

Abusing the Cache: Tracking Users without Cookies - madars
http://joshduck.com/blog/2010/01/29/abusing-the-cache-tracking-users-without-cookies/

======
wanderr
That's a pretty ingenius hack. More limited in use than a real cookie (real
cookies are sent along with every request; even for images etc), but still
pretty cool.

------
mey
<http://panopticlick.eff.org/>

~~~
dagobart
IIRC this was on Hacker News less than a week ago. 4 points for simply
repeating it? I'm startled.

~~~
mey
It was on HN. but the title was only panopticlick, so I figured people may
have skipped over it, and it's relevant to this conversation.

------
qeorge
Perhaps a simple fix at browser level would be to treat cached files with
future etags like cookies, clearing or ignoring them with the same policy.

Its a genius trick though.

------
kree10
It's neat, but it's not a new idea. <http://sourcefrog.net/projects/meantime/>

------
teej
Chrome's incognito window shields you from this attack - it starts you off
with a fresh set of history/cache/cookies every time you start it up.

~~~
appathy
It's not an attack.

------
amalcon
This could be defeated easily by a good, old-fashioned web proxy. Other than
that, or blacklisting, there's no efficient way around it. Wow.

------
dageroth
one purpose is webtracking, especially in the affiliatemarketing niche, which
"suffers" from cookie deletion because the cookiebased-tracking then does not
recognize visitors and thus affiliates don't get paid... fingerprint methods
are another alternative, although less precise and more difficult to
implement.

------
wglb
Wow. No javascript required, cookies turned off, just the browser cache and he
will find you and hunt you down.

~~~
Batsu
The only thing missing is purpose.

~~~
dagobart
I guess once you can tell who is who, you can start targeted marketing.

Or collect data on people. Likely only a matter of time until you can build up
a complete record, including name, address, social security number.

------
giardini
And for users who disable caching?

~~~
cfpg
And for users who disable cookies?

------
appathy
Very clever. Props for creativity and originality.

