On 08/23/2016 12:26 PM, Mike Wright wrote:
On 08/23/2016 09:32 AM, Drew Samson wrote:
On 08/23/2016 10:03 AM, stan wrote:
So, this brought evercookies to my attention. I noticed that even when
Are you using google dns? (8.8.8.8)
How would google dns go about setting an evercookie?
In a static & isolated non-rfc 2136 context probably and hopefully not
at all. However dns integration may go far beyond that context.
Once one decides to go the google domain route and perhaps integrates a
directory service of some type into the equation and then enables ddns
now you have a totally different context and other protocols & ports
other than 53 open up and google dns may be right in the middle of it. I
used to work for a company that did this. Then you would have ldap & dns
integration which then provides massive openness all thru simple dns
decisions and convenient registering of all devices in the domain in
both dns & ldap. Then when you have the creator state: "...there are
numerous methods for storing cookies locally..." it's a small step for
the legal department at google to tell the exec's "they asked for it"
when some imaginative developer decides to propagate them and preserve
them on the network which as far as I know hasn't happened yet...but who
is to say what methods they will try tomorrow to make more $ and be more
persistent? It's already plain to see they seek to obfuscate as much as
possible and are willing to use disk space we pay for to make $ for
them! My point above is simply to encourage folks to think thru their
decisions.
When one uses free services one must be very careful to determine
whether or not they themselves are the product for sale...if one cares
about such things. When Mark floated the idea of taking Facebook public
many experts wondered how in the world he would make $ on his social
media site. However, Mark had already figured out he had hundreds of
millions of "products" for sale and those experts aren't wondering anymore.
Here is what the creator had to say about them:
Samy Kamkar: "Evercookie is a Javascript API that allows storing cookie
data in a number of different locations when a user visits a web page.
Normal sites would typically just store data (such as a session
identifier) in something like a cookie.
However, Evercookie not only uses the cookie, but a number of other
locations such as Flash cookies, Silverlight isolated storage, and
various locations of HTML5 storage. When a user deletes their standard
cookies, the other locations remain and are able to rebuild the original
cookie.
I built Evercookie as a proof of concept, wanting to show how web sites
are able to track users even if they delete standard cookies and LSOs.
Evercookie also sheds light on the fact that there are numerous methods
for storing cookies locally. Finally, Evercookie acts as a litmus test
for users who want to see if they're protected from web sites that track
like this."
We all know this left proof of concept long ago.
Drew
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
