Flash Cookies – a taster

Readers of Datonomy, more than most, may well already be aware of the characteristics and usage of Flash cookies. For those who aren’t, here’s a quick introduction:

Cookies (whether traditional HTTP cookies or Flash cookies) are used for authenticating, session tracking and remembering specific information about website users, such as site preferences or the contents of their electronic shopping carts. Many people choose to delete HTTP cookies by altering privacy settings on their computer and clearing their web history. In fact, several studies have found that over 30% of users delete first party HTTP cookies once a month. In 2005, United Virtualities (an online advertising company) developed a backup ID system for cookies that were being set up by websites, ad networks and advertisers but increasingly deleted by users. This was called a Persistent Identification Element (PIE) and this was used to create a feature in Adobe’s Flash Player known as Local Shared Objects or “Flash cookies”.

Flash cookies have several characteristics that lead to more persistence than standard HTTP cookies:

  1. they can contain up to 100KB of information by default, whereas HTTP cookies only store 4KB;
  2. they do not have expiry dates by default, whereas HTTP cookies expire at the end of a session unless programmed to live longer by the domain setting the cookie; and
  3. they are stored in a different location to HTTP cookies, so users may not know what files to delete in order to eliminate them.

Unsurprisingly, being a more resilient technology for tracking than HTTP cookies, they have become popular tools for website operators. However, their use creates an area of uncertainty for user privacy control. Erasing HTTP cookies, clearing history, erasing the cache, or choosing a delete private data option within the browser does not affect Flash cookies. Even the “Private Browsing” mode recently added to most browsers such as Internet Explorer 8 and Firefox 3 still allow Flash cookies to operate fully and track the user.

Tomorrow, I will post on the use of Flash cookies and the position under UK law.

With thanks to Sophie Lalor-Harbord.

Leave a Reply

Your email address will not be published. Required fields are marked *