evercookie
ua-client-hints
Our great sponsors
evercookie | ua-client-hints | |
---|---|---|
13 | 13 | |
4,388 | 570 | |
- | 1.4% | |
0.0 | 4.2 | |
almost 2 years ago | 19 days ago | |
JavaScript | Bikeshed | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
evercookie
-
Print off a QR code for guests to join your WiFi network
For a bad actor, this is easily work-around-able using various local persistence mechanisms like evercookie. https://samy.pl/evercookie/
-
Just read about "evercookies." What should we do about them from a personal privacy perspective?
If you're talking about the https://samy.pl/evercookie script, for what it's worth, you can defeat it (at least I can with my settings and no extensions) by...
-
Using a date-modified header to detect unique visitors without using cookies
This reminded me of something I haven't thought about in awhile: evercookie - https://github.com/samyk/evercookie
- Where to save tokens if user has blocked first party cookies?
- Cookies: simple and comprehensive guide
-
Pure CSS device fingerprinting - An experimental technique.
Sure, as Sevetarion said earlier "There is no actual cooke, it's just a metaphor". In contrast to "fingerprinting" a user's unique device configuration (as the rest of this demo does), anti-tracking folks use the term "cookie" broadly to refer to various ways sites can store unique values to be retrieved later. This usage grew out of Samy Kamkar's awesome "Evercookie" work in 2010 (later aka "supercookie") https://samy.pl/evercookie/
-
I thought id show that jumbo security is not as usefull as it claims
Nothing comes to mind directly, sorry. It’s something I want to look deeper into myself as well. One cool thing to look at is evercookie which is a GitHub project that allows you to make tracking cookies and the likes. The repo itself hasn’t been updated in a while but can probably be a good source of information.
-
Are there cookies that can't be blocked/disabled?
Evercookie and the Favicon vuln
-
How to let Guest user submit form only once in laravel?
Client side: Use Evercookie
-
Fix favicon "supercookies" in any browser, in under a second
Also note, something like the Evercookie may also still be a thing that works. It stores data not only in cookies, but also in everything else that can retain any form of state (localStorage, HTTP browser history, HTTP cache for custom fingerprinted images generated by the server, etc.), and if even one spot doesn't get cleared by the user, the script can re-populate all the spots making for a very persistent "cookie."
ua-client-hints
-
Website Fidelity
The Client Hints specification covers a lot of this already - https://wicg.github.io/ua-client-hints/#content-adaptation-u... ... DPR, width, and viewport-width are already available in some browsers. Hopefully other hints will be available soon.
- UA Gotta Be Kidding
- Példátlan leállás jöhet a neten, és nem is lesz egyszerű megoldani
-
Version 100 in Chrome and Firefox
I encourage you to review the decision making and engage in the discussion here: https://github.com/WICG/ua-client-hints
- W3C User Agent Client Hints
-
Google Chrome Update will cause Big Issue For 2 Billion Users
chrome is starting to implement UA-CH, which splits up user agent info into individual headers sent by the client: https://wicg.github.io/ua-client-hints/
-
JP Morgan Chase Bank, or Why Not to Whitelist Operating System User Agents
As a Firefox/FreeBSD user occasionally annoyed by this nonsense, but not being knowledgeable about modern web standards evolution, I wonder if https://wicg.github.io/ua-client-hints/ will fix this by killing User-Agent headers.
- W3C User-Agent Client Hints ( SEC-CH-UA-* HTTP Headers)
-
Mozilla tests if 'Firefox/100.0' user agent breaks websites
ua-ch might reduce the amount of data browsers send, though it's gonna take a while to move away from regular user agents: https://wicg.github.io/ua-client-hints/
-
Mozilla alters stance on User-Agent Client Hints from “non-harmful” to “harmful”
There is a JS companion to this proposal that splits up the information in a similar way
What are some alternatives?
fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
web - Pi-hole Dashboard for stats and more
Laravel - The Laravel Framework.
chromium-legacy - Latest Chromium (≒Chrome Canary/Stable) for Mac OS X 10.7+
stylelint-no-unsupported-browser-features - Disallow features that aren't supported by your target browser audience.
Cookie-AutoDelete - Firefox and Chrome WebExtension that deletes cookies and other browsing site data as soon as the tab closes, domain changes, browser restarts, or a combination of those events.
ethical-ad-client - Ethical Ads JavaScript client
notrack-blocklists
stylelint-no-unsupported-browser-fe
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
hosts-blocklists - Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage