Wired has an update on a lawsuit concerning online privacy and “cookies,” which collect data about and can track users’ Internet searches and sites visited. Flash cookies (also called “local shared objects, LSOs”) are separate from the HTTP cookies most people know about.
Last year, researchers at the University of California, Berkeley, released a report revealing that Adobe Flash cookies can “respawn” or “re-create” regular cookies that people have cleared from their browsers. This meant that, even if a person used private browsing mode or manually cleared their HTTP cookies and browsing history, this did not affect Flash cookies, which were stored in a separate location from regular HTTP cookies. So the Flash cookies remained, and they had the ability to re-create the HTTP cookie and other data that consumers thought had been deleted. There was public anger about the secret tracking.
In July, lawyer Justin Malley sought class-action status for a lawsuit against Quantcast, which used Flash cookies to re-create HTTP cookies that were cleared. Case number CV10-05484 (pdf) was filed in the U.S. District Court for the Central District of California.
Now, Wired reports that “online tracking firm Quantcast has agreed to pay $2.4 million to settle a class action lawsuit alleging it secretly used Adobe’s ubiquitous Flash plug-in to re-create tracking cookies after users deleted them.”
More than $1 million of the settlement will go to fund privacy groups chosen by the plaintiffs, and 25% will go to the lawyers who filed the suit. It’s unlikely that any money will go to the class, since it essentially includes every internet user in the U.S. […]
The suit also targeted a wide swath of the net’s top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, which were sued in federal court on the grounds they violated federal computer intrusion law by using Quantcast’s technology. The proposed settlement releases those companies from the lawsuit, as well. […]
All modern browsers now include fine-grained controls to let users decide what cookies to accept and which to get rid of, but Flash cookies are handled differently. These are fixed through a web page on Adobe’s site, where the controls are not easily understood (there is a panel for Global Privacy Settings and another for Website Privacy Settings — the difference is unclear). In fact, the controls are so odd, the page has to tell you that it is the control, not just a tutorial on how to use the control.
Those who are looking to have more control over their cookies in all forms can find some help in two add-ons for Firefox: BetterPrivacy and Abine.