Lawsuit attacks Zombie Cookies – UPDATED

A legal challenge has been launched in the US against a number of websites amid claims that they were engaged in “covert surveillance” of users. The lawsuit alleges that a number of firms, including Hulu, MTV, and Myspace, used a Quantcast Flash application to restore deleted cookies…

The lawsuit says that the application was creating so-called “zombie cookies” from deleted files.

Quantcast has not responded to a BBC News request for comment.

The term “zombie cookie” was coined after the issue of traditional browser cookies being undeleted by Flash was brought to light in a 2009 paper by US researchers.

The study found that more than half of sites surveyed used flash cookies to store information about the user, with some using it to “respawn or re-instantiate cookies deleted by the user”…

However, while most browsers have simple commands to delete text cookies, Flash cookies are neither listed nor controlled by the browser…

Graham Cluley, senior technology consultant at the internet security firm Sophos, told BBC News that the source of the trouble was Adobe Flash itself, which he called “one of the weirdest programs on the planet”.

“I think it’s highly unlikely that these large companies have abused Flash cookies – which are different from browser cookies – with malicious intent,” he said. “I think it’s much more likely that the vast majority of users are simply oblivious to the bizarre way in which Adobe allows them to configure the software…”

The security settings for Flash are hosted on Adobe’s own website, rather than your own computer. …These settings are changed by logging onto Adobe’s website, right-clicking on a Flash object and selecting “Global Settings” and then adjusting the security settings via the “Global Privacy Settings” panel.

Golly gosh. Seems thoughtful and easy to me. I can come up with a spare hour or two – just to diddle with Flash cookie settings over at Adobe’s website. Every day!

UPDATE: Predictably, Adobe is a royal PITA. I went to the website and logged-in. Fortunately, I’m still registered there from days of yore.

I had to search for “Global Storage Settings” to get to anywhere I might achieve blocking this crap. I used the slider to bring available storage down to Zero and unclicked all the options – which took yet another small window to affirm I really wanted to.

I have no idea – yet – whether this worked; but, it just moves me one-click closer to the Steve Jobs camp on “Flash is useless crap”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.