More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.
Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.
Ah, but there’s more:
Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called “re-spawning” in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”
You had better read the whole thing.
More light reading about this glorious privacy debacle:
- Adjust your Flash Global Privacy Settings
- Adjust your Flash Website Privacy Settings
- Overview piece: “How Flash Cookies Threaten Your Privacy”
- Wikipedia page on Local Shared Objects
- Mozilla Firefox plugin: BetterPrivacy
- Windows optimization, privacy and cleaning tool: CCleaner
- Flash cookie removal tool for Mac OS X: Flush.app
Warning on the first two links: you might find, as I did, that going to a weird-arse Adobe web page over plain old
http with no authentication to adjust your Flash privacy settings is creepy. Thank you, once again, Macrodobia for making Internet so fun.