I posted Why flash cookies should be banned for third party advertising on the Rapleaf blog. here is a recap:
Why Flash Cookies Should Be Banned for Advertising
The ad industry, with leadership from groups like the IAB and NAI, is working hard to evolve and is gaining momentum by prioritizing transparency and privacy, spreading awareness and giving people more choice and control
over how they want to participate. As we make progress, certain
practices become obvious candidates for change and at the top of the
list today is the use of Local Shared Objects (also known as flash
cookies) for advertising.
How Flash Cookies Are Used
If you frequent sites that use flash like YouTube, you’re probably
already acquainted with flash cookies – they are responsible for storing
things like your volume preferences.
Like regular browser cookies, flash cookies are small data files that
websites create on people’s computers in an attempt to customize user
But one important difference is that flash cookies cannot be managed,
located or removed by browser options. This means that your YouTube
volume settings will remain even after you clear all your browser’s
history and stored data. This isn’t necessarily a bad thing, but the
problems arise when this capability is used for advertising.
Today, 54% of the top 100 websites
use flash cookies in some way and in the most extreme case, flash
cookies are used to track web browsing behavior or even re-populate
normal advertising cookies that have been deleted.
While people can control regular cookie settings within their
browser, there are only a few obscure options to manage flash cookies,
including the Adobe flash settings sites, from the Flash Cookie Cleaner program, and this Firebox browser plugin.
Troubling Characteristics of Flash cookies
Here’s a more comprehensive list of information. Unlike regular cookies, flash cookies:
- Never expire
- Can store 25x as much as a normal browser cookie (100 KB vs 4
KB) and send data to third-party servers without permission
- Can re-populate browser cookies that have been deleted
- Can access and store specific personal and technical information (such as system info, user names, and more)
- Can exist and store data even without visible flash applications
- Cannot be easily traced back to their sources, making it
difficult to find out which sites are actually doing the tracking
What Should Be Done?
Flash cookies need to be banned for advertising, third party
applications, and tracking until some effective package of the following
is achieved (if it can be achieved):
- Strict guidelines concerning use
- Transparency about where they’re used and who uses them
- Effective tools to manage privacy and participation
Regular browser cookies aren’t perfect either – information within
them needs to be properly anonymized. But we believe regular cookies
are the best way to protect consumers, give them control, and give them a
personalizable experience (that’s why we’re investing engineering time
and money in our anonymizing technology).
A great amount of time, commitment, and money is going into our
industry’s movement towards increased transparency and control for
people. In order for the industry to continue to moving forward, let’s
stop the use of flash cookies quickly.