Evercookie

Evercookie is a JavaScript API that aims to produce extremely persistent cookies in a user's web browser. Unlike standard HTTP cookies, which can be easily deleted by the user, Evercookies employ a variety of storage mechanisms to store data and then aggressively respawn themselves from any remaining storage locations if they are deleted from one. The primary goal is to make it significantly more difficult for users to completely remove tracking information from their browsers.

The techniques Evercookie uses include, but are not limited to:

• Standard HTTP Cookies: The most common form of cookie storage.

• Local Shared Objects (Flash Cookies): Data stored by the Adobe Flash Player, often in hidden locations.

• Silverlight Isolated Storage: Similar to Flash cookies, used by Microsoft Silverlight applications.

• HTML5 Storage Mechanisms: Includes localStorage, sessionStorage, and globalStorage.

• IndexedDB: A NoSQL database built into web browsers.

• CSS History Mining: Exploits browser history to encode and retrieve data. (This method is less reliable and may be blocked by some browsers.)

• ETag Caching: Exploits the browser's caching mechanism using Entity Tags.

• PNG Cache: Stores cookie data within the RGB values of a force-cached PNG image.

The core concept behind Evercookie is "cookie respawning." If the Evercookie code detects that a cookie has been deleted from one location, it will use the data stored in the other locations to recreate it. This makes complete removal challenging, as the user would need to clear all supported storage mechanisms independently.

Evercookies raise significant privacy concerns due to their persistence and the difficulty users face in removing them. The use of such technologies is often viewed as unethical and can be detrimental to user trust. Browsers are increasingly implementing features to mitigate the effectiveness of Evercookie techniques, such as improved cookie management and privacy settings, and sandboxing of Flash and Silverlight storage.