How to remove evercookies from your PC

When you visit a website, every website will store a text-based cookie on your PC – worth remembering it’s not an executable file. Websites will track your browser behavior using a cookie which is stored in your cache and history. The cookie is used for authentication (including encryption), storing site preferences and so forth. In fact a cookie can store anything that is “data”. Most browsers (IE, Firefox, Chrome, Safari) will allow users to delete cookies after a browser session (normally when you close the browser).

However there is one cookie which is very difficult to remove from your PC. The ‘evercookie’ is a persistent JavaScript API, which if you value your privacy, should have an option to be removed from a browser session – strangely it isn’t. For most surfers you will probably be unaware of this cookie and if you do know what it is, the chances are you will not know how to remove it. It’s little understood outside of technical and marketing circles – online advertisers and app developers are using evercookies more and more – so let’s have a closer look at how you can control and manage these persistent cookies.

The evercookie is stored in multiple data storage locations on your PC, so it’s very difficult to completely remove. Privacy wise, the evercookie can be deleted but it has an uncanny habit of regenerating itself. It behaves more like spyware or malware and I’ve heard it refered as ‘obfuscated code’ – it is delivered as part of JavaScript, HTTP, Flash, Silverlight, HTML5 DOM etc – so this means the evercookie and it’s purpose is completely concealed from you. Is this malicious code? Probably, but it’s not illegal for the distributors to use. Still value your privacy? If you do, then I suggest you use either BleachBit or Maxa-tools which will stop most of these persistent cookies:

• Download BleachBit: http://bleachbit.sourceforge.net/
• Read more: http://bleachbit.sourceforge.net/news/bleachbit-081-evercookie
• Alternatively download: http://www.maxa-tools.com/cookie.php?lang=en
• Anonymizer Nevercookie add-on (works in Private Browsing mode on FireFox) is a proof-of-concept but nevertheless worth a look: http://nevercookie.anonymizer.com/
• Updated 09/05/11: https://addons.mozilla.org/en-US/firefox/addon/sharemenot/. ShareMeNot is a Firefox add-on designed to prevent third-party buttons (i.e. Facebook “Like” button”) from tracking you. The main advantage of ShareMeNot, is that unlike NoScript it doesn’t remove the buttons from the Web experience.

*BleachBit and Maxa-tools works with Firefox, Opera, Safari, Internet Explorer (IE), Google Chrome and many more Windows, Mac and Linux applications.
For those who use the popular CCleaner, this doesn’t currently remove these persistent cookies, so I’d suggest you use BleachBit or Maxa-tools to control/remove the evercookies. The most secure way to protect your browser from evercookies in my opinion, is to use a sandbox. This isn’t for beginners though.