hankchinaski

I once built a cookie-less tracking app without using IP address or user agent. The idea came from this[0]. It would serve a file to the user with an etag that let the browser cache the file for an indefinite period of time (effectively acting as a cookie but not being classified as one). There might be some quirks as the caching behaviour is not guaranteed (I think the caching is discretionary to the browser based also on the available cache). But it is an interesting approach to use something that is similar to a cookie but technically isn’t.

Also user agents are not unique[1] but combined with IP addresses should be pretty safe to assume the fingerprint generated from both is.

[0] https://lucb1e.com/rp/cookielesscookies/ [1] https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent

stunt
I first saw ETAG method on evercookie project. HTML5 Canvas is also a funny/smart technique that I saw there. https://github.com/samyk/evercookie

One of the purposes of the evercookie project was to have a collection of tracking methods that browser vendors can test against their implementation.