Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I cleared cookies and more, so how did a web site still know it was me?

Question:

I logged into a website on two separate instances with a different ID and a
different IP. I rebooted my router so the IP changed each time, but from the
same machine – trying to create a second account for my brother. I also had all
cookies deleted and forbid the specific site from downloading more into my
machine. The website actually was able to find out that this was me logging in
with different IDs. My question is: how can the website (even after taking all
these measures) know that it’s still me?

In this excerpt from
Answercast #33
, I look at the many methods that websites can use to remember
who you are; leaving any one of them in place could result in them remembering
you.

]]>

Website knows it’s me

It’s surprising that a website would go to these lengths, but it’s certainly possible.

Now, there are a couple of things that I would immediately jump on.

  1. One is are you really sure you got a different IP?

Typically, rebooting a router will not necessarily assign you a new IP address. It depends on your ISP. Sometimes, they do; sometimes, they don’t.

In my case, my experience has been that when you reboot your router, nine times out of ten you get the same IP address you had five minutes ago. So that may or may not have been part of what’s leading into this.

Flash cookies

The other thing that immediately comes to mind is something called Flash cookies.

You’ve cleared your cookies; and I know that you know how to go into the browser and clear the cookies. But in fact, using Flash, there is a different kind of persistent storage that web pages can use Flash to access.

  • They can use Flash to drop the equivalent of a cookie.

In fact, we tend to refer to them as “Flash cookies” because they are data left by Adobe Flash technology. It’s possible that the website could be using Flash cookies. You simply didn’t clear them because you didn’t know – most people don’t. So that’s something else to try.

I believe CCleaner will actually clear Flash cookies for you. If you don’t want to use that, there are other approaches to clearing Flash cookies, even by using some applications available at the Adobe website.

Just Google “clear Flash cookies” and you’ll come up with a bunch of ways to do that.

Super cookies

Finally (and this is a little bit more off the slightly-paranoid spectrum), if you look into a technology that I think was called “Super Cookies,” they use about ten different technologies to save a piece of information on your computer.

  • Now I just mentioned Flash cookies; so obviously, if a site uses Flash cookies that means that if you erase your regular cookies, the information is still there.

  • Conversely, if you know about Flash cookies and erase those, but don’t erase your regular cookies, the information is still there.

  • Multiply that by 10. In other words, have 10 different technologies that this Super Cookie technology can use, and there are several different ways to leave something on your machine that can readily identify it as being you.

I’m not aware of any websites that use this. This is really, pretty arcane stuff. A lot of it was done as ‘proof of concept’ as to how easy it is to do. But in reality, I don’t see anybody actually doing it.

More information

I think, to get a little deeper into your problem would probably require understanding what website it is you’re trying to access as well.

But that’s what comes to mind.

End of Answercast #33 Back to – Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “I cleared cookies and more, so how did a web site still know it was me?”

  1. Using Firefox, flash cookies can very easily be cleared with the add-on Better Privacy. The first time I fired up Better Privacy I was shocked at how many flash cookies (LSO’s) were on my machine, and also at which websites had placed them there. There are different settings that will clear them at a variety of options, e.g. opening or exiting the browser, and you can exclude ones you want to keep from deletion. It is my understanding that LSO’s / flash cookies are not harmless.

    LSOs and Flash Cookies, like any technology are not harmful in and of themselves. They can be used in ways that reduce privacy, but more often than not they are simply used to provide a better experience for the user. I honestly believe that the concerns about cookies – browser or flash – are overblown. They’re certainly not something I worry about.

    Leo
    10-Jul-2012
    Reply
  2. Interesting and a bit ironic. vid.askleomedia.com has a LSO on my system. It’s only a little one and I think I’ll let it stay.

    Honestly, I’m surprised. My guess is that it’s a side effect of the Flash-based video player that I use. Feel free to delete it – nothing I do depends on it. Smile

    Leo
    10-Jul-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.