Websites and services can use several techniques to identify a specific user visiting their properties, or third party properties they are affiliated with. Among the most common ones are standard HTML cookies, but also so called Flash cookies, also known as Local Shared Objects.
Why would someone want to drop data into that many locations? Easy: For a far superior user identification. When a site drops a cookie on the user's system it can identify the user for as long as the cookie is active. If the user deletes the cookie it cannot identify the user anymore. It may use algorithms to calculate probabilities but it usually cannot be sure that this is indeed a user who visited the site in the past.
Evercookies introduce a whole new level of user tracking. The website will be able to track the user, and reproduce deleted cookies, if at least one cookie or data in storage locations is not deleted by the user. And we all know that many users still have not heard about Flash cookies, the second most known form of storing cookies on a user system yet. How will those users cope with the news that there are more than ten additional ways of storing data to track a user?
Samy Kamkar has put up a demonstration page where users can set evercookies manually on their system. The same page contains options to rediscover the cookies. The suggested way of using the demonstration is to set the evercookie, delete cookies in all places known to the user to finally revisit the site to see if the evercookie is still existing on the system. The first rediscover button drops all deleted cookies in their place again, the second button does not do that. It is interesting that this method is able to track a user even if the browser is switched, at least as long as the Flash cookie is not deleted.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.