

How a new type of “evercookie” tracks you online - kafkaesque
http://www.economist.com/blogs/economist-explains/2014/08/economist-explains-3

======
mmastrac
This seems reasonably easy to disable.

Off the top of my head: when rasterizing text, use a pseudo-random, invisible
perturbation of a few pixels in the output bitmap seeded with a hash of the
current domain and perhaps the number of days since the epoch.

------
randomwalker
Other threads about this paper:

[https://news.ycombinator.com/item?id=8064934](https://news.ycombinator.com/item?id=8064934)

[https://news.ycombinator.com/item?id=8147376](https://news.ycombinator.com/item?id=8147376)

------
ZitchDog
I would think you could get away with using (ip, user-agent) to, fairly
reliably, recreate a cookie. It seems like it would be pretty rare for a user
to clear their cookies _and_ get a new IP address at the same time.

~~~
brokentone
The correlations can be pretty taxing though, these processes are cheap and
client-side.

~~~
kazinator
Bingo: the beauty of the cookie is that the client stores it for you.

If you start storing IP address and user agent info, you open yourself to
attacks that try to flood your database. If a botnet visits your website with
millions of different IP addresses, and each one fakes half a dozen user
agents, oops!

(The lesson from TCP and why it has SYN cookies now.)

------
kazinator
If third-party scripts are used to perpetrate these ever-cookie exploits, then
the NoScript extension in Firefox may be effective against them. With
NoScript, you can block Javascript on a site-by-site basis. Many websites are
quite functional even when you disable much of the third-party Javascript that
they rely on (Javascript fetched from domains other than the one matching that
site). For instance, I've never had a problem with any site that uses
Javascript from Google Analytics, even though I block it.

~~~
Mandatum
They've gone and labelled the many different ways a browser can be tracked
across websites as "ever-cookies". Most, if not all of the methods mentioned
have been used for more than 12 months. That's a long time in the online
advertising world.

