P G N 5 : KA I N G , R I S H E R A N D S C H U LT E

PERSISTENT COOKIES WITH BROWSER FINGERPRINTING

DEFINITIONS & BACKGROUND

• Persistent Cookies: cookies that are resistant to deletion.• Browser Fingerprint: set of browser attributes

that can be used to uniquely identify a user.

• Used in combination with passwords to verify users.• Browser Fingerprint is alternative to two-factor

authentication.• Requires no additional hardware tokens• Is passive (convenient)

FINGERPRINT ATTRIBUTES

BITS OF ENTROPY

• Describes how likely a piece of information will be identical between any two random users.• Example: 8 bits of entropy indicates attribute has

potential to uniquely identify 28 or 256 different users.

Attribute Boda Study (2012) Eckersley Study (2010)

User Agent String 8.095 10.0

Timezone 2.22 3.04

User ID 9.03 -

All fonts 8.57 13.9

Universal fonts 6.83 -

Detected fonts 7.63 -

Plugins - 15.4

EVERCOOKIE

• API for persistent cookies

• Multiple storage locations throughout the client

• If any cookie is deleted, all are replaced as long as at least one cookie remains

• Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)

STORAGE LOCATIONS

• Standard cookies• Typical browser cookies, easy to implement, easy to

remove

• Local Shared Objects• Flash cookies• Flash does not by default ask for permission• Not cross domain

STORAGE LOCATIONS

• Silverlight Isolated Storage• Virtual file system on client• Any type of data can be stored

• PNG caching• Image created using RGB values equal to the cookies

value• Stored in browser’s cache• If needed to be retrieved (other cookies have been

deleted) the browser is made to make a request for the PNG• 304 “Not Modified” message sent back, telling browser to

look into the cache

STORAGE LOCATIONS

• Etags• Used for cache validation• Can be set in a similar way to a cookie

• Web cache• Standard web cache mechanism• Persistent cookie stored in cache

• window.name• DOM property with 2-32MB of data available• Cross domain• Can be read by other websites

STORAGE LOCATIONS

• HTML5 locations• Global storage outdated, instead use local storage• Persistent, no expiration date

• Session data• Not very persistent. Cleared when user exits browser

• Database storage• SQL storage in database on client

RESULTSFirefox (20.0.1) Evercookie ProjectPNG YES YESeTag YES YESCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlash YES YESSilverlight YES

RESULTSSafari (5.1.7) Evercookie ProjectPNG YES YESeTag YES YESCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlash YES YESSilverlight YES

RESULTSIE (9.0.8112.16421) Evercookie ProjectPNG YESeTagCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlashSilverlight

RESULTSChrome (26.0.1410.64)

Evercookie Project

PNG YESeTag YESCache YESuserDatalocalData YESglobalDatasessionData YESwindowData YESCookie YESHistoryDB YESFlash YES YESSilverlight YES

RESULTS

Features Evercookie ProjectCross browser storage No YesRetrievable after close Yes YesRetrievable after restart Yes YesRetrievable w/o JS Yes YesRetrievable after clearing Yes YesRetrievable in Private Browsing

FF/S FF/S

Retrievable via fingerprinting No Yes

RESULTS

RESULTS

RESULTS

FUTURE WORK

• New storage locations?• Javascript file I/O?

• Performance measurements

• Improved Fingerprinting• Additional attributes• Location capturing (combined with last seen time/location)

• Fuzzy matching