zlacker

[parent] [thread] 6 comments
1. servic+(OP)[view] [source] 2020-04-21 20:21:17
Why are 'evercookies' necessary.

My browser is setup to record no history or cookies.

It can be annoying to always have to dismiss the same popups you've dismissed before, but I've never had any issues with online payments or unnecessary captchas, including using stripe.

What am I missing?

replies(2): >>meowfa+l3 >>brongo+Sh
2. meowfa+l3[view] [source] 2020-04-21 20:48:01
>>servic+(OP)
Because fraudsters' browsers/clients/scripts are also set up to record no history or cookies, and otherwise evade detection/categorization as much as possible. Somewhat ironically, in order for them to accurately distinguish between privacy-conscious users like yourself and actual criminals, and to block criminals from making a purchase while not incorrectly blocking you, they need to collect additional data.
replies(2): >>yjftsj+2g >>servic+Jz
◧◩
3. yjftsj+2g[view] [source] [discussion] 2020-04-21 22:17:00
>>meowfa+l3
> Because fraudsters' browsers/clients/scripts are also set up to record no history or cookies, and otherwise evade detection/categorization as much as possible

Ah, right, bad guys use privacy-enhancing tech, so we'd better undermine it, even if it screws over legitimate users. You know what fraudsters also tend to use? Chrome. Let's block that, shall we?

4. brongo+Sh[view] [source] 2020-04-21 22:32:32
>>servic+(OP)
Fastmail account recovery keeps an "evercookie" which is "first time account X successfully logged in from this device" which allows us to identify that you're using a device with a long history with the account when trying to recover your account after it was stolen. Obviously we don't want to re-authenticate somebody who first logged in yesterday, because that's probably the thief - but if your computer has been used successfully to log in for the past few years, then it's more likely that the recovery attempt is coming from you (obviously, that's still just one of many things we're checking for).
replies(1): >>dylz+WW1
◧◩
5. servic+Jz[view] [source] [discussion] 2020-04-22 01:37:24
>>meowfa+l3
Right, but I'm saying my setup is no different from the 'fraudsters' you describe, yet I have a seamless shopping experience online.

If I'm able to shop online without issues, why does everyone else 'need' an evercookie?

I'm sure it's helpful, it's the idea that it's necessary is what I take issue with.

replies(1): >>floati+rX
◧◩◪
6. floati+rX[view] [source] [discussion] 2020-04-22 05:44:50
>>servic+Jz
If you don't commit fraud, the only two issues you'll see are that:

1) a small subset of sites will refuse to complete the transaction, as their anti-fraud thresholds are set to deny likely-fraudulent browsers such as yours; and,

2) you will be much more easily fingerprinted and tracked online due to your specific combination of extremely uncommon non-default settings in your browser (which may well mitigate #1 if you're originating from a residential IP address).

If you purchase high-value audio gear or clothing or gift cards — basically, high value things can be resold on eBay immediately — you may find your transaction held for review while someone phone calls you to prove that you're you, but for everyday Amazon or etc. purchasing it's unlikely to matter at all.

◧◩
7. dylz+WW1[view] [source] [discussion] 2020-04-22 15:16:51
>>brongo+Sh
Do they really? evercookie generally has a specific definition, where the application attempts to persist that chunk of data in heavy-handed, abusive, malware-like ways and repopulating it on removal with the same token when possible; usually used in fingerprinting concepts - it isn't just a normal http cookie with the expiration date set years out.
[go to top]