homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

'Flash Cookies' Anti Hacking Lawsuit Is Thrown Out, But Questions Remain Over Deceptive Tactics

 5:43 pm on Aug 19, 2011 (gmt 0)

'Flash Cookies' Lawsuit Is Thrown Out [paidcontent.org]
The Federal Trade Commission is concerned about the state of online privacy, but the agency doesn’t believe it has the legal authority—yet—to take action against unwanted online tracking. Some internet lawyers, however, believe that existing law allows them to take action to punish trackers in court right now. Those crusades have met with little success, however, and would-be privacy plaintiffs won’t take much comfort from a recent ruling against the online marketing company interclick made clear.

When an internet user deletes his or her cookies, it’s often to inhibit online tracking. But some services—including, allegedly, interclick—use so-called “Flash cookies” to re-spawn the HTTP cookie. That is, they take data stored by Adobe’s Flash player and use it to slip a cookie back into the same computer that the user just deleted it from.

The judge threw out the anti-hacking claim entirely, saying that Bose didn’t suffer any real damage to her computer because of Flash cookies. The claim over deceptive business acts was left in against interclick but thrown out against the corporations that did business with it; the tresspass claim against interclick was left in.

Stealthy 'Supercookies' [online.wsj.com]

Major websites such as MSN.com and Hulu.com have been tracking people's online activities using powerful new methods that are almost impossible for computer users to detect, new research shows.

The new techniques, which are legal, reach beyond the traditional "cookie," a small file that websites routinely install on users' computers to help track their activities online. Hulu and MSN were installing files known as "supercookies," which are capable of re-creating users' profiles after people deleted regular cookies, according to researchers at Stanford University and University of California at Berkeley.

Websites and advertisers have faced strong criticism for collecting and selling personal data about computer users without their knowledge, and a half-dozen privacy bills have been introduced on Capitol Hill this year.

Privacy used to be an easier thing to handle. It seems it's all getting far more complex, and tracking is going on whether you know it or not.



 7:08 pm on Aug 19, 2011 (gmt 0)

I was always against blocking ads - now I am running adblock plus. And not even feeling bad about it. Google, Facebook and the likes have overdone it. You can kick a donkey every day, but one day it will kick back.

I now enjoy the web without ads - and if websites go out of business because to many people block the ads I do not give a damn. If your business only survives because you are violating peoples privacy and breaking privacy laws - then it was a business model that did not deserve to survive in the first place.


 10:26 pm on Aug 19, 2011 (gmt 0)

I think the solution here is the same as it always is. Knowledge. Viruses and Trojans can only be defeated with knowledge.

I recall a remark posted somewhere on this forum, in a thread about the new HTML5, stating that there are quite a few new places to store such data on a users computer.

Just exactly where are all these new locations in the users OS, where such code is stored? How can I get to it through the GUI ? Does anybody make software to help me find and deal with it ?

It would be nice if knowledgable people began addressing and publishing such details (Sorry peeps, I'm not one of them ;)


 11:31 pm on Aug 19, 2011 (gmt 0)

Just did a site search ( I love doing site searches on webmasterworld, because I always, always, find what I'm looking for !) using term "html 5 cookies" (no quotes).

I found the thread
and this one posted by Tangor just a few days ago
and relearned some new terms "Web Storage API", "HTML5 local storage", "everlast tracking", "forever cookie", and found some good answers, already posted, to my question/suggestion about users needing to learn more and having software and GUI access to this new 'super cookie' stuff.

Best of all, up popped an amazing coincidence. Exactly 2 years ago to the day (August 19 2009 !) member Tangor started this thread-
[webmasterworld.com ]
which is chockfull of info.
-from swa66 and jdMorgan - use 'Better Privacy' plug-in on Firefox
-from RonPK
"I now wipe Flash cookies every day with a scheduled .bat script."

- and from true_INFP, whom I quote in full
Any Flash user (including IE users) can prevent Flash from storing anything (including cookies) by using the Flash Settings Manager, which can be invoked, for example, by visiting:
Likewise, to delete existing Flash cookies, visit e.g.:
The "screenshots" that you will see on those pages are actually not images. They are the actual Flash Settings Manager pages.

- Finally Leosghost, always one of the most knowlegable and helpfull people on this forum (turning me on to 'XNview' - thanx again LG ! ), was feeling cranky 2 days later on August 21 2009, weighing in with
Its like "stick shift" and "auto" if you can only drive "auto" ..you shouldnt be on the road ..



 12:44 am on Aug 20, 2011 (gmt 0)

OK, this is getting too common. I finally did this:

ln -s /dev/null .macromedia

On Linux, that simply discards any settings it tries to store. Something similar should work on MacOS.

It does not seem to break anything. My only potential problem is that there is one game I occasionally play that requires hardware acceleration to be off (otherwise its slow!).


 7:56 am on Aug 20, 2011 (gmt 0)

All of these developments shine more light on the absurdity of the recent EU "cookie laws".


 9:15 am on Aug 20, 2011 (gmt 0)

All of these developments shine more light on the absurdity of the recent EU "cookie laws".

It isn't absurd but necessary in my opinion. Do not forget it is only called "cookie directive" but actually effects all tracking methods.

I too thought until a few month back - the EU "cookie direktive" is absurd. After all browsers already allow you to take effective control of cookies. But then I learned about "evercookies" and other means of tracing users and now I think it is a very necessary peace of legislation.


 9:32 am on Aug 20, 2011 (gmt 0)

Its necessary, but should only apply to cross site tracking, not to all tracking.


 1:20 pm on Aug 20, 2011 (gmt 0)

While I do think websites should respect users and not track them when they don't want to, I personally can't be bothered. After all, they track you to show you particular advertising, and I've been using ad-blocking since ages. I never see the ads they are targeting towards my profiles.


 3:05 pm on Aug 20, 2011 (gmt 0)

Cookies are out of hand! I've been surfing with "Accept Cookies from Sites - Ask Me Every Time" for about 2+ years now. You can never fully understand how out of hand this is until you surf in that mode. Some sites don't like it when you block cookies either. Many sites don't display properly unless you accept the cookie and/or reload the page without cookies. I think some sites are unintentionally blocking the bots due to improper cookie use.


 7:17 am on Aug 21, 2011 (gmt 0)

The title of this thread is misleading. The suit was not "thrown out"... only parts of it;

The claim over deceptive business acts was left in against interclick but thrown out against the corporations that did business with it; the trespass claim against interclick was left in.

The actions these companies take to use hidden / system files like ".SOL" Flash Local Stored Objects for tracking purposes is entirely deceptive and bypasses all consumer controls for protecting their privacy -- and is done for monetary gain.

The recent AOL / BrightCover / ScanScout suit filed in Massachusetts (a Federal class action court case), shows how far the companies can and will go to -- that cases involved online tracking and ties to the offline use of a consumer's credit card and store loyalty card purchases.

(from a 47 page, 170 point complaint filed last month)

9. Defendants wanted to ensure they could track Plaintiff, regardless of her browser controls, so they simply worked around them. Defendants commandeered Plaintiff’s computer, repurposing its software and using her computer storage and her Internet connection to bypass her browser controls. Defendants created a shadow tracking system on her computer, effectively
decommissioning the browser cookie controls she had explicitly set. Defendants did so repeatedly, for years, for a significant part of Plaintiff’s Web-browsing, and did likewise to millions of
consumers, for years.
94. Last summer, Plaintiff bought chair pads for her kitchen chairs while shopping at a large chain grocery store. At a self-service checkout kiosk, she swiped her store loyalty card and paid for the chair pads with a credit card and also swiped her store loyalty card. Shortly after Plaintiff returned home with her purchase, she checked her e-mail. She was very surprised to receive a Web-enabled e-mail message containing an advertisement from an online merchant for
the same chair pads she had just bought.

95. Plaintiff subsequently discovered that, despite her use of browser controls, Defendants
had been tracking her online activities and had stored a number of files on her computer.

96. The files Defendants stored on her computer were not browser cookies. They were Adobe Flash Local Stored Objects (LSOs).
137. The means by which Defendants obtained such information, and the reasons Defendants engaged in its campaign to circumvent user deletion of cookies demonstrate the confidential character of such information and users’ efforts to protect it.


This isn't about "cookies" -- and to say a case was "thrown out" is adding to the type jibber-jabber judges need to weed through to figure out the technical implications of what greedy corporations like AOL do to consumers.

AOL and it's "Patch.com" property have recently inked a partnership with American Express for "local deals" (they want to get some of the groupon like ad revenue)... Patch's TOS will permit AOL and AMEX to share your info -- so next time you get denied a car loan or get charged a higher credit card rate it could be because you watched a Huffington Post, Dailyfinance.com, Patch.com or other AOL content news video about foreclosure or bankruptcy -- and the flash based video placed an .SOL file in a hidden directory on your computer and the "partners" shared the info.


 6:31 pm on Aug 21, 2011 (gmt 0)

The Firefox addon Ghostery blocks these types of flash cookies.


 8:03 pm on Aug 21, 2011 (gmt 0)

For those who don't know how to find these Flash cookies on their computer there is "Flash Cookie cleaner" (freeware)

A tiny software program that with 1 click tells you how many cookies you have stored, with 2 clicks, who they are from and 3 clicks to delete all.

(I'm just a user, no affiliation with the program)


 1:53 am on Aug 22, 2011 (gmt 0)

Why bother cleaning them? Block them altogether. I have yet to come across a site that breaks without them, or that has a legitimate reason for using them.


 4:41 am on Aug 22, 2011 (gmt 0)

Why bother cleaning them? Block them altogether.

Ok, how?

I went to: [macromedia.com...]

Which appears to be an online tool to set global storage settings for Flash and to deny all "common objects", etc.. (I set everything I could find attempting to stop any .SOL files from being written to my hard drive)...

Then I visited a couple flash based sites and got a couple new .SOL files.


 5:07 am on Aug 22, 2011 (gmt 0)

Did you untick "allow third party ...."? That should work, but you may also need to go to website storage settings and "delete all sites".

The /dev/null trick above is for Linux (should work on MacOS. although I cannot test that), but recent versions of Windows have symbolic links and a nul file (called NUL) so you might be able to adapt it.


 1:46 pm on Aug 22, 2011 (gmt 0)

Did you untick "allow third party ...."?

Yes, I; unticked, "slid left", and deleted everything -- basically used every option of the online tool to try to prevent *.SOL, but no luck.

I'm usually using FireFox on a WINXP machine, (also have every other browser installed too, but daily use is FF).

To the best of my knowledge, there is no way to stop Flash from placing SOL files on your hard-drive.

I hope browser developers address this issue, and Adobe modifies Flash itself to allow people to run Flash without requiring "settings.sol" or other Local Stored Objects at all.

An obvious fix would be;

1). At Flash install, a toxic looking warning screen advises about 3rd parties' nefarious use of SOL files and Flash setup has a "[
X] Do not store any local objects." check box, and;

2). If user ckecks off above setting, Flash defaults to common settings without the need of "settings.sol" and no other SOL files are created.

Local Stored Objects are a gaping user privacy / security hole in Adobe Flash.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved