Don't forget, if you don't have a Facebook account or the like, someone else can create one in your name and scam your friends / family and screw up your social life pretty bad. At the very least you should maintain and control basic social media accounts to protect your online reputation.

It didn't like some of the xul I put in there.. where it says this line: it should have a xml like tag called maxVersion.

Yes, it's not compatible with FF 4. I did this because I haven't had time to test it with that version. This is simply a limitation I put into the install.rdf file. If you want to give it a try on FF 4 you can download the extension, rename it to .zip and open it up. Edit the install.rdf file and change this line: 3.9.* to something like 9.9.* or whatever you like. Zip the contents back up (do not zip the parent directory, you want to be zipping up content, locale, etc into one archive). If you zip it in a parent directory it won't work. Then just rename the extension to .xpi again and try to install it. It's entirely possible it will work, but I just haven't gotten around to testing it with 4 and I know there are a bunch of changes. Let me know how it goes ;)

I also wrote a prototype http header manipulation program a while back and want to expand it to full fingerprint manipulation. One of the thoughts I have been tossing around is setting the fingerprint to look like a system that has pretty much no configuration options (like an ipod), then adjust the web content client side. There are many devices out there that in terms of configuration and system fonts pretty much all look the same. Of course it will always be an ongoing battle.

Yeah, for the full privacy package you should combine this extension with an anonymizing proxy that you trust. As far as the panopticlick browser fingerprinting issue, I hope to integrate browser fingerprint manipulation into later versions of Nevercookie. This project is my 20 at work, we get 20% of our time for side projects. And yes, I expect Samy to counter with additional features to Evercookie, I'd be sad if he didn't :P.

Check out how it works here: http://www.anonymizer.com/learningcenter/#lc_labs I used nevercookie as sort of a fitness test, but it wasn't designed to only defeat evercookie, it was designed to address the larger problem of tracking via all kinds of local storage mechanisms.

My name is Geoff and I created "nevercookie". I'm a researcher at Anonymizer. I can assure you all that it is not vaporware, it works and has been pretty thoroughly tested, it's just that marketing wants to brand it and make it all slick before we release it to the general public (which should be in a week or two). I've sent out a few beta versions for friends in the security field to test out, and I might be able to send out a few more if anyone is interested in field testing it early (I'll ask my boss). To address concerns about how it works, it's pretty simple actually. When private browsing mode in firefox is initiated, the external data storage of Flash and Silverlight is quarantined (this is done because the browser normally can't touch these things cause they are browser independent, this is the most obvious place that an evercookie can respawn from (unless you clean it manually)). Then a clean, temporary user profile is spawned for the current browsing session, eliminating any lingering cached data. There's actually a decent explanation here: http://www.anonymizer.com/learningcenter/#lc_labs