WingNews logo WingNews
top | item 22938940

(no title)

service_bus | 5 years ago

Why are 'evercookies' necessary.

My browser is setup to record no history or cookies.

It can be annoying to always have to dismiss the same popups you've dismissed before, but I've never had any issues with online payments or unnecessary captchas, including using stripe.

What am I missing?

discuss

order

meowface|5 years ago

Because fraudsters' browsers/clients/scripts are also set up to record no history or cookies, and otherwise evade detection/categorization as much as possible. Somewhat ironically, in order for them to accurately distinguish between privacy-conscious users like yourself and actual criminals, and to block criminals from making a purchase while not incorrectly blocking you, they need to collect additional data.

service_bus|5 years ago

Right, but I'm saying my setup is no different from the 'fraudsters' you describe, yet I have a seamless shopping experience online.

If I'm able to shop online without issues, why does everyone else 'need' an evercookie?

I'm sure it's helpful, it's the idea that it's necessary is what I take issue with.

yjftsjthsd-h|5 years ago

> Because fraudsters' browsers/clients/scripts are also set up to record no history or cookies, and otherwise evade detection/categorization as much as possible

Ah, right, bad guys use privacy-enhancing tech, so we'd better undermine it, even if it screws over legitimate users. You know what fraudsters also tend to use? Chrome. Let's block that, shall we?

brongondwana|5 years ago

Fastmail account recovery keeps an "evercookie" which is "first time account X successfully logged in from this device" which allows us to identify that you're using a device with a long history with the account when trying to recover your account after it was stolen. Obviously we don't want to re-authenticate somebody who first logged in yesterday, because that's probably the thief - but if your computer has been used successfully to log in for the past few years, then it's more likely that the recovery attempt is coming from you (obviously, that's still just one of many things we're checking for).

dylz|5 years ago

Do they really? evercookie generally has a specific definition, where the application attempts to persist that chunk of data in heavy-handed, abusive, malware-like ways and repopulating it on removal with the same token when possible; usually used in fingerprinting concepts - it isn't just a normal http cookie with the expiration date set years out.