Anonymizer has released a beta version of Nevercookie, the recently announced Firefox plugin designed to protect against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site’s ability to uniquely identify their computer.
The plugin is said to extend Firefox’s private browsing mode by preventing Evercookies from identifying and tracking users.
Evercookie is a more persistent form of cookie that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage.
The Nevercookie plugin is designed to simplify this process and eliminate the manual steps required to completely remove Evercookies without also removing all of the necessary cookies that a user actually wants to keep, such as those for browsing history and remembered logins. When Anonymizer Nevercookie is engaged along with Firefox’s private browsing mode, it quarantines an Evercookie and removes it after the browsing session.
Reminder, the software is in Beta mode so it’s likely not perfect. We’ll be doing some testing and followup with what we find and share the experiences of others as well. You can download the Beta of the Nevercookie plugin for Firefox at http://nevercookie.anonymizer.com/ and feel free to share your experiences and thoughts with the SecurityWeek community.
Related: Death of the Cookie as a Usable Way to Identify a Device
