"The war against persistent zombie cookies—cookies that
never seem to lose your data, even when you delete them—rages
on, as users learn more about the technology. While awareness is
rising thanks to widespread coverage of Flash cookies and, more
recently, HTML5's storage capabilities, we have a long way to go
before Internet users can avoid persistent tracking. Like all
zombie wars, this one will take some time to win; and if you
thought things were bad now, they're about to get worse.
"Case in point: evercookie, an open source JavaScript API by
developer Samy Kamkar. When implemented by a website, evercookie
stores a user ID and cookie data in not two, not three, but eight
different places—with more on the way. Among them are your
standard HTTP cookies, Flash cookies, RGB values of force-cached
PNGs, your Web history, and a smattering of HTML5 storage features.
In addition, Silverlight Storage and Java are apparently on the
way.
"So, when you delete the cookie in one, three, or five places,
evercookie can dip into one of its many other repositories to poll
your user ID and restore the data tracking cookies. It works
cross-browser, too—if the Local Shared Object cookie is
intact, evercookie can spread to whatever other browsers you choose
to use on the same machine. Since most users are barely aware of
these storage methods, it's unlikely that users will ever delete
all of them."
