MediaPost reports on an issue we’ve discussed before — Adobe Flash cookies, which can “respawn” or “re-create” regular cookies that people have cleared from their browsers. In August, researchers at the University of California-Berkeley released a report: “We found that top 100 websites are using Flash cookies to ‘respawn,’ or recreate deleted HTTP cookies. This means that privacy-sensitive consumers who ‘toss’ their HTTP cookies to prevent tracking or remain anonymous are still being uniquely identified online by advertising companies. Few websites disclose their use of Flash in privacy policies, and many companies using Flash are privacy certified by TRUSTe.”
The researchers noted that Flash cookies can be more persistent than regular HTTP cookies. “Flash cookies can contain up to 100KB of information by default (HTTP cookies only store 4KB). Flash cookies do not have expiration dates by default, whereas HTTP cookies expire at the end of a session unless programmed to live longer by the domain setting the cookie. Flash cookies are stored in a different location than HTTP cookies, thus users may not know what files to delete in order to eliminate them. Additionally, they are stored so that different browsers and stand-alone Flash widgets installed on a given computer access the same persistent Flash cookies. Flash cookies are not controlled by the browser. Thus erasing HTTP cookies, clearing history, erasing the cache, or choosing a delete private data option within the browser does not affect Flash cookies.”
Now MediaPost discusses a new study from media audit company BPA Worldwide.
The report, authored by analytics expert Eric Peterson, warns that the use of Flash cookies, also called “local shared objects,” to override consumers’ choices could invite new privacy laws. “With the attention given to consumer privacy on the Internet at both individual and governmental levels, we believe that companies making inappropriate or irresponsible use of the Flash technology are very likely asking for trouble, (and potentially putting the rest of the online industry at risk of additional government regulation),” writes Peterson, CEO and principal consultant at Web Analytics Demystified. […]
Jules Polonetsky, director of the think tank Future of Privacy Forum, […] says that companies also should refrain from using Flash cookies for tracking, given that most consumers don’t know about the technology. “To use a mechanism that most users are unaware of to track them is extremely poor privacy behavior,” Polonetsky says.
Erica Newland, a policy analyst at the watchdog group Center for Democracy & Technology, agrees. “Right now the use of local shared objects do not align well with consumer expectations,” she says. “No matter how they’re implemented, we think these pose additional privacy concerns.”