Is it possible/does there exist a website tracking mechanism besides cookies that can stay persistent in such a way that clearing cookies and cache an using a new IP is of no use and can still trace the user?
I read that flash can 'see' past even anonymous proxies and in some instances, JavaScript can too.
Definitely yes. There are much more mechanisms to track you through the web. First of all, there are "normal" cookies which are stored like a file. But it´s easy to delete them from your PC. After that there is a technique called "Evercookie". It works like a normal Cookie but it's very hard to delete. It stores its information in any of these locations:
- Standard HTTP Cookies
- HTTP Strict Transport Security (HSTS) Pinning
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached
PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
- HTML5 IndexedDB
- Java JNLP PersistenceService
- Java CVE-2013-0422 exploit (applet sandbox escaping)
That's quite a lot of places for them. Another evercookie can be stored as DNS entry from a server which does not exist. If it's recorded on your PC the webpage knows that you have visited it before.
After the evercookie, there are different methods to track your phone or tablet through your battery load with the "Battery Status API" in HTML5. You can read more Information about it here.
A very new thing is to track the user through touch gestures. This is a very unconventional method and I'm quite sure no one uses it right now but as you can see it's possible!
There are more methods but I think these are the interesting ones. Especially the Evercookie and normal Cookie is currently used to track us all.
Now the interesting part. How can you prevent being traced? Generally, it's very hard. If you want to be hidden you should consider moving over to tails and Tor in combination with a VPN. It's definitely better than Windows. If you still want to use Windows you can use some extensions like NoScript or Privacy Badger. They help you to reduce the amount of tracking but also can't prevent it 100%.
Browser fingerprinting technique can be used to find your browser but I believe Adblockers for browsers can prevent execution of tracking JavaScripts. However browser fingerprinting techniques gathers browser metadata which can be obtained from server-side scripts but you can use browser extensions to hide user agent and browser version.
Incognito window can prevent from cookies but doesn't prevent from browser fingerprinting.
