• by Wendy Davis , Staff Writer @wendyndavis, January 12, 2011

In a move aimed at improving users' ability to control their online privacy, Adobe announced today that it is working with browser companies to enable users to delete Flash cookies directly from their browsers. Adobe additionally said it is planning to redesign the Flash Player to simplify privacy settings.

Adobe's announcement comes more than one year after researchers at Berkeley called attention to the use of Flash cookies to circumvent users' privacy decisions, and more than five years after ad technology company United Virtualities proposed that marketers use cookies in the "local shared objects" file to track Web users who were deleting their HTTP cookies.

Because Flash cookies are stored in a different place in the browser than HTTP cookies, deleting Flash cookies has historically required users to jump through more hoops than deleting HTTP cookies.

Though the Federal Trade Commission indicated last year that it was concerned that companies were using Flash cookies to thwart users' privacy settings, the agency has yet to publicly bring any enforcement actions. Class-action attorneys moved somewhat faster, filing lawsuits against Web companies like Specific Media, Quantcast and Clearspring for allegedly violating users' privacy with Flash cookies. Quantcast and Clearspring recently agreed to settle the litigation, but the case against Specific Media remains pending.

No law or regulation currently requires ad companies to allow consumers to opt out of online ad targeting, but industry self-regulatory principles have long called for companies to notify consumers about tracking and allow them to reject it. Even without a statute mandating that companies honor consumers' no-tracking preferences, marketers and their agents should have had the common sense to realize that using Flash cookies to trail consumers against their wishes was a very bad idea.