Jump to content

Evercookie: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Background: Main space move
Fix cite date error
Line 1: Line 1:
[[File:Tor_Stinks.pdf|thumb|'Tor Stinks' [[NSA]] presentation |page=7]]
[[File:Tor_Stinks.pdf|thumb|'Tor Stinks' [[NSA]] presentation |page=7]]
'''Evercookie''' (also known as supercookie<ref name=":0">{{Cite journal|last1=Bujlow|first1=Tomasz|last2=Carela-Espanol|first2=Valentin|last3=Lee|first3=Beom-Ryeol|last4=Barlet-Ros|first4=Pere|date=2017|title=A Survey on Web Tracking: Mechanisms, Implications, and Defenses|url=http://dx.doi.org/10.1109/jproc.2016.2637878|journal=Proceedings of the IEEE|volume=105|issue=8|pages=1476–1510|doi=10.1109/jproc.2016.2637878|hdl=2117/108437|s2cid=2662250|issn=0018-9219}}</ref>) is a JavaScipt [[API]] that identifies and reproduces intentionally deleted cookies on the clients' browser storage.<ref name=":3">{{Cite journal|last1=Acar|first1=Gunes|last2=Eubank|first2=Christian|last3=Englehardt|first3=Steven|last4=Juarez|first4=Marc|last5=Narayanan|first5=Arvind|last6=Diaz|first6=Claudia|date=2014|title=The Web Never Forgets|url=http://dx.doi.org/10.1145/2660267.2660347|journal=Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14|pages=674–689|location=New York, New York, USA|publisher=ACM Press|doi=10.1145/2660267.2660347|isbn=978-1-4503-2957-6|s2cid=8127620}}</ref> Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies.<ref name=":2">{{Cite journal|last1=Kramár|first1=Tomáš|last2=Barla|first2=Michal|last3=Bieliková|first3=Mária|date=2013-02-01|title=Personalizing search using socially enhanced interest model, built from the stream of user's activity|url=https://dl.acm.org/doi/abs/10.5555/2481562.2481565|journal=Journal of Web Engineering|volume=12|issue=1–2|pages=65–92|issn=1540-9589}}</ref> It was created by [[Samy Kamkar]] in 2010 to demonstrate the possible infiltration from the websites that use respawning. <ref name=":4">{{Cite journal|last1=Bashir|first1=Muhammad Ahmad|last2=Wilson|first2=Christo|date=2018-10-01|title=Diffusion of User Tracking Data in the Online Advertising Ecosystem|url=http://dx.doi.org/10.1515/popets-2018-0033|journal=Proceedings on Privacy Enhancing Technologies|volume=2018|issue=4|pages=85–103|doi=10.1515/popets-2018-0033|s2cid=52088002|issn=2299-0984}}</ref>
'''Evercookie''' (also known as supercookie<ref name=":0">{{Cite journal|last1=Bujlow|first1=Tomasz|last2=Carela-Espanol|first2=Valentin|last3=Lee|first3=Beom-Ryeol|last4=Barlet-Ros|first4=Pere|date=2017|title=A Survey on Web Tracking: Mechanisms, Implications, and Defenses|url=http://dx.doi.org/10.1109/jproc.2016.2637878|journal=Proceedings of the IEEE|volume=105|issue=8|pages=1476–1510|doi=10.1109/jproc.2016.2637878|hdl=2117/108437|s2cid=2662250|issn=0018-9219}}</ref>) is a JavaScipt [[API]] that identifies and reproduces intentionally deleted cookies on the clients' browser storage.<ref name=":3">{{Cite journal|last1=Acar|first1=Gunes|last2=Eubank|first2=Christian|last3=Englehardt|first3=Steven|last4=Juarez|first4=Marc|last5=Narayanan|first5=Arvind|last6=Diaz|first6=Claudia|date=2014|title=The Web Never Forgets|url=http://dx.doi.org/10.1145/2660267.2660347|journal=Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14|pages=674–689|location=New York, New York, USA|publisher=ACM Press|doi=10.1145/2660267.2660347|isbn=978-1-4503-2957-6|s2cid=8127620}}</ref> Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies.<ref name=":2">{{Cite journal|last1=Kramár|first1=Tomáš|last2=Barla|first2=Michal|last3=Bieliková|first3=Mária|date=2013-02-01|title=Personalizing search using socially enhanced interest model, built from the stream of user's activity|url=https://dl.acm.org/doi/abs/10.5555/2481562.2481565|journal=Journal of Web Engineering|volume=12|issue=1–2|pages=65–92|issn=1540-9589}}</ref> It was created by [[Samy Kamkar]] in 2010 to demonstrate the possible infiltration from the websites that use respawning.<ref name=":4">{{Cite journal|last1=Bashir|first1=Muhammad Ahmad|last2=Wilson|first2=Christo|date=2018-10-01|title=Diffusion of User Tracking Data in the Online Advertising Ecosystem|url=http://dx.doi.org/10.1515/popets-2018-0033|journal=Proceedings on Privacy Enhancing Technologies|volume=2018|issue=4|pages=85–103|doi=10.1515/popets-2018-0033|s2cid=52088002|issn=2299-0984}}</ref>


In 2013, [[Edward Snowden]] leaked a top-secret [[National Security Agency|NSA]] document that showed Evercookie can track [[Tor (anonymity network)|Tor]] (anonymity networks) users.<ref name=":1">{{Cite journal|last1=Kobusińska|first1=Anna|last2=Pawluczuk|first2=Kamil|last3=Brzeziński|first3=Jerzy|date=2018|title=Big Data fingerprinting information analytics for sustainability|url=http://dx.doi.org/10.1016/j.future.2017.12.061|journal=Future Generation Computer Systems|volume=86|pages=1321–1337|doi=10.1016/j.future.2017.12.061|issn=0167-739X}}</ref> Many popular companies use functionality similar to Evercookie to collect user information and track users. <ref name=":0" /> Further research on fingerprinting and search engines also draws inspiration from Evercookie's ability to persistently track a user. <ref name=":2" /><ref name=":1" />
In 2013, [[Edward Snowden]] leaked a top-secret [[National Security Agency|NSA]] document that showed Evercookie can track [[Tor (anonymity network)|Tor]] (anonymity networks) users.<ref name=":1">{{Cite journal|last1=Kobusińska|first1=Anna|last2=Pawluczuk|first2=Kamil|last3=Brzeziński|first3=Jerzy|date=2018|title=Big Data fingerprinting information analytics for sustainability|url=http://dx.doi.org/10.1016/j.future.2017.12.061|journal=Future Generation Computer Systems|volume=86|pages=1321–1337|doi=10.1016/j.future.2017.12.061|issn=0167-739X}}</ref> Many popular companies use functionality similar to Evercookie to collect user information and track users.<ref name=":0" /> Further research on fingerprinting and search engines also draws inspiration from Evercookie's ability to persistently track a user.<ref name=":2" /><ref name=":1" />


==Background==
==Background==
There are three commonly used data storages, including HTTP cookies, flash cookies, HTML5 Storage, and others.<ref name=":0" /> When the user visits a website for the first time, the web server will generate a unique identifier and store it on the user's browser or local space.<ref name=":5">{{Cite journal|last=Yue|first=Chuan|last2=Xie|first2=Mengjun|last3=Wang|first3=Haining|date=2010-09|title=An automatic HTTP cookie management system|url=http://dx.doi.org/10.1016/j.comnet.2010.03.006|journal=Computer Networks|volume=54|issue=13|pages=2182–2198|doi=10.1016/j.comnet.2010.03.006|issn=1389-1286}}</ref> The website can read and identify the user in its future visits with the stored identifier, and the website can save user's preference and display marketing advertisements.<ref name=":5" /> Due to privacy concerns, all major browsers include mechanisms for deleting and/or refusing cookies from websites.<ref name=":5" />
There are three commonly used data storages, including HTTP cookies, flash cookies, HTML5 Storage, and others.<ref name=":0" /> When the user visits a website for the first time, the web server will generate a unique identifier and store it on the user's browser or local space.<ref name=":5">{{Cite journal|last=Yue|first=Chuan|last2=Xie|first2=Mengjun|last3=Wang|first3=Haining|date=September 2010|title=An automatic HTTP cookie management system|url=http://dx.doi.org/10.1016/j.comnet.2010.03.006|journal=Computer Networks|volume=54|issue=13|pages=2182–2198|doi=10.1016/j.comnet.2010.03.006|issn=1389-1286}}</ref> The website can read and identify the user in its future visits with the stored identifier, and the website can save user's preference and display marketing advertisements.<ref name=":5" /> Due to privacy concerns, all major browsers include mechanisms for deleting and/or refusing cookies from websites.<ref name=":5" />


In response to the users' increased unwillingness to accept cookies, many websites employ methods to circumvent users' deletion of cookies.<ref>{{Cite journal|last=Cook|first=John|last2=Nithyanand|first2=Rishab|last3=Shafiq|first3=Zubair|date=2020-01-01|title=Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding|url=http://dx.doi.org/10.2478/popets-2020-0005|journal=Proceedings on Privacy Enhancing Technologies|volume=2020|issue=1|pages=65–82|doi=10.2478/popets-2020-0005|issn=2299-0984}}</ref> Started from 2009, many research teams found popular websites used flash cookies, ETags, and various other data storage to rebuild the deleted cookies by users, including hulu.com, foxnews.com, spotify.com, etc.<ref name=":0" /><ref name=":6">{{Cite journal|last=Acar|first=Gunes|last2=Eubank|first2=Christian|last3=Englehardt|first3=Steven|last4=Juarez|first4=Marc|last5=Narayanan|first5=Arvind|last6=Diaz|first6=Claudia|date=2014|title=The Web Never Forgets: Persistent Tracking Mechanisms in the Wild|url=http://dl.acm.org/citation.cfm?doid=2660267.2660347|journal=Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14|language=en|location=Scottsdale, Arizona, USA|publisher=ACM Press|pages=674–689|doi=10.1145/2660267.2660347|isbn=978-1-4503-2957-6}}</ref><ref>{{Cite journal|last=Soltani|first=Ashkan|last2=Canty|first2=Shannon|last3=Mayo|first3=Quentin|last4=Thomas|first4=Lauren|last5=Hoofnagle|first5=Chris Jay|date=2009-08-10|title=Flash Cookies and Privacy|url=https://papers.ssrn.com/abstract=1446862|language=en|location=Rochester, NY}}</ref><ref name=":7">{{Cite journal|last=Ayenson|first=Mika D.|last2=Wambach|first2=Dietrich James|last3=Soltani|first3=Ashkan|last4=Good|first4=Nathan|last5=Hoofnagle|first5=Chris Jay|date=2011-07-29|title=Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning|url=https://papers.ssrn.com/abstract=1898390|language=en|location=Rochester, NY}}</ref> In 2010, Samy Kamkar, a Californian programmer, build an Evercookie project to further illustrate the tracking mechanism with respawning across various storage mechanisms on browsers.<ref name=":4" />
In response to the users' increased unwillingness to accept cookies, many websites employ methods to circumvent users' deletion of cookies.<ref>{{Cite journal|last=Cook|first=John|last2=Nithyanand|first2=Rishab|last3=Shafiq|first3=Zubair|date=2020-01-01|title=Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding|url=http://dx.doi.org/10.2478/popets-2020-0005|journal=Proceedings on Privacy Enhancing Technologies|volume=2020|issue=1|pages=65–82|doi=10.2478/popets-2020-0005|issn=2299-0984}}</ref> Started from 2009, many research teams found popular websites used flash cookies, ETags, and various other data storage to rebuild the deleted cookies by users, including hulu.com, foxnews.com, spotify.com, etc.<ref name=":0" /><ref name=":6">{{Cite journal|last=Acar|first=Gunes|last2=Eubank|first2=Christian|last3=Englehardt|first3=Steven|last4=Juarez|first4=Marc|last5=Narayanan|first5=Arvind|last6=Diaz|first6=Claudia|date=2014|title=The Web Never Forgets: Persistent Tracking Mechanisms in the Wild|url=http://dl.acm.org/citation.cfm?doid=2660267.2660347|journal=Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14|language=en|location=Scottsdale, Arizona, USA|publisher=ACM Press|pages=674–689|doi=10.1145/2660267.2660347|isbn=978-1-4503-2957-6}}</ref><ref>{{Cite journal|last=Soltani|first=Ashkan|last2=Canty|first2=Shannon|last3=Mayo|first3=Quentin|last4=Thomas|first4=Lauren|last5=Hoofnagle|first5=Chris Jay|date=2009-08-10|title=Flash Cookies and Privacy|url=https://papers.ssrn.com/abstract=1446862|language=en|location=Rochester, NY}}</ref><ref name=":7">{{Cite journal|last=Ayenson|first=Mika D.|last2=Wambach|first2=Dietrich James|last3=Soltani|first3=Ashkan|last4=Good|first4=Nathan|last5=Hoofnagle|first5=Chris Jay|date=2011-07-29|title=Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning|url=https://papers.ssrn.com/abstract=1898390|language=en|location=Rochester, NY}}</ref> In 2010, Samy Kamkar, a Californian programmer, build an Evercookie project to further illustrate the tracking mechanism with respawning across various storage mechanisms on browsers.<ref name=":4" />
Line 21: Line 21:
* Storing cookies in RGB values of auto-generated, force-cached [[Portable Network Graphics|PNGs]] using [[Canvas element|HTML5 Canvas tag]] to read pixels (cookies) back out
* Storing cookies in RGB values of auto-generated, force-cached [[Portable Network Graphics|PNGs]] using [[Canvas element|HTML5 Canvas tag]] to read pixels (cookies) back out
* Storing cookies in [[Web browsing history|Web history]]
* Storing cookies in [[Web browsing history|Web history]]
* Storing cookies in [[HTTP ETag|HTTP ETags]]
* Storing cookies in [[HTTP ETag]]s
* Storing cookies in [[Web cache]]
* Storing cookies in [[Web cache]]
* window.name caching
* window.name caching
Line 48: Line 48:


=== NSA Tor Tracking ===
=== NSA Tor Tracking ===
In 2013, an internal National Security Agency ([[National Security Agency|NSA]])'s presentation was revealed by Edward Snowden, suggesting Evercookie's use in government surveillance to track Tor users.<ref name=":1" /><ref>{{Cite web|last=|first=|date=|title=Tor stinks|url=https://www.aclu.org/sites/default/files/assets/tor_stinks.pdf|url-status=live|archive-url=|archive-date=|access-date=|website=edwardsnowden.com}}</ref> The TOR Blog responded to this leaked document in one post, assuring that TOR Browser Bundles and Tails operating system provide strong protections against evercookie.<ref>{{Cite journal|date=2013-08|title=TOR attacked – possibly by the NSA|url=http://dx.doi.org/10.1016/s1353-4858(13)70086-2|journal=Network Security|volume=2013|issue=8|pages=1–2|doi=10.1016/s1353-4858(13)70086-2|issn=1353-4858}}</ref>
In 2013, an internal National Security Agency ([[National Security Agency|NSA]])'s presentation was revealed by Edward Snowden, suggesting Evercookie's use in government surveillance to track Tor users.<ref name=":1" /><ref>{{Cite web|last=|first=|date=|title=Tor stinks|url=https://www.aclu.org/sites/default/files/assets/tor_stinks.pdf|url-status=live|archive-url=|archive-date=|access-date=|website=edwardsnowden.com}}</ref> The TOR Blog responded to this leaked document in one post, assuring that TOR Browser Bundles and Tails operating system provide strong protections against evercookie.<ref>{{Cite journal|date=August 2013|title=TOR attacked – possibly by the NSA|url=http://dx.doi.org/10.1016/s1353-4858(13)70086-2|journal=Network Security|volume=2013|issue=8|pages=1–2|doi=10.1016/s1353-4858(13)70086-2|issn=1353-4858}}</ref>


== Public attitudes towards data tracking ==
== Public attitudes towards data tracking ==
Evercookie, and many other emerged new technologies in persistent data tracking, is a response of Internet users' tendency of deleting cookie storage. Related research shows a gap between the expectations of the consumer and marketers.<ref>{{Cite journal|last=Chen|first=G.|last2=Cox|first2=J. H.|last3=Uluagac|first3=A. S.|last4=Copeland|first4=J. A.|date=thirdquarter 2016|title=In-Depth Survey of Digital Advertising Technologies|url=https://ieeexplore.ieee.org/document/7390161/|journal=IEEE Communications Surveys Tutorials|volume=18|issue=3|pages=2124–2148|doi=10.1109/COMST.2016.2519912|issn=1553-877X}}</ref> A Wall Street Journal showed 72% felt being offended when they see targeted advertisements while browsing the Internet. Another survery showed 66% of Americans felt negative about how marketers track their data to generate individualized information. In another survey, 52% of respondents would like to turn off behavioral advertising.<ref>{{Cite journal|last=Korolova|first=A.|date=2010-12|title=Privacy Violations Using Microtargeted Ads: A Case Study|url=https://ieeexplore.ieee.org/document/5693335/|journal=2010 IEEE International Conference on Data Mining Workshops|pages=474–482|doi=10.1109/ICDMW.2010.137}}</ref>
Evercookie, and many other emerged new technologies in persistent data tracking, is a response of Internet users' tendency of deleting cookie storage. Related research shows a gap between the expectations of the consumer and marketers.<ref>{{Cite journal|last=Chen|first=G.|last2=Cox|first2=J. H.|last3=Uluagac|first3=A. S.|last4=Copeland|first4=J. A.|date=thirdquarter 2016|title=In-Depth Survey of Digital Advertising Technologies|url=https://ieeexplore.ieee.org/document/7390161/|journal=IEEE Communications Surveys Tutorials|volume=18|issue=3|pages=2124–2148|doi=10.1109/COMST.2016.2519912|issn=1553-877X}}</ref> A Wall Street Journal showed 72% felt being offended when they see targeted advertisements while browsing the Internet. Another survery showed 66% of Americans felt negative about how marketers track their data to generate individualized information. In another survey, 52% of respondents would like to turn off behavioral advertising.<ref>{{Cite journal|last=Korolova|first=A.|date=December 2010|title=Privacy Violations Using Microtargeted Ads: A Case Study|url=https://ieeexplore.ieee.org/document/5693335/|journal=2010 IEEE International Conference on Data Mining Workshops|pages=474–482|doi=10.1109/ICDMW.2010.137}}</ref>


==See also==
==See also==
Line 65: Line 65:
* [[Web tracking]]
* [[Web tracking]]
* [[Real-time bidding]]
* [[Real-time bidding]]

* [[Web browser]]
* [[Web browser]]

* [[Internet privacy]]
* [[Internet privacy]]
* [[HTML5]]
* [[HTML5]]
Line 80: Line 78:


{{Hacking in the 2010s}}
{{Hacking in the 2010s}}

[[Category:Internet privacy software]]
[[Category:Internet privacy software]]
[[Category:Malware]]
[[Category:Malware]]

Revision as of 09:58, 6 December 2020

'Tor Stinks' NSA presentation

Evercookie (also known as supercookie[1]) is a JavaScipt API that identifies and reproduces intentionally deleted cookies on the clients' browser storage.[2] Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies.[3] It was created by Samy Kamkar in 2010 to demonstrate the possible infiltration from the websites that use respawning.[4]

In 2013, Edward Snowden leaked a top-secret NSA document that showed Evercookie can track Tor (anonymity networks) users.[5] Many popular companies use functionality similar to Evercookie to collect user information and track users.[1] Further research on fingerprinting and search engines also draws inspiration from Evercookie's ability to persistently track a user.[3][5]

Background

There are three commonly used data storages, including HTTP cookies, flash cookies, HTML5 Storage, and others.[1] When the user visits a website for the first time, the web server will generate a unique identifier and store it on the user's browser or local space.[6] The website can read and identify the user in its future visits with the stored identifier, and the website can save user's preference and display marketing advertisements.[6] Due to privacy concerns, all major browsers include mechanisms for deleting and/or refusing cookies from websites.[6]

In response to the users' increased unwillingness to accept cookies, many websites employ methods to circumvent users' deletion of cookies.[7] Started from 2009, many research teams found popular websites used flash cookies, ETags, and various other data storage to rebuild the deleted cookies by users, including hulu.com, foxnews.com, spotify.com, etc.[1][8][9][10] In 2010, Samy Kamkar, a Californian programmer, build an Evercookie project to further illustrate the tracking mechanism with respawning across various storage mechanisms on browsers.[4]

Description

Samy Kamkar released v0.4 beta of the evercookie on September 13, 2010, as an open source.[11] This evercookie javascript does not limit to respawning deleted HTTP cookies, but for any storage on browsers.[11] When a browser visits a website with evercookie API on its server, the web server would generate an identifier and store it on various storage mechanisms available on that browser.[2] If the user removes some but not all stored identifiers on the browser and revisit the website, the web server retrieves the identifier from remaining stored capacities that the user fails to delete.[11] Then the web server will copy and restore this identifier to the previously cleared storage capacities.

By abusing the various available storage mechanisms, evercookie creates persistent data identifiers, because users are not likely to clear all storing mechanisms. From the list provided by Samy Kamkar,[11] 17 storage mechanisms could be used for the v0.4 beta evercookie when they are available on browsers:

Samy Kamkar claimed he did not intend to use this evercookie project to violate Internet user privacy or sell to any parties for commercial use. However, it serves as an inspiration for other commercial websites that later implement similar mechanims to restore user-deleted cookies. The evercookie project is an open source and everyone can access and examine it. The project incorporates HTML5 as one of the storage mechanism, which was released 6 months before the project and gained public attentions due to its added persistency. Kamkar wished his project could demonstrate how users' privacy can be infiltered by contemporary tracking tools.[12]

The storage mechasims incorporated in the evercookie project are constantly being updated, adding evercookie's persistency. With its inspiration, an increasing number of commercial websites used the idea of evercookie, and they add upon it by incorporating new storage vectors. In 2014, a research team at the Princeton University conducted a large scale study of three persistent tracking tools: evercookie, canvas fingerprinting, and cookie syncing. The team crawled and analyzed the top 100,000 Alexa websites, and it detects a new storage vector, IndexedDB, that is incorporated into evercookie mechanism and used by weibo.com. The team claimed this is the first detection of commercial use for indexedDB.[8] Moreover, the team discovers cookie syncing is used in conjunction with evercookie. Cookie syncing allows data sharing between different storage mechnisms, facilitating evercookie's respawning process in different storage locations on users' browsers. The team also discovered instances of flash cookies respawning HTTP cookies, and HTTP cookies respawning the flash cookies on the commercial websites. Those two mechanims are different from the evercookie project in terms of the number of storage mechanisms employed, but they possess the same ideology. Among the sites that the research team crawled, 10 out of 200 websites used flash cookies to rebuild HTTP cookies. 9 of the observed sites belong to China, including sina.com.cn, weibo.com, hao123.com, sohu.com, ifeng.com, youku.com, 56.com, letv.com, and tudo.com). The other one website is yandex.ru, a top search engine in Russia.

Applications

A research team from the Slovak University of Technology proposed a mechanism for search engines to infer Internet users’ intended search words and produce personalized search results. Oftentimes the queries from Internet users contain multiple meanings and range across different fields. As a result, the displayed search results from the search engine contain a multitude of information, many of which are not related to the searcher. The authors proposed that searchers’ identity and user preference have a strong indication on the queries meaning and can greatly reduce the ambiguity of the search word. The research team built a metadata-based model to extract users’ information with evercookie, and they integrated this user interest model into the search engine to enhance personalization of the search result. The team was aware that traditional cookie can be easily deleted by experiment subjects thus lead to incomplete experiment data. The research team then utilized evercookie's persistency.[3]

Controversial applications

KISSMetrics Privacy Lawsuit

On Friday July 29, 2011, a research team at the University of California, Berkeley crawled the top 100 U.S. websites based upon QuantCast. The team found KISSmetrics, a third party website that provides marketing analytical tools, used HTTP cookies, Flash cookies, ETags, and some but not all storage mechanisms employed in Samy Kamkar's Evercookie project to respawn the user's deleted information.[1] Other popular websites, such as hulu.com and spotify.com, employed KISSmetrics to respawn HTML5 and HTTP first party cookies. The research team claimed this was the first time that Etag was observed to be used in commercial settings.[10]

On the same day of the report's publication, Hulu and Spotify announced their suspended use of KISSmetrics for further investigation.[13] Two consumers sued KISSmetrics on Friday about its violation of user privacy.[14] KISSMetrics revised its privacy policies during the weekend, indicating the company had fully respected customers' will if they chose not to be tracked. On August 4, 2011, KISSmetrics' CEO Hiten Shah denied KISSmetrics' implementation of evercookie and other tracking mechanisms mentioned in the report, and he claimed the company only used legitimate first party cookie trackers.[1] On October 19, 2012, KISSmetrics agreed to pay over $500, 000 to settle the accusation and promised to refrain from using evercookie.[15][16]

NSA Tor Tracking

In 2013, an internal National Security Agency (NSA)'s presentation was revealed by Edward Snowden, suggesting Evercookie's use in government surveillance to track Tor users.[5][17] The TOR Blog responded to this leaked document in one post, assuring that TOR Browser Bundles and Tails operating system provide strong protections against evercookie.[18]

Public attitudes towards data tracking

Evercookie, and many other emerged new technologies in persistent data tracking, is a response of Internet users' tendency of deleting cookie storage. Related research shows a gap between the expectations of the consumer and marketers.[19] A Wall Street Journal showed 72% felt being offended when they see targeted advertisements while browsing the Internet. Another survery showed 66% of Americans felt negative about how marketers track their data to generate individualized information. In another survey, 52% of respondents would like to turn off behavioral advertising.[20]

See also

References

  1. ^ a b c d e f Bujlow, Tomasz; Carela-Espanol, Valentin; Lee, Beom-Ryeol; Barlet-Ros, Pere (2017). "A Survey on Web Tracking: Mechanisms, Implications, and Defenses". Proceedings of the IEEE. 105 (8): 1476–1510. doi:10.1109/jproc.2016.2637878. hdl:2117/108437. ISSN 0018-9219. S2CID 2662250.
  2. ^ a b Acar, Gunes; Eubank, Christian; Englehardt, Steven; Juarez, Marc; Narayanan, Arvind; Diaz, Claudia (2014). "The Web Never Forgets". Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14. New York, New York, USA: ACM Press: 674–689. doi:10.1145/2660267.2660347. ISBN 978-1-4503-2957-6. S2CID 8127620.
  3. ^ a b c Kramár, Tomáš; Barla, Michal; Bieliková, Mária (2013-02-01). "Personalizing search using socially enhanced interest model, built from the stream of user's activity". Journal of Web Engineering. 12 (1–2): 65–92. ISSN 1540-9589.
  4. ^ a b Bashir, Muhammad Ahmad; Wilson, Christo (2018-10-01). "Diffusion of User Tracking Data in the Online Advertising Ecosystem". Proceedings on Privacy Enhancing Technologies. 2018 (4): 85–103. doi:10.1515/popets-2018-0033. ISSN 2299-0984. S2CID 52088002.
  5. ^ a b c Kobusińska, Anna; Pawluczuk, Kamil; Brzeziński, Jerzy (2018). "Big Data fingerprinting information analytics for sustainability". Future Generation Computer Systems. 86: 1321–1337. doi:10.1016/j.future.2017.12.061. ISSN 0167-739X.
  6. ^ a b c Yue, Chuan; Xie, Mengjun; Wang, Haining (September 2010). "An automatic HTTP cookie management system". Computer Networks. 54 (13): 2182–2198. doi:10.1016/j.comnet.2010.03.006. ISSN 1389-1286.
  7. ^ Cook, John; Nithyanand, Rishab; Shafiq, Zubair (2020-01-01). "Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding". Proceedings on Privacy Enhancing Technologies. 2020 (1): 65–82. doi:10.2478/popets-2020-0005. ISSN 2299-0984.
  8. ^ a b Acar, Gunes; Eubank, Christian; Englehardt, Steven; Juarez, Marc; Narayanan, Arvind; Diaz, Claudia (2014). "The Web Never Forgets: Persistent Tracking Mechanisms in the Wild". Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14. Scottsdale, Arizona, USA: ACM Press: 674–689. doi:10.1145/2660267.2660347. ISBN 978-1-4503-2957-6.
  9. ^ Soltani, Ashkan; Canty, Shannon; Mayo, Quentin; Thomas, Lauren; Hoofnagle, Chris Jay (2009-08-10). "Flash Cookies and Privacy". Rochester, NY. {{cite journal}}: Cite journal requires |journal= (help)
  10. ^ a b Ayenson, Mika D.; Wambach, Dietrich James; Soltani, Ashkan; Good, Nathan; Hoofnagle, Chris Jay (2011-07-29). "Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning". Rochester, NY. {{cite journal}}: Cite journal requires |journal= (help)
  11. ^ a b c d "Irrevocable Step", Boom's Blues, University Press of Mississippi, 2017-05-09, ISBN 978-1-4968-0511-9, retrieved 2020-12-06
  12. ^ Vega, Tanzina (2010-10-11). "New Web Code Draws Concern Over Privacy Risks (Published 2010)". The New York Times. ISSN 0362-4331. Retrieved 2020-12-06.
  13. ^ "Researchers Call Out Websites for Tracking Users via Stealth Tactics". Berkeley Law. Retrieved 2020-12-06.
  14. ^ "KISSmetrics, Hulu Sued Over New Tracking Technology". www.mediapost.com. Retrieved 2020-12-06.
  15. ^ "KISSmetrics Settles Supercookies Lawsuit". www.mediapost.com. Retrieved 2020-12-06.
  16. ^ Drury, Alexandra (2012). "How Internet Users' Identities Are Being Tracked and Used". Tulane Journal of Technology & Intellectual Property. 15. ISSN 2169-4567.
  17. ^ "Tor stinks" (PDF). edwardsnowden.com.{{cite web}}: CS1 maint: url-status (link)
  18. ^ "TOR attacked – possibly by the NSA". Network Security. 2013 (8): 1–2. August 2013. doi:10.1016/s1353-4858(13)70086-2. ISSN 1353-4858.
  19. ^ Chen, G.; Cox, J. H.; Uluagac, A. S.; Copeland, J. A. (thirdquarter 2016). "In-Depth Survey of Digital Advertising Technologies". IEEE Communications Surveys Tutorials. 18 (3): 2124–2148. doi:10.1109/COMST.2016.2519912. ISSN 1553-877X. {{cite journal}}: Check date values in: |date= (help)
  20. ^ Korolova, A. (December 2010). "Privacy Violations Using Microtargeted Ads: A Case Study". 2010 IEEE International Conference on Data Mining Workshops: 474–482. doi:10.1109/ICDMW.2010.137.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Evercookie&oldid=992638833"