Quotulatiousness

August 11, 2009

Deleting your cookies doesn’t protect your privacy

Filed under: Technology — Tags: , — Nicholas @ 09:44

According to a report in Wired, there are lots of sites out there (including whitehouse.gov) who are actively circumventing the common practice and zombifying the cookies you thought you’d deleted:

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

What’s even sneakier?

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

This would be a good opportunity for Adobe (who control the Flash cookie capability) and the browser developers to get together and provide end users with enhanced capability to turn off these zombies. Probably a tiny percentage of current users ever bother to delete cookies, so it’s not like this would seriously undermine legitimate uses of cookies, but it would put a bit more control of how personal information is used back in the hands of the individual.

Of course, back here in the real world, I don’t honestly expect any such thing, but regulation is almost always the wrong answer to a given problem on the internet. But that’s what we’re likely to get . . .

4 Comments

  1. Not sure how it does it, but it seems that Google Chrome also tracks and persists your data. I usually do not use bookmarks or favorites — I get to the sites in my daily rounds by either typing in the URL or by googling for the site name. The blog “Captain Capitalism” is an example — I always go there by googling for it.

    When I google for the site in Chrome, the results page tells me how many times I have visited the site. As of today, I’m up to 119. The Google results page in IE or Firefox does not display this info, so I think this is a Chrome thing.

    I clear my “private data” daily, not that it really seems to do anything.

    Comment by Lickmuffin — August 11, 2009 @ 10:11

  2. I know that lots of sites want to track their users, but it’s a bit rich for them to pretend to let you keep your activities private, then actively screw over your attempt.

    Comment by Nicholas — August 11, 2009 @ 10:34

  3. You can try the new Google Opt-Out Village to protect your data.

    Here is a small video on Google Opt-Out Village – http://www.webguild.org/2009/08/protect-your-data-by-moving-to-the-google-opt-out-village.php?p=p2

    Joe

    Comment by Joey Martine — August 12, 2009 @ 03:03

  4. Thanks for the link, Joey. I’d missed that one. Exactly the kind of thoroughness you’d expect from them.

    Comment by Nicholas — August 12, 2009 @ 07:35

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress