LOL
Also, Amazon's new Silk browser on Kindle Fire using the AWS servers (boatload of IPs) and cache proxy servers are basically doing this already, some what sort of, privacy might not be much of an issue with Kindle Fire with just a few tweaks.
Just open their Silk browser technology up to the rest of the world for a small fee or FREE to Amazon Prime customers ...
Found something interesting
Is Amazon Silk going to be a d-load for Wins?
Possibly, check that DN: