I logged into a website on two separate instances with a different ID and a
different IP. I rebooted my router so the IP changed each time, but from the
same machine â trying to create a second account for my brother. I also had all
cookies deleted and forbid the specific site from downloading more into my
machine. The website actually was able to find out that this was me logging in
with different IDs. My question is: how can the website (even after taking all
these measures) know that itâs still me?
In this excerpt from
Answercast #33, I look at the many methods that websites can use to remember
who you are; leaving any one of them in place could result in them remembering
you.
]]>
Website knows itâs me
Itâs surprising that a website would go to these lengths, but itâs certainly possible.
Now, there are a couple of things that I would immediately jump on.
- One is are you really sure you got a different IP?
Typically, rebooting a router will not necessarily assign you a new IP address. It depends on your ISP. Sometimes, they do; sometimes, they donât.
In my case, my experience has been that when you reboot your router, nine times out of ten you get the same IP address you had five minutes ago. So that may or may not have been part of whatâs leading into this.
Flash cookies
The other thing that immediately comes to mind is something called Flash cookies.
Youâve cleared your cookies; and I know that you know how to go into the browser and clear the cookies. But in fact, using Flash, there is a different kind of persistent storage that web pages can use Flash to access.
- They can use Flash to drop the equivalent of a cookie.
In fact, we tend to refer to them as âFlash cookiesâ because they are data left by Adobe Flash technology. Itâs possible that the website could be using Flash cookies. You simply didnât clear them because you didnât know â most people donât. So thatâs something else to try.
I believe CCleaner will actually clear Flash cookies for you. If you donât want to use that, there are other approaches to clearing Flash cookies, even by using some applications available at the Adobe website.
Just Google âclear Flash cookiesâ and youâll come up with a bunch of ways to do that.
Super cookies
Finally (and this is a little bit more off the slightly-paranoid spectrum), if you look into a technology that I think was called âSuper Cookies,â they use about ten different technologies to save a piece of information on your computer.
-
Now I just mentioned Flash cookies; so obviously, if a site uses Flash cookies that means that if you erase your regular cookies, the information is still there.
-
Conversely, if you know about Flash cookies and erase those, but donât erase your regular cookies, the information is still there.
-
Multiply that by 10. In other words, have 10 different technologies that this Super Cookie technology can use, and there are several different ways to leave something on your machine that can readily identify it as being you.
Iâm not aware of any websites that use this. This is really, pretty arcane stuff. A lot of it was done as âproof of conceptâ as to how easy it is to do. But in reality, I donât see anybody actually doing it.
More information
I think, to get a little deeper into your problem would probably require understanding what website it is youâre trying to access as well.
But thatâs what comes to mind.
End of Answercast #33 Back to â Audio Segment
Using Firefox, flash cookies can very easily be cleared with the add-on Better Privacy. The first time I fired up Better Privacy I was shocked at how many flash cookies (LSOâs) were on my machine, and also at which websites had placed them there. There are different settings that will clear them at a variety of options, e.g. opening or exiting the browser, and you can exclude ones you want to keep from deletion. It is my understanding that LSOâs / flash cookies are not harmless.
10-Jul-2012
Interesting and a bit ironic. vid.askleomedia.com has a LSO on my system. Itâs only a little one and I think Iâll let it stay.
10-Jul-2012