0

Local Shared Object, sometimes referred to as SuperCookies, or Flash Cookies is used by my website to uniquely identify user's computer and prevent him/her from using same credentials on many computers. Up until very recently web browsers were unable to delete data in LSO which made it a good tool to serve my purpose. IE9, Firefox 5 and Safari now dump the LSO data when user chooses to delete the cookies/clear history. I understand the reasoning behind this, but in my case I am not secretly tracking user's data or collecting information about the user in order to exploit the personal data.

Is there a way to add my site to some sort of "LSO trusted zone" in the major browsers so they would not delete data stored in LSO by my website?

If there is, I could instruct my users to set their browser preferences accordingly. If not, I would probably have to come up with a different way to positively identify user's computer from a web application (maybe browser fingerprinting?). I saw some banks doing this, and when one tries to log in from a new computer a screen is displayed that "it is the first time you are using this computer to log in". I wonder how that is done, definitely not through IP, since people using the same router will have same IP (large corporations, business/home networks, library)

OctoRazor
  • 31
  • 1
  • 1
  • 3
  • If it's in the users' interest to not to delete your tracking cookies, why try to circumvent their attempts to get rid of them? If what you're doing really is in the interest of the users (and not the advertising industry), you could explain to your users how they benefit from it and simply use plain old cookies.If you want to go to the dark side, look at [these guys](http://www.wired.com/epicenter/2011/07/undeletable-cookie/). But they, too, weren't happy to be exposed to be the bad guys, and [retreat](http://www.wired.com/epicenter/2011/08/kissmetrics_reversal/). – sbi Aug 03 '11 at 13:39
  • Thanks for the article, sbi! The beauty of LSO is that it works across different browsers and once set in one browser, the user will be identified in all other browsers. As to asking users not to delete cookies, I do not think that is going to fly. People (including myself) do want to delete their cookies eventually. – OctoRazor Aug 03 '11 at 13:47

1 Answers1

0

No, there's no way to do that. If you found one, you could find yourself subject to a class-action lawsuit.

when one tries to log in from a new computer a screen is displayed that "it is the first time you are using this computer to log in".

They're generally using LSOs for this. For those of us who routinely clear cache for test purposes, we see this message on every login.

EricLaw
  • 56,563
  • 7
  • 151
  • 196
  • EricLaw, I'm afraid you are mistaken. "Chase" does not use LSO's or cookies and yet they are able to identify your computer. – OctoRazor Aug 03 '11 at 19:58
  • The word "generally" doesn't mean what you may think it means. I never said that Chase specifically is using LSOs. They could be using IE userData, they could be using HTML5 localStorage, they could be using Silverlight/Java/.NET Isolated storage, they could be using Flash cookies, etc, etc, etc. I don't have a Chase account, or I'd tell you exactly what they're using. I'm confident that it is not the case that their site possesses magic powers. – EricLaw Aug 11 '11 at 02:31