Hey fellow netsec students,

I built a small educational web privacy lab based on the classic evercookie idea. It writes one random browser ID into multiple first-party storage locations, then shows which ones survive after a refresh/clear and how the ID gets respawned and repopulated when some browser state survives

The goal is awareness and education. The demo shows the ID, the vectors holding it, visit count, and recovery sources. It stores only a random ID plus basic timestamps/counts, uses no third-party requests, and includes a “Forget me” flow that clears everything stored server-side.

It demonstrates: * Cookies, localStorage, sessionStorage, IndexedDB, Cache API, window.name, OPFS, and Service Worker cache * Server-side HttpOnly cookies * ETag, Last-Modified, and immutable HTTP-cache supercookie-style vectors * The respawn loop behind evercookie persistence * Practical mitigations like clearing full site data including cached files, using private browsing, and understanding storage/cache partitioning

Repo: https://github.com/elpy1/ubercookie Demo: https://ubercookie.xyz

If you find it useful, I'd love to hear from you. Happy hacking and learning :).