• Categories

  • Archives

    « Home

    Wired: Privacy lawsuit targets ‘Net giants over “zombie” cookies

    Wired reports on a lawsuit concerning online privacy and “cookies,” which collect data about and can track users’ Internet searches and sites visited. Flash cookies (also called “local shared objects, LSOs”) are separate from the HTTP cookies most people know about.

    Last year, researchers at the University of California, Berkeley, released a report revealing that Adobe Flash cookies can “respawn” or “re-create” regular cookies that people have cleared from their browsers. This meant that, even if a person used private browsing mode or manually cleared their HTTP cookies and browsing history, this did not affect Flash cookies, which were stored in a separate location from regular HTTP cookies. So the Flash cookies remained, and they had the ability to re-create the HTTP cookie and other data that consumers thought had been deleted.

    The revelation led to a public outcry about the surreptitious tracking, with privacy advocates calling the Flash cookie respawning deceptive. Now, Wired reports that a lawsuit has been filed over the privacy controversy, Case number 10-CV-5484 in the U.S. District Court for the Northern District of California.

    A wide swath of the net’s top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal court Friday on the grounds they violated federal computer intrusion law by secretly using storage in Adobe’s Flash player to re-create cookies deleted by users.

    At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the web, and used them to re-create traditional browser cookies that users deleted from their computers. […]

    The lawsuit (.pdf), filed in U.S. district court in Central California, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a “pattern of covert online surveillance” and seeks status as a class action lawsuit. The lawsuit was filed by Joseph Malley, a privacy activist lawyer who also played key roles in other high profile privacy lawsuits, including a $9.5 million settlement earlier this year from Facebook over its ill-fated Beacon program and a settlement with Netflix after the company gave imperfectly anonymized data to contestants in a movie recommendation contest.

    “The objective of this scheme was the online harvesting of consumers’ personal information for Defendants’ use in online marketing activities,” wrote Malley, who called the technique “as simple as it was deceptive and devious.” […]

    Adobe’s Flash software is installed on an estimated 98 percent of personal computers, and has been a key component in the explosion of online video, powering video players for sites such as YouTube and Hulu.

    Leave a Reply