In a move aimed at improving users' ability to control their online privacy, Adobe
announced today that it is working with browser companies to enable users to
delete Flash cookies directly from their browsers. Adobe additionally said it is planning to redesign the Flash Player to simplify privacy settings.
Adobe's announcement comes more than
one year after researchers at Berkeley called attention to the use of Flash cookies to circumvent users' privacy decisions,
and more than five years after ad technology company United Virtualities proposed that
marketers use cookies in the "local shared objects" file to track Web users who were deleting their HTTP cookies.
Because Flash cookies are stored in a different place in the
browser than HTTP cookies, deleting Flash cookies has historically required users to jump through more hoops than deleting HTTP cookies.
Though the Federal Trade Commission indicated last
year that it was concerned that companies were using Flash cookies to thwart users' privacy settings, the agency has yet to publicly bring any enforcement actions. Class-action attorneys moved
somewhat faster, filing lawsuits against Web companies like Specific Media, Quantcast and Clearspring for allegedly violating users' privacy with Flash cookies. Quantcast and Clearspring recently
agreed to settle the litigation, but the case against Specific Media remains pending.
No law
or regulation currently requires ad companies to allow consumers to opt out of online ad targeting, but industry self-regulatory principles have long called for companies to notify consumers about
tracking and allow them to reject it. Even without a statute mandating that companies honor consumers' no-tracking preferences, marketers and their agents should have had the common sense to
realize that using Flash cookies to trail consumers against their wishes was a very bad idea.