When Flash cookies (also known as a “Local Shared Objects”) were first flagged as a privacy issue back in 2005, a few savvy companies added a disclosure about Flash cookies into their web site privacy policies. Since then, we have not heard the issue raised again. Now this sleeper issue seems to have been awakened by a recent report by researchers at the University of California, Berkeley, entitled Flash Cookies and Privacy.
Flash cookies, which utilize a little-known capability of Adobe’s Flash plug-in, are a method to store information about a user’s preferences. (Estimates suggest that Adobe’s Flash software is installed on some 98 percent of personal computers.) Flash cookies may be used to provide better functionality to the user by, for example, storing the user’s preferences about sound volume or caching a music file for smoother play-back over an unreliable network connection. Flash cookies may also be used as unique identifiers that enable advertisers to track user preferences and circumvent deletion of HTTP cookies. Because Flash cookies are stored in a different location than HTTP cookies on one’s personal computer, simply erasing HTTP cookies, clearing browser history, or deleting the cache does not remove Flash cookies.