cancel
Showing results for 
Search instead for 
Did you mean: 

Undeletable Cookies

Community Veteran
Posts: 38,244
Thanks: 933
Fixes: 54
Registered: 15-06-2007

Undeletable Cookies

http://www.theregister.co.uk/2011/08/16/cookie_respawning_secrets_revealed/
The bit which concerned me was that it included Spotify
Update - from the linked paper http://ashkansoltani.org/docs/respawn_redux.html
Quote
(*Hulu and KISSmetrics have both ceased respawning as of July 29th 2011)
9 REPLIES
Community Veteran
Posts: 6,307
Thanks: 86
Fixes: 3
Registered: 08-01-2008

Re: Undeletable Cookies

There's no such thing as undeletable cookies in our house, if the missus doesn't 'delete' the whole packet within 5 nimutes of them being opened it's a certainlty that the kids will have them pollised off very shortly after.
Being a little more serious though:
Quote
even when all cookie storage was disabled and sites were viewed using a browser's privacy mode

is rather concerning.
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Community Veteran
Posts: 13,920
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Undeletable Cookies

Yep, its really worrying..
To think, from those cookies they could hack your bank, get your credit card details, order things online in your name and get them sent to a different address...
Then they could steal your identity... all from a cookie that stores nothing like it  Roll eyes
Seriously cookies have always been over rated by the paranoid online. Tracking is about getting visitor numbers, seeing how many sales pages converted to sales, who uses what browser etc.
Seriously, what possible harm can you think of from the top of your head for that?
I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 6,307
Thanks: 86
Fixes: 3
Registered: 08-01-2008

Re: Undeletable Cookies

Quote
Seriously, what possible harm can you think of from the top of your head for that?

My concern would be that if ths can be installed without your consent or knowledge and can't even be blocked from doing so then how long before the same 'technology' is added to more sinister code?
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Community Veteran
Posts: 13,920
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Undeletable Cookies

'Installed' ?
Nothing is installed to your computer at all. It's a modified http request thats all. They found a way to use an ETag in the headers. Thats it.
Nothing sinister, nothing installed, no personal details etc.
Sure, it could be used to track you and your interests (EG Halfords could start showing you adverts of things you looked at on their site previously - which they're already doing) but there isn't much else.
Ever since the first cookie scares in 98 I've heard people panicking time after time about cookies, being tracked, the 'future sinister' uses etc. In 13 years no sinister use has come about from them.
Now, here is the bit that SHOULD alarm you. When you login to your webmail or forum such as the PN one, did you know it uses sessions? Sessions are bits of information the server keeps in a small file on the disk called a session file. Everytime you click a link your browser sends a unique session code to the server so that the script can read your data quickly without the need to use the database.
Now, how do you suppose the browser knows the session identity? - It's stored in a cookie  Grin  Cheesy  Wink  Roll eyes
Now.. correct me if I'm wrong but when was the last time you heard of people becoming paranoid about sessions? - which are potentially more dangerous to abuse (steal a cookie via wifi and you can get into that persons accounts). I've rarely heard about anyone complain about this and yet sessions are powered directly by cookies  Roll eyes
So.. really.. what is the risk? You use cookies all the time without realising it or knowing what their purpose is for. All you know is what you've heard - that people can track you online and apparently take all your details, login to your bank etc.
I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 6,307
Thanks: 86
Fixes: 3
Registered: 08-01-2008

Re: Undeletable Cookies

I'm happy to stand corrected, I'm certainly no expert but if nothing is installed how can it recognise the same PC time after time?  Does my PC transmit a unique identifier every time I use the internet?
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Community Veteran
Posts: 13,920
Thanks: 514
Fixes: 7
Registered: 01-08-2007

Re: Undeletable Cookies

Every PC has a MAC address associated with its hardware (eg ethernet socket, wifi card, DSL modem) etc but thats not normally detectable over the internet just the network you have and your ISP.
I don't know the exact details of how the ETag works but as I understand it the browser stores it and sends it back to any site which wants it. I can't be more specific as I've not tried using it myself and the article I read a few days back gave limited details on how it works (but I've seen it in quite a few headers from various websites).
I need a new signature... i'm bored of the old one!
Moderator
Moderator
Posts: 16,525
Thanks: 1,780
Fixes: 123
Registered: 06-04-2007

Re: Undeletable Cookies

Quote from: Sprite
Every PC has a MAC address associated with its hardware (eg ethernet socket, wifi card, DSL modem) etc but thats not normally detectable over the internet just the network you have and your ISP.

Surely, if the ISP can detect it then anyone with the know-how can?

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

198kHz
Seasoned Pro
Posts: 3,217
Thanks: 253
Fixes: 7
Registered: 30-07-2008

Re: Undeletable Cookies

I think what Sprite meant is that a website can detect which ISP you are using - which of course is obvious from your IP address.
Not young enough to know everything
Community Veteran
Posts: 5,314
Thanks: 462
Fixes: 1
Registered: 21-03-2011

Re: Undeletable Cookies

The ISP can whack a request down the line to request the hardware Id (MAC address) of the router connected to your broadband link, it's all part of the network protocol, but generally the MAC addresses of the equipment on the home side of the router do not pass through to the ISP.  If you run some protocol analyser software on your LAN you can watch this process in operation. Every so often the router sends out a broadcast request which equates to "who's on the line". Responses are transmitted back from each of the network cards along the lines of  "I'm here.. and this is my address."
If you place suitable javascript on a web page you can deduce the MAC address of the device (PC) reading that page and report it back to a remote server.
Now Zen, but a +Net residue.