[pavpanchekha]

I tried to do my best figuring out what this cunning new method is, but the article seems to have no information. Is it just that it's using my browser's ETags cache?

Also, what's with referring to ETags as a "theoretical technique never before seen in the wild"? It's pretty friggin standard.

[rjbond3rd]

The trick is the server generates a unique Etag for each visitor.

Then the visitor's browser sends the Etag back to the server (in an "If-None-Match" header), and thus it acts as a quasi-cookie.

[Groxx]

That's the picture I get too, but I don't see how clearing the cache doesn't, you know, clear the cache. It would seem to imply that if the Etag is still around, it's not really cleared - maybe the data is gone, but the knowledge that the data existed isn't. And it persists through privacy-mode.

Which means I/we am/are either misunderstanding something, or the people who designed privacy and cache-clearing tools had a massive blind-spot.

[rjbond3rd]

There are many other techniques employed. As soon as one of the techniques works, it re-populates the others. (Cache clearing doesn't affect Flash cookies [LSO's]).

[robtoo]

Cache clearing doesn't affect Flash cookies [LSO's]

This is coming soon to a Chrome near you: http://blog.chromium.org/2011/04/providing-transparency-and-...

Presumably other browsers will follow.

[khuey]

It's already shipping in some:

http://blog.sidstamm.com/2011/05/clearing-flash-cookies-usin...