Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Nevercookie Eats Evercookie With New Firefox Plugin

Update – The company has since released a beta version of the Nevercookie plug-in

Update – The company has since released a beta version of the Nevercookie plug-in

Anonymizer, Inc., a company that helps protect consumer’s privacy and offers anonymity solutions, announced today that it has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site’s ability to uniquely identify their computer.Nevercookie Plugin

The plugin extends Firefox’s private browsing mode by preventing Evercookies from identifying and tracking users.

“Recent developments in Web tracking technologies have rendered the privacy tools built into browsers almost completely ineffective,” said Lance Cottrell, founder and chief scientist for Anonymizer. “Anonymizer Nevercookie will close the gap between Firefox’s privacy features and actual privacy so that when you go into private browsing mode, you are truly protected.”

Evercookie is a new, more persistent cookie form that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage.

Anonymizer Nevercookie simplifies this process and eliminates the manual steps required to completely remove Evercookies. And it does so without also removing all of the necessary cookies that a user actually wants to keep, such as those for browsing history and remembered logins. When Anonymizer Nevercookie is engaged along with Firefox’s private browsing mode, it quarantines an Evercookie and removes it after the browsing session.Subscribe to SecurityWeek

Dr. Elie Burzstein, a noted Web security researcher at the Stanford University Research Lab, stated: “My testing and review found that when using Anonymizer Nevercookie along with Firefox’s private browsing mode, users are protected from all of the currently known tracking systems that use browser features to follow users across multiple sessions, such as Evercookie. Specifically, Nevercookie prevents abuse to both the Adobe Flash Local Storage Object (LSO) and Microsoft’s Silverlight Isolated Storage (MIS).”

The company says that Nevercookie will be available as a free download later this month.

Update: More technical details are available here:  http://www.anonymizer.com/learningcenter/#lc_labs

Have you tossed your cookies lately?

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.