| By Fred Langa |
The author of the Samy worm has released a new tool for creating permanent cookies that evade classic cookie-management tools.
Evercookies hide themselves in eight different places, and they can regenerate themselves if you delete them.
Reader wants a way to block Evercookies
Rome Arnold was alarmed to learn of a new kind of cookie.
- “Is it correct that private browsing does not block the placement of Evercookies (or permanent cookies) on your computer, no matter whether you are using Firefox, Chrome, IE, or Safari?
“From what I read on the Net, these Evercookies are very difficult to clean because they are placed in multiple locations and can self-regenerate.”
Before we dig in, let’s define some terms. An Evercookie isn’t really a cookie. A real Web-browser cookie is a small text file, intrinsically no more dangerous than any other text file on your PC. Cookies aren’t programs and aren’t active in any way. They can’t snoop, self-replicate, phone home, or do any other damaging deed.
True cookies are inert text repositories, but — again, just like any other file on your PC — the data they contain can be mined or otherwise subverted. That’s why every major browser contains mechanisms for managing or blocking unwanted cookies. It takes some really unusual circumstances for a normal cookie to be a threat nowadays.
But some cookies aren’t normal. Software authors have long sought ways to create deletion-proof cookies or otherwise work around the limitations of standard cookies.