[_delirium]

The article focuses mostly on legal measures (e.g. lawsuits, regulation), but my guess is that those would only deter the largest companies. What I'm more worried about is why 'incognito' modes in current browsers don't appear to stymie this tracking, and how likely it is that that can be fixed.

[gojomo]

I, too, would be rather surprised that incognito/private-browsing would share cached data (and thus ETags as sent on If-None-Match requests) with normal browsing.

Looking at the researchers' paper...

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390

...it's not clear that's what they're claiming. One quote is that "Even in private browsing mode, ETags can track the user during a browser session."

That suggests they may be concerned about cross-site tracking within a single private session, and the possible expectation that 'private browsing' prevents tracking from site to site. (I've never had that expectation; only that a private session is not connected to distinct prior private and non-private sessions.)

[catch23]

I just tested incognito, it seems to defeat the etags mechanism of tracking.

[thezilch]

Not true; http://news.ycombinator.com/item?id=2824760

[gojomo]

I think you're agreeing with catch23; that 'it' is referring to 'incognito' not 'KISSmetrics technique'. Incognito mode does defeat the ETag tracking (at least across distinct sessions).

[thezilch]

I'm not so sure, based on the comment the counterclaim was in reply to. Nonetheless, hopefully these tests better suit the depiction of what we can come to expect from these tracking techniques in mixed session types.

[mtogo]

From what i gather it's basically just an evercookie. Block kissmetrics with a host file, firewall, Ghostery (Not the chrome version, though), RequestPolicy, etc or defeat evercookie through usual means and you'll be fine.