What's an evercookie?
An evercookie is a persistent cookie that uses numerous clever techniques to avoid full deletion by the user. Think of it as a "super-cookie" that can be used to track your online activities even though you have taken steps to protect yourself, and you think you are protected against tracking.
To make matters worse, evercookies use something known as a local shared object (a Flash variable) to provide cross-browser tracking. This is another great reason to block Flash by default -- if you are a FireFox user, you really should be using FlashBlock, NoScript, or other techniques to avoid auto-loading Flash animations in your browser.
Delete, remove, or prevent evercookies
So, how can I delete an evercookie or prevent an evercookie from being set on my computer?
Well, according to the evercookie's creator, using Safari's private browsing mode defeats the evercookie system and prevents evercookies from being used between browsing sessions.
On first glance, it appears that Chrome's Incognito scheme will make you safe from evercookies. I'm going to perform additional tests and post the results here.
Delete Flash Cookies
Since the Flash cookie storage seems to be one of the key components of the evercookie system, we'll have to find ways to block or remove the Flash cookies.
If you want to delete the Flash cookies that may be used as part of the evercookie scheme, you will need to delete the files that Flash stores in your local file system.
The files are stored with a .sol file extension, and on Windows systems they are usually located under the user's AppData store. You can open an Explorer window and visit %AppData% (or enter the string %AppData% under the Start menu's Run box). Of course, these things are stored in places that are normally hidden by Windows (for your own good, of course) -- so viewing (and deleting) them may be a bit tricky. We'll cover that in more detail later.
The other thing you can do is to use the Flash Website Storage Settings manager. This Flash application allows you to view visited web sites that have stored data on your computer, and delete the stored data. You can also change settings Flash Global Storage Settings manager. You can change settings to disallow future Flash cookie storage. Of course, this may cause problems with some legitimate sites, so you may have to leave the cookie storage enabled.
Silverlight Isolated Storage
If you have Microsoft Silverlight installed, you may also need to clear Silverlight Isolated Storage:
- Visit Microsoft's Silverlight site: http://www.silverlight.net/
- Right click any Silverlight application on that page, select "Siverlight" in the pop-up menu that appears
- Microsoft Silverlight Configuration window appears, select the "Application Storage" tab > select the "Delete all... button
- Optionally disable "Enable application storage"