Its goal is to identify a client even after they’ve removed standard cookies, removed Flash cookies (Local Shared Objects or LSOs), and others. This allows websites to track user behavior even when users have enabled private browsing because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage.
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached
- PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
“Simply think of it as cookies that just won’t go away,” reads the evercookie FAQ.
ArsTechnica has posted an article “It is possible to kill the evercookie,” that shows different ways to protect yourself from evercookie but Firefox users can protect themselves by just using a simple add-on named “Anonymizer Nevercookie.”
Anonymizer Nevercookie eliminates the manual steps required to completely remove Evercookies. It does so without removing all the necessary cookies that you may actually want to keep, such as those for browsing history and remembered logins. When Anonymizer Nevercookie is engaged along with Firefox’s private browsing mode, it quarantines an Evercookie and removes it after the browsing session.
Quick Start Guide to use Anonymizer Nevercookie add-on:
- After installing the add-on, launch Firefox browser again, go to Tools > Start Private Browsing
- A new browser window will open. It will be branded with a blue Navigation Menu bar.
- Use this window for your private browsing session.
- To leave private browsing mode, close the private browsing window and in the parent Firefox window go to Tools > Stop Private Browsing.
Note: Leaving private browsing mode will release Flash and Silverlight cookies from quarantine and make you trackable again, so don’t end private browsing mode until you are finished your private session.
Important: If you haven’t used Firefox profiles before, you will probably notice a Profile selection prompt when starting Firefox after installing the extension. This is because the extension creates a temporary profile for each browsing session. If you don’t wish to see this prompt, select the default profile and check the box marked “Don’t ask at startup”.