Want a way to block/remove evercookies.
Before Firefox 57, I had "BetterPrivacy" in hopes it would remove evercookies. That add-on is gone. I would like a way of blocking evercookies (zombie cookies), and removing what's already on my system. How can I do this within Firefox 57? If that's not possible, is there a good add-on for this? If not, how do I make the suggestion, either to the Firefox programmer community, or to the community of people who do add-ons?
Thank-you.
All Replies (4)
Evercookies used to refer to cookies (LSO; locally stored objects) created by the Flash plugin. If you keep this plugin disabled ("Never Activate" or "Ask to Activate") then you shouldn't have them.
There are more types of storage in current browsers that website can use toy store data locally, so there is less need to use a lot of cookies that need to be send with every request.
Thank-you.
Based on the Wikipedia evercookie article ("https://en.wikipedia.org/wiki/Evercookie"), my sense is that "evercookie" means something broader than what I understand you to be saying. An evercookie can be stored as an LSO object as you say, but also in at least 12 other places. An extract of the article is here between the lines of dashes:
An Evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:
Standard HTTP cookies local shared objects (Flash cookies) Silverlight Isolated Storage Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out Storing cookies in Web history Storing cookies in HTTP ETags Storing cookies in Web cache window.name caching Internet Explorer userData storage HTML5 Session Web storage HTML5 Local Web storage HTML5 Global Storage HTML5 Web SQL Database via SQLite
The developer is looking to add the following features:
Caching in HTTP Authentication Using Java to produce a unique key based on NIC information.
So if any copy of an evercookie is deleted, it can be re-created. Thus blocking LSOs is not adequate. How can I get rid of *all* copies of evercookies associated with a tab when I close that tab, or all copies of all evercookies when I close Firefox?
Note that IndexedDB is missing from the list and SQL Database never really made it. The Storage Inspector in mentioned above can reveal HTML5 stoage methods and regular cookies. Flash you can control by allowing or blocking Flash. Silverlight is no longer supported (only Flash is supported). Storing data obscure places like ETAGS and links (GET DATA) can be limited by clearing the cache regularly or using Private Browsing mode (be aware that Tracking Protection can lbock wanted content).
See also:
Thank-you, cor-el.
I consider this closed.