Beware of Flash (eating) Zombies

shaunofthedea_wideweb__430x280

Don’t look now, but the Flash Zombies are after you.

This week privacy attorney Joseph Malley filed his third lawsuit against major media sites and their ad firms, accusing them of using Flash cookies to illegally collect information about visitors to their Web sites.

Malley’s defendants aren’t exactly Joe Blow — they’re deep-pocketed media companies like ABC, NBC, Disney, and MTV, as well as their repective advertising partners (Quantcast, Clearspring, Specificmedia). All of them use a feature built into Adobe Flash that can set cookies when you load a Flash media file into your browser (which, these days, happens almost any time you view a page with a video ad).

Unlike normal cookies, Flash cookies can "respawn," even after you think you’ve cleared a Web site’s cookies from your machine. That’s why they’re called "zombies" — they come back from the dead to eat brains.

Per Wired.com’s Ryan Singel:

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not….

QuantCast was using the same user ID in its HTML and Flash cookies, and when a user got rid of the former, Quantcast would reach into the Flash storage bin, retrieve the user’s old number and reapply it so the customer’s browsing history around the net would not be cut off.

After Berkeley researcher Ashkan Soltani published a report detailing the use of Flash cookies on the world’s biggest Web sites, Quantcast says it discontinued the use of them, though that wasn’t enough to keep it from getting sued.

Unlike normal browser cookies, which max out at 4K, flash cookies can store up to 100K of information. That’s enough for about 30 pages of single- spaced plain text.

Most of the time, Flash cookies contain extremely basic info — like an ID number that tells a Web site you’ve been there before, or your preferred volume settings for a video. Sometimes they can store a lot more, like cached media or information that can be used to track you as you go from site to site across the InterWebs.

And that’s where Malley’s suit comes in. He’s accusing these sites of illegally storing information without informing consumers they were doing so.

What’s wrong with tracking people across the Web? Nothing — if you ask advertisers.

The advertisers say that a) they collect this data anonymously, and b) can use it to deliver more targeted (and thus more "interesting") ads. So if you’re shopping for a car on say Edmunds.com, and you visit another site that uses the same ad network, it can show you ads for cars there too, even if the site has nothing to do with automobiles, because it knows where you’ve been and what you’ve done. Ad companies can also attach other values to your cookie — like, say, you’re interested in sports, or you buy a lot of flowers, or you really like watching videos of cats singing opera.

Of course, to many people, the idea of anything following you across the Web, even anonymously, is just creepy.

Imagine a tiny man in a trenchcoat and a porkpie hat following you as you spend a busy day — going to the bank, getting a haircut, wandering through the mall, stopping by your local for a cold one, etc. The little man doesn’t say a word, but every time you reach someplace new he takes out a stubby little pencil and jots down the address in his notebook.

Of course, he doesn’t know your name, so everything’s OK, right? Later you get coupons for haircuts and beer in the mail.

You can control Flash cookies, kinda/sorta. Adobe provides a Web page that uses a Flash plug in (naturally) where you can turn these cookies on or off, control how much storage they use, and delete specific cookies. Good luck figuring out how to use it.

Just what we needed: Another Internet privacy threat to worry about. I guess this must be the year for them.

Do you worry about Flash cookies? What privacy threats really bother you? Post your hopes and fears below or email me: dan@dantynan.com.

This post appeared originally on InfoWorld.

Shaun of the Dead zombies found on Nerve.com.

3 Responses to “Beware of Flash (eating) Zombies”

  1. on 02 Sep 2010 at 7:26 pm joe malley

    https://nodpi.org/forum/index.php/topic,3000.15.html

  2. [...] your surfing habits. If you don’t know the issue about flash lately, here’s a worthy read Beware of Flash Zombies or a lawsuit filed by privacy attorney Joseph Malley.  Most people aren’t aware [...]

  3. on 18 Apr 2011 at 12:09 pm Flagyl no rx

    If you’re still on the fence: grab your favorite earphones, head down to a Best Buy and ask to plug them into a Zune then an iPod and see which one sounds better to you, and which interface makes you smile more. Then you’ll know which is right for you.

Trackback URI | Comments RSS

Leave a Reply