Flash cookies have several characteristics that lead to more persistence than standard HTTP cookies:
- they can contain up to 100KB of information by default, whereas HTTP cookies only store 4KB;
- they do not have expiry dates by default, whereas HTTP cookies expire at the end of a session unless programmed to live longer by the domain setting the cookie; and
- they are stored in a different location to HTTP cookies, so users may not know what files to delete in order to eliminate them.
Unsurprisingly, being a more resilient technology for tracking than HTTP cookies, they have become popular tools for website operators. However, their use creates an area of uncertainty for user privacy control. Erasing HTTP cookies, clearing history, erasing the cache, or choosing a delete private data option within the browser does not affect Flash cookies. Even the “Private Browsing” mode recently added to most browsers such as Internet Explorer 8 and Firefox 3 still allow Flash cookies to operate fully and track the user.
Tomorrow, I will post on the use of Flash cookies and the position under UK law.
With thanks to Sophie Lalor-Harbord.