18 comments

[ 2.6 ms ] story [ 50.6 ms ] thread
Did you know that Java has its own version of Flash's Local Shared Objects? They are also known as "muffins" and have pretty much the same abilities (including resurrecting HTTP cookies.) So far they aren't used much, but any new regulations that apply to one are also likely to apply to the other.
Interesting. Even java would be blocked by browsers using "privacy mode" though would it not?
No. I Just tested in FireFox (7.0.1; Private Browsing) and Chrome (14.0.835.202 m; Incognito.) Both still run the applet without prompting and allow it to read & write the muffin store.
I just don't see any good that can come from legislators getting involved here. Also, if you want to do your own supercookies, check out: http://samy.pl/evercookie/
If you don't want legislators to get involved, then please stop promoting underhanded techniques which abuse browser features.
It doesn't need promoting. Anybody that wants to do it is already, or can figure it out themselves. In the meantime, it's nice to keep the general population informed.
Make better software. Hackers are what drive innovation. I for one support this mans use of "supercookies". Law is not the answer for everything. We can fix things through advancement of technology not additional (pointless) legislature.
I investigated supercookies (evercookie? no mention of samy in the article?) the other day in all of 5 minutes.

Yes, they work on most modern browsers, and are very difficult to remove entirely.

No, they do not store anything on any modern browser surfing in "privacy" mode.

I was pretty disappointed to be honest. I was hoping to use them to track fraudulent free trial abusers.

Did you look into Etag tracking? http://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags

This might work in "privacy" mode as far as I understand, unless you disabled the local cache? I have not tested this.

I don't know about other browsers, but Chrome's Incognito Mode has a separate cache completely, which is wiped on closing.
Wiping the cache on browser close isn't a "good" solution. It doesn't prevent cross site tracking across a single session, which means your accounts can be linked together.

I completely disabled the cache in Firefox two months ago for this very reason. I haven't noticed any performance problems with this in my general day to day browsing, but I have a decent broadband connection, and good connectivity at work so YMMV. Here's how I did it: https://grepular.com/Preventing_Web_Tracking_via_the_Browser...

Hey, what this .swf file? Oh, that's a "Small Web File". LOL!

Flash just needs to die. It adds nothing to my "user experience". Except stealth tracking of course.

This has nothing to do with Flash per se. There are many techniques for storing persistent data that survives a regular cookie cleanup, of which Flash cookies are just one.
This is not the answer. Why don't we invent technology that beats the "supercookie" instead of passing laws that restrict innovation and ideas?
Easier said than done. You can create a "cookie" by simply sending a unique image to a users browser with a long cache time, and then reading that back with JavaScript on each page.

If you disable your browsers cache and/or JavaScript, I guess that would fix this particular issue.

If you want to keep both the cache, and JavaScript, then you need to stop people from doing this sort of thing, with legislation.

So the solution for really hard technology problems is government laws? Ridiculous.
Explain why what I said is ridiculous, or I'll discard your comment as nonsense.

If we don't have a technical solution for a problem (which we don't in this case), then regulation is appropriate. If and when we find a technical solution for this problem, then the legislation will be deprecated. Until that point, it is useful.

What is "ridiculous", is assuming that all problems have technical solutions.

Congress only wants to investigate because they're hoping to get new sources of data to use against the people.