Even if Hulu turned off cookie respawning via etags, you can still track users this way, on the server side. I guess the tricky thing is to correlate the etag of the tracker resource with the rest of the requests that a user makes on a site.
The important distinction is that the ETag is literally no different than a cookie, when used this way. Turning off caching is the new turning off cookies.
Not tricky though. Just put 1-pixel Etagged gif on every page. It gets requested on each page. Or just associate (server-side or client-side) the user's session cookie with the Etag.
ETags may be flushable by clearing the browser cache (but browser implementations may vary).
In 2007, two Mozilla Firefox add-ons were made to prevent the usage of ETags for tracking.
[ http://google.com/search?q=evercookie ]
Edit: sorry, not found an answer yet, but the top Google result for 'EU cookies' is rather fun: http://www.davidnaylor.co.uk/eu-cookies-directive-interactiv...
Would hurt the server a little and reduce speed because there would not be any caching but still helps guarantee no tracking.
The trouble is that most servers are not written properly, the date is not parsed, rather it's string compared with the file date.
For example if the server sends the timezone as EST vs +0400 the browser will send it back exactly as it gets it, when normally you would think that should not matter.
See my comment on the previous thread:
I am currently in the midst of writing a browser plugin to block all this bullshit:
considering just doing a browser fork since the browsers are so uncooperative.
It works in all major (desktop) browsers, but not in some mobile browsers.
I think the cookie debate (in the EU) is not in the best interest of users: with cookies, the user has full control of the data stored, can easily purge cookies, etc. With user-tagging technology moving server-side, this gets a lot more complicated.
For the cache to work your browser must reveal to the server what it has already downloaded, this way or another. And the browser cannot really tell which of the downloaded pieces of data were specially generated to track this particular user.
A possible workaround is to create an intermediate cache to share it with multiple other people, but this creates other privacy concerns.
To put the other side of this argument Kiss Metrics put up a pretty strong denial that they were using etags for tracking http://bit.ly/r5lPbx
Guess it might need a bit more research
Here's where that bit.ly link heads to: http://blog.kissmetrics.com/official-kissmetrics-response-to...
(That said, they never aggregated this data across multiple websites, so I really don't get what the whole fuss was about.)
You're accessing a remote server. There will always be a way for sites to track your visits. There is a necessity for those sites to track your visits. Don't care about their necessity to track you? Stop going to those sites.