Briefly: Cookies can be used to identify and track users even if they change or hide their IP address. A solution might be to use encryption such as the https protocol replacing http. Unfortunately,the recent revelations of defects in the Secure Sockets Layer (SSL) have made this course of action more difficult. The good news is that the defects are being fixed. A greater difficulty is to convince all those cookie dispensing web sites to change over to encrypted sessions. The paper estimates that 90% of the cookie dispensers will have to change over to make this tracking ineffective.
A better solution, from the user's viewpoint, is to forbid the browser from accepting cookies as far as possible, and clearing all remaining cookies frequently.