The Forever Cookie: New Tracking Technologies Continue To Threaten Privacy
At the time, the company bragged that the pie -- a Flash cookie, also known as a local shared object, which is stored in a different place in the browser than an HTTP cookie -- wouldn't be deleted from any then-available anti-adware or spyware-removal program.
Fast-forward to the present: Dozens of companies are facing potential class-action lawsuits for allegedly circumventing people's privacy choices by using Flash to create erased HTTP cookies. Federal Trade Commission officials are blasting companies for bypassing users' settings. Congress is probing Web companies' online tracking methods -- including, specifically, the use of Flash.
But even as lawmakers and other officials investigate the 5-year-old pie, new tracking technology is emerging that could prove even more controversial.
Among the latest is programmer Samy Kamkar's evercookie, created to demonstrate just how easily a company can track people regardless of their preferences. "Simply think of it as cookies that just won't go away," he writes in a post explaining the tool. "If the user deletes their standard HTTP cookies, LSO (local shared objects) data, and all HTML5 storage, the PNG cookie and history cookies will still exist. Once either of those are discovered, all of the others will come back (assuming the browser supports them)."
Kamkar himself makes it clear that he's no fan of this type of forced tracking; he tells The New York Times: "I should also be able to opt out because it is my computer." Still, if Kamkar thought of it, probably others did too. If not, they certainly know about it now.
But that's only one possible new tracking technology. Consider, the Electronic Frontier Foundation recently said that the vast majority of Web users' browsers are unique and trackable. In other words, even if users erase their cookies, they can be tracked based on the characteristics of their browsers -- without their consent.
Currently no law requires companies to allow users to opt out of tracking, which means that evercookie is legal in the U.S., as are browser-based identifications. But don't expect five more years to pass before policymakers tackle the subject. Congress and the FTC are far more attuned to online privacy now than in 2005, when Flash cookies were first proposed as tracking mechanisms. What's more, the plaintiffs' bar has taken an interest in online privacy in the last two years, suing companies ranging from Google to Amazon to NebuAd for alleged privacy violations.
Still, whether companies will be less eager to deploy evercookie (or other similarly hard-to-control tracking mechanisms) than older forms of tracking remains to be seen.