Flash Cookies: The Newest, Secret Way to Invade Your Privacy

Many users periodically purge their cookies in browser settings to prevent tracking. However, the industry, with the help of Adobe Flash, has found a way to store a new kind of cookie that can't be managed by a browser. They're much bigger, up to 100 KB, and can even reconstruct conventional cookies after they've been deleted. Here's the background and how to block them.

A study at the University of California, Berkeley, released on August 10, 2009, entitled, "Flash Cookies and Privacy" revealed that many popular websites are using "Flash Cookies" to circumvent privacy practices by users with conventional cookies.

The abstract said: "We find that more than 50% of the sites in our sample are using flash cookies to store information about the user. Some are using it to 'respawn' or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking."

The research team found that Flash Cookies are preferable because they can better track a user's habits, can't be managed by a browser, and have no expiration date.

In order to manage your Flash Cookies, you must go to an Adobe Website which, in turn, interacts with Flash on your Mac or PC to set preferences. It's under the heading of "Flash Player Help" and can easily be overlooked as a page that actually manages Flash on your own computer.

For example, you can see your Flash cookies in the "Website Storage Settings Panel." it's on the upper left. Doing so, I found that I had about 160 of these Flash Cookies that I had no knowledge of.


Flas Cookies list

Website Storage Setings; Your list of Flash Cookies

You can delete them all the with "Delete all sites" button, but that doesn't prevent them from recurring. To permanently block them, you must go to "Global Storage Settings Panel."

Flash Cookies control

Global Storage Setings Panel: Block Flash Cookies

Uncheck the box that says, "Allow third-party content to store data on your computer." Note that this may reduce the functionality of Flash in the future.

There has been a lot of discussion about this practice in the last month. Not only does the practice violate the spirt of user control over cookies, but, worse, the practice has been lurking, unseen, unknown, until the UC Berkeley report.

In one instance, the researchers found a case where, "at least one site used a Flash cookie even when the user had opted out of tracking through the Network Advertising Initiative's opt-out cookie," as explained by Wendy Davis at the The Daily Online Examiner.

Clearly, some websites will use this secret technology track your habits for their own ends even if you thought you opted out and exercise what you think is due diligence with conventional cookie handling.

One has to wonder if this is yet another reason why Flash has left a bad taste in the mouth of Steve Jobs.