Web sites are embedding bugs into your computer that track you even after you have cleared your browser's privacy settings.
These bugs are called Flash Cookies, or Local Shared Objects. Web sites use them to track you because they know that most people don't know about them and that they can track you even after you have cleared your privacy settings.
Web sites that use Flash cookies to bypass users' cookie privacy settings should be publicly flogged.
Examples of sites that use Flash cookies to remember your personal data even after you clear your cookies and privacy settings:
The Electronic Privacy Information Center has a good page of information on Flash cookies:
Recently, users have become more vigilant in purging cookies from their computers. According to a Jupiter Research study, 58% of online users have deleted cookies from their computer and 39% of users do so on a monthly basis. This regular "cookie tossing" is causing direct marketers to see more invasive methods to track individuals. One of those methods is to set a "Local Shared Object," also known as a "Flash cookie" to track individuals. Simply put, the idea behind this tracking is to set two cookies on the user's machine--a standard cookie that the consumer may erase, and a second Flash cookie that the user probably will keep, because the existence of Flash cookies is not well known....
This practice is highly deceptive. By deleting cookies, consumers are clearly rejecting attempts to track them. Using an obscure technology to subvert these wishes is a practice that should be stopped. Cookies have many beneficial purposes and can make the end user's web experience better. Websites should be honest and up front about how they use cookies, and they should respect the decisions of those users who do not want to be tracked via cookies.
VistaPrint's privacy policy admits that they use Flash cookies, and says:
If you have Macromedia Flash installed on your computer, we will also use a file called a Flash Object to store your unique customer code and record locater on your computer. Unless deactivated by you, the Flash Object provides us with a backup method for recognizing you in the event that we are unable to identify your cookies.
In other words, it bypasses your choice to clear browser cookies and tracks you regardless of whether you have turned on your browser's privacy settings.
One of the core problems is that browsers do not clear Flash cookies at the same time the user clears other browser cookies.
For information about where your Flash cookies are stored, see this Wikipedia page. It has good criticisms of Flash cookies:
Flash Player uses a sandbox security model, but, contrary to some definitions, the application does not ask the user's permission to store data on his hard disk. This may constitute a collection of cookie-like data that may include not only user-tracking information but any personal data that the user has entered in any Flash-enabled application, whether it be stand-alone or Web-based.
Consumers often see cookies as an invasion of privacy and resent having them loaded into their computers without permission. While we have learned to delete traditional cookies, most are unaware of LSOs, and don't know how to disable them. Users who delete traditional cookies may find those cookies resurrected because of Adobe/Macromedia's LSOs. Since LSOs, unlike traditional cookies, have no expiration dates, the information resurrected in those cookies may persist indefinitely.
There is a Firefox extension called Objection that allows you to clear Flash cookies. It shouldn't be a separate step though; Firefox should clear Flash cookies when it clears your regular cookies. I found that it cleared the Flash cookies out of my ~/.macromedia/Flash_Player/#SharedObjects/ directory (Ubuntu Gutsy), but that when I visited Macromedia's Flash cookie manager (below), the cookies were still detected on my computer. The Objection extension apparently isn't clearing all of the history/cookie data.
Another useful Firefox extension for managing Flash is Flashblock which blocks all Flash by default, with the option to enable it in specific cases.
If you want to destroy all Flash cookies on your computer and prevent new ones from being created, go to this page which is Macromedia's Flash control panel. You can manage your Flash settings from that Web page. A full tutorial is here.
After you have blocked Flash cookies, you will be presented with the option to reject them whenever a Flash movie tries to set them:
Obviously, Web sites should not be trying to bypass their visitors' privacy settings.
The ability to clear Flash cookies along with regular Web cookies is something that should be built into browsers. The default setting in browsers should be to delete Flash cookies whenever the browser is shut down.
Did you find this post helpful? Leave a comment below, and subscribe to my RSS feed.
My site is worth $36813.90.
Make an offer
"Vista is at best mildly annoying and at worst makes you want to rush to Redmond, Wash. and rip somebody's liver out."
— Forbes.com
Let Dell know that you want pre-installed Linux by voting at Dell Idea Storm
