As reported earlier this month by Infosecurity, evercookies are a recent arrival on the internet scene and, although classed as a cookie, are actually Javascript APIs that produce extremely persistent cookies in a web browser.
The goal of an evercookie is to identify a user's PC, even after they have removed standard cookies, as well as local shared objects such as Flash cookies.
According to the Heisse Online newswire, it is now possible to delete the distributed information stored by the evercookie, although, sadly, there is no current software/interface to do this.
However, says the newswire, several experts have created scripts to compete the task, such as Jeremiah Grossmann, a browser security specialist, who has published directions on how to erase the information in Google's Chrome browser.
"Under Windows, any Silverlight and Flash cookies must be deleted along with all internet data by selecting Wrench, Tools, Clear Browsing Data", adds the newswire.
Infosecurity notes that another security researcher, Dominic White, has published details of how to delete the evercookie data under Firefox, and has also published a script to complete the process under Safari.
In his security blog, White says that, under Safari, the process is complex, as even if the Safari store is cleared, "the HTML5 localStorage mechanism isn't properly cleared and the evercookie reloads itself."
"I know this and my previous entry are scorched earth tactics. I'm okay with that for initial work and for browsers I don't use as my primary, due to limited privacy controls", he says.
White goes on to say that on the Apple iPhone the process is even more difficult, and, as a result, notes that Apple really needs to fix the problem, "as it needs to update the MobileSafari preferences to properly clear HTML5 local storage."
"Currently, there is no way to do this without jailbreaking. Second, they need to add the ability to clear the history/cache/cookies/HTML5 storage for all apps with an embedded WebKit browser. How they do it is up to them, but a central option to clear all would be a good start", he says.