Flash Cookies -- Back on the Radar

 

When Flash cookies (also known as a “Local Shared Objects”) were first flagged as a privacy issue back in 2005, a few savvy companies added a disclosure about Flash cookies into their web site privacy policies. Since then, we have not heard the issue raised again. Now this sleeper issue seems to have been awakened by a recent report by researchers at the University of California, Berkeley, entitled Flash Cookies and Privacy

Flash cookies, which utilize a little-known capability of Adobe’s Flash plug-in, are a method to store information about a user’s preferences. (Estimates suggest that Adobe’s Flash software is installed on some 98 percent of personal computers.) Flash cookies may be used to provide better functionality to the user by, for example, storing the user’s preferences about sound volume or caching a music file for smoother play-back over an unreliable network connection. Flash cookies may also be used as unique identifiers that enable advertisers to track user preferences and circumvent deletion of HTTP cookies. Because Flash cookies are stored in a different location than HTTP cookies on one’s personal computer, simply erasing HTTP cookies, clearing browser history, or deleting the cache does not remove Flash cookies.

The Flash Cookies and Privacy report found that 54 of the top 100 websites utilized Flash cookies. Some of the Flash cookies found by the researchers were used for function-improving purposes, while others were found to store unique identifiers, which could be used to track the user. Moreover, some of the Flash cookies that stored unique identifiers were used to recreate an HTTP cookie after its affirmative removal by the user (so-called “respawning”). Research also revealed that privacy policies of the top 100 websites surveyed generally did not mention the use of Flash as a tracking mechanism – indeed, only 4 polices reviewed by the study included such a disclosure.

The report is already making some waves: QuantCast, a company that measures web destinations and internet use, has said that it stopped its practice of using Flash cookies to respawn HTTP cookies after the report, which specifically named QuantCast, was released. And the timing of the report coincides with Congress and federal regulators examining behavioral advertising. 

Computer users should be aware of the presence of Flash cookies and, if desired, visit Adobe’s website to learn how to disable Flash cookies. Website operators should, as a best practice, disclose their use of Flash cookies in their privacy policies, including information about how Flash cookies are used and how users can opt out or remove them. 

Privacy Policy

The publisher of this blog (hereafter, "publishing lawyer or law firm") values the privacy of its clients and Web/blog site viewers. Any of the following personal information that may be made available to the publishing lawyer or law firm when browsing or navigating the site shall be kept confidential:

  • First and last name
  • Company, home, postal or other physical address
  • Other contact information, including but not limited to telephone number, fax number, email address, and other similar information
  • Title or position in a company or an organization
  • Occupation
  • Industry
  • Personal interests
  • Any other information needed to provide a service you requested

Examples of scenarios in which our visitors provide their personal information include, but are not limited, to:

  • Communicating - by means including but not limited to email or telephone - with the publishing lawyer or law firm.
  • Posting a question or comment through the site.
  • Requesting literature.
  • Registering to attend a seminar or event.
  • Participating in an online survey.
  • Requesting inclusion in an email or other mailing list.
  • Submitting an entry for a contest or other promotion.
  • Entering a user name and/or a password.
  • Any other business-related reason.

The publishing lawyer or law firm provides you the opportunity to agree or decline to give your personal information via the Internet. The publishing lawyer or law firm will inform you of the purpose for the collection and does not intend to transfer your personal information to third parties without your consent, except under the limited conditions described under the discussion entitled "Information Sharing and Disclosure" below. If you choose to provide us with your personal information, the publishing lawyer or law firm may communicate with you at the contact information provided and may transfer that information within the law firm or to a third party service provider as necessary.

Domain Information Collection

The publishing lawyer or law firm may collect domain information to enable it to analyze how visitors use this site. This data enables the publishing lawyer or law firm to become more familiar with which people visit the site, how often they visit, and what parts of the site they visit most frequently. The publishing lawyer or law firm uses this information to improve its Web-based offerings. This information is collected automatically and requires no action on your part.

Use of Cookies and Tracking User Traffic

Some pages on this site may use "cookies"--small files that the site places on your hard drive for identification purposes. A cookie file can contain information such as a user ID to track the pages visited, but the only personal information a cookie can contain is information you supply yourself. Cookies are used for site registration and customization the next time you visit us.

Some parts of the site may also use cookies to track user traffic patterns. The publishing lawyer or law firm does this in order to determine the usefulness of its Web site to its users and to gauge the Web site's navigability. Please note that cookies cannot read data off of your hard drive. Your Web browser may allow you to be notified when you are receiving a cookie, giving you the choice of whether to accept it. If you prefer not to receive cookies, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. However, by not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site.

Information Sharing and Disclosure

Your personal information is never shared or disclosed outside the publishing lawyer or law firm without your permission, except under conditions listed below:

  • You consent to having your information shared with a third party service provider working on our behalf to serve you.
  • You request us to provide you with a product or service.

The publishing lawyer or law firm also will disclose your personal information if required to do so by law, or in urgent circumstances to protect personal safety, the public or its sites.

Internet Security

The publishing lawyer or law firm strives to protect your personal information. However, you should take every precaution to protect your personal data when you are on the Internet. Change your passwords often and use a combination of letters and numbers.

Protecting the Privacy of Children

Children under 13 years old are not the target audience of this Web site. To protect their privacy, the publishing lawyer or law firm prohibits the solicitation of personal information from such children.

Links to Third Party Sites

This site may contain links to other sites. The publishing lawyer or law firm does not share your personal information with those Web sites and is not responsible for those sites' privacy practices. We encourage you to learn about the privacy policies of those companies.

Changes to this Privacy Policy

This policy is effective March 5, 2007 and was last revised on January 3, 2008. The publishing lawyer or law firm reserves the right to change, modify or update this policy at any time without notice. Any substantial changes in the way we use your personal information will be posted on this site.

If you have questions or concerns about this Privacy Policy, or wish to change the information the publishing lawyer or law firm has about you, please email the publishing lawyer or law firm at the contact information on this site.