I posted Why flash cookies should be banned for third party advertising on the Rapleaf blog. here is a recap:
The ad industry, with leadership from groups like the IAB and NAI, is working hard to evolve and is gaining momentum by prioritizing transparency and privacy, spreading awareness and giving people more choice and control over how they want to participate. As we make progress, certain practices become obvious candidates for change and at the top of the list today is the use of Local Shared Objects (also known as flash cookies) for advertising.
How Flash Cookies Are Used
If you frequent sites that use flash like YouTube, you’re probably already acquainted with flash cookies – they are responsible for storing things like your volume preferences.
Like regular browser cookies, flash cookies are small data files that websites create on people’s computers in an attempt to customize user experiences.
But one important difference is that flash cookies cannot be managed, located or removed by browser options. This means that your YouTube volume settings will remain even after you clear all your browser’s history and stored data. This isn’t necessarily a bad thing, but the problems arise when this capability is used for advertising.
Today, 54% of the top 100 websites use flash cookies in some way and in the most extreme case, flash cookies are used to track web browsing behavior or even re-populate normal advertising cookies that have been deleted.
While people can control regular cookie settings within their browser, there are only a few obscure options to manage flash cookies, including the Adobe flash settings sites, from the Flash Cookie Cleaner program, and this Firebox browser plugin.
Troubling Characteristics of Flash cookies
Here’s a more comprehensive list of information. Unlike regular cookies, flash cookies:
- Never expire
- Can store 25x as much as a normal browser cookie (100 KB vs 4 KB) and send data to third-party servers without permission
- Can re-populate browser cookies that have been deleted
- Can access and store specific personal and technical information (such as system info, user names, and more)
- Can exist and store data even without visible flash applications
- Cannot be easily traced back to their sources, making it difficult to find out which sites are actually doing the tracking
What Should Be Done?
Flash cookies need to be banned for advertising, third party applications, and tracking until some effective package of the following is achieved (if it can be achieved):
- Strict guidelines concerning use
- Transparency about where they’re used and who uses them
- Effective tools to manage privacy and participation
Regular browser cookies aren’t perfect either – information within them needs to be properly anonymized. But we believe regular cookies are the best way to protect consumers, give them control, and give them a personalizable experience (that’s why we’re investing engineering time and money in our anonymizing technology).
A great amount of time, commitment, and money is going into our industry’s movement towards increased transparency and control for people. In order for the industry to continue to moving forward, let’s stop the use of flash cookies quickly.