Sunday, June 9, 2013

How to defeat and kill evercookie in Firefox

Introduction

You might have heard about evercookie. It is a concerning development regarding storing data on your local PC so that you can be identified in the future by websites.
In contrast to normal cookies that exist for years now, evercookie uses various techniques to stay on your PC and is not easily deleted by a normal users.
You can see a demo of evercookie on the developer's website http://samy.pl/evercookie.

There, press the button to create an 'evercookie' and try to get rid of it. Most likely you will have no success doing so.


Example evercookie after its creation.

In my small article I will explain how you can get rid of evercookies.

 

Deleting Evercookies

Firefox settings

Within Firefox (or other browsers) you should enable a few options.
Go into your settings -> privacy and enable "Clear history when Firefox closes" and click on the extra button next to it. There you should enable at least "Cache" and "Cookies".
This will get rid of the cookieData, pngData, etagData and cacheData.

 

Session Manager settings

Using the addon SessionManager - http://sessionmanager.mozdev.org/ - will lead to problems when using the default settings because it will also back-up the evercookie. This might also be the case for TabMixPlus session manager, but I did not investigate this.

1) Go into the SessionManager settings and set the session saving options for session data to 'never' as seen in the screenshot below.




2) In the 'generals' tab and disable the restoring of session cookies as seen in the screenshot below.


Now when you save your sessions with Session Manager - or use the backup after crash function - evercookie will not be restored anymore.

The harder parts

Now there are several places on your PC to store information that a normal user will not know about such as Flash LSO, Silverlight (though silverlight is kinda useless today and you should not have it installed anyway if you don't have a special site using it), and HTML5 web-storage.

HTML5 storage

HTML5 introduced several ways to save data on your local PC in order to make advanced cookies. This has advantages but also disadvantages like user tracking.
You can disable this storage completely for example in Firefox type about:config into the address bar and then search for "dom.storage.enable". You can double-click the value to change it to "false". This will prevent all localData and sessionData from evercookie to be saved.
Most websites will have no problem without those new storage but some poorly written websites like twitch.tv will produce errors.
Those data is stored in your Firefox profile folder in the file "webappsstore.sqlite" and could be edited by a sqlite editor, but it is much easier to simply delete the file when starting Firefox. This has no disadvantages and websites will still all work.
After the Flash part I will give you instructions on how to delete the file easily.

 

Flash

Adobe Flash allows to set LSO - http://en.wikipedia.org/wiki/Local_Shared_Object - aka FlashCookies. Those files are not dependent on the browser you use, so whether you use Firefox or InternetExplorer or another browser, they will always be saved to the same folder on your HDD: "<drive>:\Users\<username>\AppData\Roaming\Macromedia\Flash Player\".
You can safely delete this folder before you start your browser, which will get rid of lsoData from evercookie.

Deleting HTML5 storage and Flash storage with a batch script

I recommend using a simple batch script ( .bat ) for deleting HTML5 storage and Flash storage and then starting Firefox.
You can create a very simple batch script by following steps 1 & 2 from this small tutorial.
When you have notepad open copy and paste the following three lines into your editor and save it as .bat.

rmdir /S /Q <drive>:\Users\<username>\AppData\Roaming\Macromedia\
del /F /S /Q <drive>:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\<profilename>\webappsstore.sqlite
<drive>:\Program Files (x86)\Firefox\firefox.exe

You have to replace all words in <> brackets with your own data. For example <drive> is most likely C. <username> is your windows user name, <profilename> could be something like 9s8h3ask.default. Go to the folders and find your own data.

The batch file will first remove the whole Flash cache directory (rmdir /S /Q), then it will delete the webappsstor.sqlite file with the HTML5 storage (del /F /S /Q) and then it will start Firefox.
Keep in mind that this will only work when Firefox is not running, otherwise the .sqlite file will be locked.


 The End


After deleting everything.

So as you can see, 'killing' evercookie manually is not that easy but it can be automated like with the batch script easily.
You can (and should) also use AdBlockPlus for Firefox or Chrome and NoScript for Firefox as those two addons will also prevent you from getting tracked in the web.

Have a nice day =)

 

3 comments:

  1. Thank you for sharing this information this is very nice blog thank you for giving this info If you are facing problem with your Mozilla Firefox support, You can reach Acetecsupport at their Toll Free No +1-800-231-4635 For US/CA.

    ReplyDelete
  2. thankyou phersung for posting this advice :)

    ReplyDelete