Defending Against Extremely Persistent Storage

There are times when you need to question what you are doing, and why you are doing it.  Take for instance the “evercookie” at http://samy.pl/evercookie/.  I came across this when Kevin Dente posted a link to it on Twitter.

The jist of it is to use all the available resources of the browser and it’s plugins to create a truly persistent cookie across browser resets and cookie cleanups.  I’ll admit, it’s kind of a neat idea, but realistically, it will only be used for bad.  As Kevin said, no good can come of this.

Now, nothing is ever truly persistent when it comes to browsers.  At some point you can clean everything.  The problem is the plugins.  Flash is…well, I hate Flash.  It is an abomination.  Then there is Silverlight.  Plus Java, and any plugin or ActiveX control that ties into the browser that stores data locally.

While I could get into the privacy and security debate over all of this, what it really boils down to is that it’s just really annoying.  I don’t want websites keeping persistent data on my machine if I don’t want them to.  It’s my PC, not theirs.

So I’ve started work on a little script.  It will clear cache of IE 7+ and delete all persistent storage for Flash, Java, and Silverlight.

Keep in mind this will delete your history as well!

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

cd %appdata%
cd "Macromedia\Flash Player\"
rmdir "#SharedObjects" /S /Q

cd %appdata%
cd "Macromedia\Flash Player\macromedia.com\support\flashplayer\"
rmdir "sys" /S /Q

cd "C:\Program Files (x86)\Java\jre6\bin"
javaws -Xclearcache -silent -Xnosplash

cd "%userprofile%"
cd AppData\LocalLow\Microsoft\Silverlight"
rmdir "is" /S /Q

Now, I should also give a word of caution.  This is by no means a sure-fire way to protect your privacy.  That’s pretty hard to do.  This is only designed to do a very simple cleanup of the usual suspects.  If you are really wanting to keep your browsing anonymous, turn off all plugins, turn off all scripting, and run in InPrivate Browsing mode.

I’ll update the script as necessary over time.