These "evercookies" are "an extremely resilient tracking mechanism, and have been found to be used by many popular sites to circumvent deliberate user actions," the researchers wrote on a website that summarized their findings. Respawning Flash cookies were found on 107 of the top 10,000 sites.
The third method, cookie syncing, involves domains that share pseudonymous IDs associated with a user. The practice is also known as cookie matching and is a workaround for the same-origin policy, a security measure that prevents sites from directly reading each other's cookies. Such matching is helpful for targeting advertisements and for selling those ads in automated online auctions.
The researchers argue that cookie syncing "can greatly amplify privacy breaches" since companies could merge their databases containing the browsing histories of users they're monitoring. Such sharing would be hidden from public view.
Those companies are then in "position to merge their database entries corresponding to a particular user, thereby reconstructing a larger fraction of the user's browsing patterns."
"All of this argues that greater oversight over online tracking is becoming ever more necessary," they wrote.
The paper was authored by Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk