Samy, the father of the MySpace worm (aka samy worm) recently released a new technique to persist cookies virtually forever in a browser. He named it evercookie.
evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.” — described by Samy.
When people are looking around how this cookie can be removed from their browsers, Samy is trying to improve it by adding new more techniques. Currently during it’s cookie creation, it tries to store in different places in your browser using 13 mechanisms so that just clearing browser’s cookie doesn’t remove evercookie. It’s so powerful that many smart users will not be able to clear it even, general users are far behind. HTML5’s session storage, local storage, global storage, and database storage via SQLite makes it more persistent. Already some security researchers have identified how this can be removed in Safari, Chrome but not yet from Firefox. The technique I am going to describe works in firefox 3.6 with Samy’s current version.
- Go to Samy’s evercookie demo page. Click on “Click to create an ever cookie”. Make sure evercookie is stored in every place except ‘userData’ storage (it’s for IE). You may need to click on ‘click to rediscover cookies’ few times to store it in every place.
- Open another tab and close the first (samy’s) tab.
- Now open Silverlight Home Page and delete Silverlight Isolated Storage. To delete, right click any Silverlight application then Silverlight > Application Storage > Select the website samy.pl > Click on Delete… finally click on ‘Yes’
- Then open Flash Website Storage Settings panel page and remove the Flash Local Shared Objects (LSO) which is stored from samy’s domain.
- Press Ctrl+Shift+Del (alternatively go to Tools > Clear Recent History). Select ‘Everything’ from the ‘Time range to clear’ dropdown and check every item from the ‘Details’ list and finally click on ‘Clear Now’ button.
- Now go to samy’s page again and verify that the everycookie is removed completely.
Note that the sequence of the steps are very important to remove any evercookie in firefox.