The always-fascinating Samy Kamkar has produced a super-tenacious cookie designed to “identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.” Indeed:
“evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.”
Check out that list: ETags, IE userData storage, “storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out” — fiendish! (With a cache time of twenty years, no less.) I’ll take bets as to how long it’ll be before this proof-of-concept is in use by unscrupulous parties.
UPDATE: The New York Times has an informative, if basic, article on HTML 5 and privacy; it specifically addresses Kamkar’s cookie. Check it out!