Bad cookies

August 23, 2009 / Macrodobia Flash, what’s not to love?

Flash… ah-ahhh…

This sucks:

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

Ah, but there’s more:

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called “re-spawning” in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

You had better read the whole thing.

Cleaning up

More light reading about this glorious privacy debacle:

Warning on the first two links: you might find, as I did, that going to a weird-arse Adobe web page over plain old http with no authentication to adjust your Flash privacy settings is creepy. Thank you, once again, Macrodobia for making Internet so fun.

Comments are closed.

Zero to One-Eighty contains writing on design, opinion, stories and technology.