Hidden Cookies: Privacy Landmines

Consumers who delete tracking cookies, or instruct their browsers to reject them, often do so for a simple reason: They don't want to be tracked online.

But some online ad companies seem to think they've figured out a workaround -- Flash cookies. These cookies aren't stored in the same place as HTTP cookies, which means that users who tell their browsers to delete cookies aren't getting rid of the Flash cookies.

The result is that people aren't deleting these cookies as often as they delete HTTP cookies -- at least not yet. But that situation is certain to change as more people become aware of Flash cookies.

And it's inevitable that people will learn about such tracking techniques, thanks to the efforts of privacy advocates, rights groups like the Electronic Frontier Foundation, and researchers like those at the UC Berkeley School of Law, which recently published a study on Flash Cookies.

UC Berkeley reported that 54 of the top 100 sites set Flash cookies, while 31 of them stored similar information on Flash cookies as on HTTP cookies. This means that even if users delete their HTTP cookies, information on the Flash cookies can be used to reconstruct the HTTP cookies, "thus subverting the user's attempt to prevent tracking," the researchers wrote.

They also found that at least one site used a Flash cookie even when the user had opted out of tracking through the Network Advertising Initiative's opt-out cookie.

What's more, only four of the top 100 sites even mentioned the use of Flash cookies. "Given the different storage characteristics of Flash cookies, without disclosure of Flash cookies in a privacy policy, it is unclear how the average user would even know of the technology," the report states.

Any tracking technology that relies on consumers' ignorance to work won't work for long. Not when so many privacy advocates, policymakers and companies are currently focused on behavioral advertising -- and on giving people the tools to take control of their data. Already, the Firefox plugin BetterPrivacy and the shareware program Glary Utilities Pro can help users purge Flash cookies, according to the UC Berkeley researchers.

Industry executives insist that they can regulate themselves. But this recent adoption of Flash cookies -- done without notice to consumers and seemingly aimed at getting around users' own privacy preferences -- isn't the best way to prove that.

2 comments about "Hidden Cookies: Privacy Landmines".
Check to receive email when comments are posted.
  1. Douglas Ferguson from College of Charleston, September 16, 2009 at 5:59 p.m.

    You can delete HTML cookies and now you can delete Flash cookies, but what about those black helicopters circling your house at night? How do you delete them? (Not to mention the CIA listening to your cell phone conversations....)

  2. Douglas Ferguson from College of Charleston, September 16, 2009 at 7:50 p.m.

    Here's a topic that should be explored, one that cites Marc Rotenberg:

    Hope it's not too much of a hot potato...

Next story loading loading..