25 October 2006 | 12,844 views

Tracking Users Via the Browser Cache

Check Your Web Security with Acunetix

An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files.

So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could..

Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A JavaScript .js file resource which is generated dynamically when requested can have embedded a unique tracking ID and can live permanently in your browser’s cache when sent with the right HTTP cache-control headers. This JavaScript file can then be called by pages. The script is never re-requested, and hence keeps the unique ID, and it can call resources on the server-side to track you. They just need to associate this unique ID once with your account (when you login first time after the ID was created), and they can set cookies back again later and track you anyway. The result is that you can be tracked uniquely even past the point where you clear your cookies (i.e., as if you never cleared your cookies to generate fresh ones).

You can view a live demo here.

This is a demonstration of how a person’s web-browser can be tagged and tracked using a unique identifier which lives in the web browser’s cache for a very long time (using HTTP cache control headers and browsers’ use of conditional GET requests). This serves the same purpose as using a cookie to track people. However popular web browsers lack finer cache disposal controls (compared to cookie disposal), and this is something which needs to be looked into. No private information is collected in this example. It has been tested on Firefox, IE6, Konqueror and Epiphany. I don’t know about the IE7 versions or Safari.

Source: Mukund



Recent in Privacy:
- IPFlood – Simple Firefox Add-on To Hide Your IP Address
- JPMorgan Hacked & Leaked Over 83 Million Customer Records
- iSniff-GPS – Passive Wifi Sniffing Tool With Location Data

Related Posts:
- Whitetrash – Dynamic Web White-listing for Squid
- Ticketcharge.com.my website hacked
- ArpON – ARP Handler Detect and Block ARP Poisoning/Spoofing

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 176,473 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,081 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 120,844 views

Advertise on Darknet

One Response to “Tracking Users Via the Browser Cache”

  1. jMs 25 October 2006 at 8:19 pm Permalink

    Very very unique site and article here… thanx for info sharin with us….

    keep those stuff comin in