Flash cookies aren't the only way of
circumventing users' ability to opt out of online tracking.
Web publishers also can extract a host of information from users' browsers -- including operating systems, time zones, screen size, plug-ins installed and system fonts -- and can use that trove of
data to create digital fingerprints. What's more, those fingerprints can be used to identify returning users even if they've deleted their cookies.
The Electronic Frontier Foundation this
week detailed how companies can use browser-configuration information to identify users, and also launched a new project, Panopticlick, aimed at testing just how useful this type of data is for tracking people.
Peter Eckersley, staff technologist at the EFF, says the
group decided to study the issue after hearing rumors that analytics companies were indeed using information from people's browsers to track them.
Once Web sites collect browser
"fingerprints," then those sites can theoretically recognize some visitors upon their return regardless of whether they still have their cookies, Eckersly says. Additionally, he says, sites that
identify a returning browser based on the configuration data -- or, perhaps, a combination of configuration data and IP address -- can then restore any cookies previously associated with that
browser.
Obviously, some Web companies would like to garner more information about their visitors than those visitors want to share. But using technology that effectively thwarts people's
decisions to erase cookies is clearly a bad idea -- and one that could potentially land Web companies in court in the near future.