The New York Times ran an article this week, New Web Code Draws Concern Over Privacy Risks, that warns of the "privacy risks" that are "integral part of the Web language that will soon power the Internet: HTML 5." It talks about "supercookies" and Samy Kamkar's Evercookie, but as often happens in the pulp press, provides few specifics, or even a link to Kamkar's site.
As it turns out, Slashdot and ars technica covered this a month ago, and it turns out the problem is not new to HTML5. While most people know that cookies can be used to store data that persists across browser sessions, and many know how to find the browser button that deletes them, there are many more places that a clever Web developer can stash data, including hiding them inside cached images. Flash has long had local shared objects which you can see using Adobe's settings panel. The latter is actually a Flash application that runs when you visit the Web site, so it's a little spooky despite the reassurance that "The list of websites above is stored on your computer only."
Future browsers will probably provide better tools for displaying and deleting information from these locations, but I doubt people will use them. Just try deleting all your cookies today and see how tedious is it to re-enter all your usernames and preferences at each web site you visit. Once Web sites start relying on local SQL storage the fun really begins.