This post inspired by Dominic White's attempt at killing Samy Kamar's evercookie demo. As described:
evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.
Yes, plain evil. Samy research highlights a crucial aspect of privacy protection available in modern Web browsers -- and how difficult it can be for the average user to maintain. Dominic's solution for the Safari browser apparently requires a reset & restart of the browser and a bash script. I decided to try and find a way to do the same for Google Chrome, but without an annoying browser restart and using only the GUI. Below is my process that appears to work against Samy's current version.
Go to Samy's evercookie demo
- Click "Click to create an ever cookie" * not down the number
1) Open a new tab, then close all other windows and tabs.
2) Delete Silverlight Isolated Storage
Go to http://www.silverlight.net/
Right click the Silverlight application (any app will do)
Silverlight Preferences > Application Storage > Delete all...
* Optionally disable "Enable application storage"
3) Delete Flash Local Shared Objects (LSO)
Go got the Flash "Website Storage Settings panel"
Click "Delete all sites"
4) Clear Browsing Data
- Wrench > Tools > Clear Browsing Data...
- Select all options
- Clear data from this period: Everything
- Click "Clear Browsing data"
Go back to Samy's evercookie demo
- Click "Click to rediscover cookies WITHOUT reactivating deleted cookies"
- The process was successful is all mechanisms return "undefined"